cbac 0.3.1 → 0.5.1

data/Manifest

@@ -1,44 +1,60 @@
-Manifest
-README.rdoc
-Rakefile
-cbac.gemspec
-generators/cbac/USAGE
-generators/cbac/cbac_generator.rb
-generators/cbac/templates/config/context_roles.rb
-generators/cbac/templates/config/privileges.rb
-generators/cbac/templates/controllers/generic_roles_controller.rb
-generators/cbac/templates/controllers/memberships_controller.rb
-generators/cbac/templates/controllers/permissions_controller.rb
-generators/cbac/templates/fixtures/cbac_generic_roles.yml
-generators/cbac/templates/fixtures/cbac_memberships.yml
-generators/cbac/templates/fixtures/cbac_permissions.yml
-generators/cbac/templates/migrate/create_cbac.rb
-generators/cbac/templates/stylesheets/cbac.css
-generators/cbac/templates/views/generic_roles/index.html.erb
-generators/cbac/templates/views/layouts/cbac.html.erb
-generators/cbac/templates/views/memberships/_update.html.erb
-generators/cbac/templates/views/memberships/index.html.erb
-generators/cbac/templates/views/permissions/_update_context_role.html.erb
-generators/cbac/templates/views/permissions/_update_generic_role.html.erb
-generators/cbac/templates/views/permissions/index.html.erb
-init.rb
-lib/cbac.rb
-lib/cbac/config.rb
-lib/cbac/context_role.rb
-lib/cbac/generic_role.rb
-lib/cbac/membership.rb
-lib/cbac/permission.rb
-lib/cbac/privilege.rb
-lib/cbac/privilege_set.rb
-lib/cbac/privilege_set_record.rb
-lib/cbac/setup.rb
-tasks/cbac.rake
-test/fixtures/cbac_generic_roles.yml
-test/fixtures/cbac_memberships.yml
-test/fixtures/cbac_permissions.yml
-test/fixtures/cbac_privilege_set.yml
-test/test_cbac_authorize_context_roles.rb
-test/test_cbac_authorize_generic_roles.rb
-test/test_cbac_context_role.rb
-test/test_cbac_privilege.rb
-test/test_cbac_privilege_set.rb
+Manifest
+README.rdoc
+Rakefile
+cbac.gemspec
+generators/cbac/USAGE
+generators/cbac/cbac_generator.rb
+generators/cbac/templates/config/cbac.pristine
+generators/cbac/templates/config/context_roles.rb
+generators/cbac/templates/config/privileges.rb
+generators/cbac/templates/controllers/generic_roles_controller.rb
+generators/cbac/templates/controllers/memberships_controller.rb
+generators/cbac/templates/controllers/permissions_controller.rb
+generators/cbac/templates/controllers/upgrade_controller.rb
+generators/cbac/templates/fixtures/cbac_generic_roles.yml
+generators/cbac/templates/fixtures/cbac_memberships.yml
+generators/cbac/templates/fixtures/cbac_permissions.yml
+generators/cbac/templates/migrate/create_cbac_from_scratch.rb
+generators/cbac/templates/migrate/create_cbac_upgrade_path.rb
+generators/cbac/templates/stylesheets/cbac.css
+generators/cbac/templates/tasks/cbac.rake
+generators/cbac/templates/views/generic_roles/index.html.erb
+generators/cbac/templates/views/layouts/cbac.html.erb
+generators/cbac/templates/views/memberships/_update.html.erb
+generators/cbac/templates/views/memberships/index.html.erb
+generators/cbac/templates/views/permissions/_update_context_role.html.erb
+generators/cbac/templates/views/permissions/_update_generic_role.html.erb
+generators/cbac/templates/views/permissions/index.html.erb
+generators/cbac/templates/views/upgrade/index.html.erb
+init.rb
+lib/cbac.rb
+lib/cbac/cbac_pristine/pristine.rb
+lib/cbac/cbac_pristine/pristine_file.rb
+lib/cbac/cbac_pristine/pristine_permission.rb
+lib/cbac/cbac_pristine/pristine_role.rb
+lib/cbac/config.rb
+lib/cbac/context_role.rb
+lib/cbac/generic_role.rb
+lib/cbac/known_permission.rb
+lib/cbac/membership.rb
+lib/cbac/permission.rb
+lib/cbac/privilege.rb
+lib/cbac/privilege_set.rb
+lib/cbac/privilege_set_record.rb
+lib/cbac/setup.rb
+spec/cbac_pristine_file_spec.rb
+spec/cbac_pristine_permission_spec.rb
+spec/cbac_pristine_role_spec.rb
+spec/rcov.opts
+spec/spec.opts
+spec/spec_helper.rb
+tasks/cbac.rake
+test/fixtures/cbac_generic_roles.yml
+test/fixtures/cbac_memberships.yml
+test/fixtures/cbac_permissions.yml
+test/fixtures/cbac_privilege_set.yml
+test/test_cbac_authorize_context_roles.rb
+test/test_cbac_authorize_generic_roles.rb
+test/test_cbac_context_role.rb
+test/test_cbac_privilege.rb
+test/test_cbac_privilege_set.rb

data/Rakefile

@@ -24,12 +24,12 @@ Rake::RDocTask.new(:rdoc) do |rdoc|
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
 
-Echoe.new('cbac', '0.3.1') do |p|
+Echoe.new('cbac', '0.5.1') do |p|
   p.summary        = "CBAC - Simple authorization system for Rails applications."
   p.description    = "Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication."
   p.url            = "http://cbac.rubyforge.org"
   p.author         = "Bert Meerman"
-  p.email          = "b.meerman@ogd.nl"
+  p.email          = "bertm@rubyforge.org"
   p.ignore_pattern = []
   p.development_dependencies = []
 end

data/cbac.gemspec

@@ -1,31 +1,31 @@
-# -*- encoding: utf-8 -*-
-
-Gem::Specification.new do |s|
-  s.name = %q{cbac}
-  s.version = "0.3.1"
-
-  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Bert Meerman"]
-  s.date = %q{2010-02-05}
-  s.description = %q{Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication.}
-  s.email = %q{b.meerman@ogd.nl}
-  s.extra_rdoc_files = ["README.rdoc", "lib/cbac.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "tasks/cbac.rake"]
-  s.files = ["Manifest", "README.rdoc", "Rakefile", "cbac.gemspec", "generators/cbac/USAGE", "generators/cbac/cbac_generator.rb", "generators/cbac/templates/config/context_roles.rb", "generators/cbac/templates/config/privileges.rb", "generators/cbac/templates/controllers/generic_roles_controller.rb", "generators/cbac/templates/controllers/memberships_controller.rb", "generators/cbac/templates/controllers/permissions_controller.rb", "generators/cbac/templates/fixtures/cbac_generic_roles.yml", "generators/cbac/templates/fixtures/cbac_memberships.yml", "generators/cbac/templates/fixtures/cbac_permissions.yml", "generators/cbac/templates/migrate/create_cbac.rb", "generators/cbac/templates/stylesheets/cbac.css", "generators/cbac/templates/views/generic_roles/index.html.erb", "generators/cbac/templates/views/layouts/cbac.html.erb", "generators/cbac/templates/views/memberships/_update.html.erb", "generators/cbac/templates/views/memberships/index.html.erb", "generators/cbac/templates/views/permissions/_update_context_role.html.erb", "generators/cbac/templates/views/permissions/_update_generic_role.html.erb", "generators/cbac/templates/views/permissions/index.html.erb", "init.rb", "lib/cbac.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "tasks/cbac.rake", "test/fixtures/cbac_generic_roles.yml", "test/fixtures/cbac_memberships.yml", "test/fixtures/cbac_permissions.yml", "test/fixtures/cbac_privilege_set.yml", "test/test_cbac_authorize_context_roles.rb", "test/test_cbac_authorize_generic_roles.rb", "test/test_cbac_context_role.rb", "test/test_cbac_privilege.rb", "test/test_cbac_privilege_set.rb"]
-  s.homepage = %q{http://cbac.rubyforge.org}
-  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Cbac", "--main", "README.rdoc"]
-  s.require_paths = ["lib"]
-  s.rubyforge_project = %q{cbac}
-  s.rubygems_version = %q{1.3.5}
-  s.summary = %q{CBAC - Simple authorization system for Rails applications.}
-  s.test_files = ["test/test_cbac_authorize_context_roles.rb", "test/test_cbac_authorize_generic_roles.rb", "test/test_cbac_context_role.rb", "test/test_cbac_privilege.rb", "test/test_cbac_privilege_set.rb"]
-
-  if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 3
-
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-    else
-    end
-  else
-  end
-end
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{cbac}
+  s.version = "0.5.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Bert Meerman"]
+  s.date = %q{2010-07-15}
+  s.description = %q{Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication.}
+  s.email = %q{bertm@rubyforge.org}
+  s.extra_rdoc_files = ["README.rdoc", "lib/cbac.rb", "lib/cbac/cbac_pristine/pristine.rb", "lib/cbac/cbac_pristine/pristine_file.rb", "lib/cbac/cbac_pristine/pristine_permission.rb", "lib/cbac/cbac_pristine/pristine_role.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/known_permission.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "tasks/cbac.rake"]
+  s.files = ["Manifest", "README.rdoc", "Rakefile", "cbac.gemspec", "generators/cbac/USAGE", "generators/cbac/cbac_generator.rb", "generators/cbac/templates/config/cbac.pristine", "generators/cbac/templates/config/context_roles.rb", "generators/cbac/templates/config/privileges.rb", "generators/cbac/templates/controllers/generic_roles_controller.rb", "generators/cbac/templates/controllers/memberships_controller.rb", "generators/cbac/templates/controllers/permissions_controller.rb", "generators/cbac/templates/controllers/upgrade_controller.rb", "generators/cbac/templates/fixtures/cbac_generic_roles.yml", "generators/cbac/templates/fixtures/cbac_memberships.yml", "generators/cbac/templates/fixtures/cbac_permissions.yml", "generators/cbac/templates/migrate/create_cbac_from_scratch.rb", "generators/cbac/templates/migrate/create_cbac_upgrade_path.rb", "generators/cbac/templates/stylesheets/cbac.css", "generators/cbac/templates/tasks/cbac.rake", "generators/cbac/templates/views/generic_roles/index.html.erb", "generators/cbac/templates/views/layouts/cbac.html.erb", "generators/cbac/templates/views/memberships/_update.html.erb", "generators/cbac/templates/views/memberships/index.html.erb", "generators/cbac/templates/views/permissions/_update_context_role.html.erb", "generators/cbac/templates/views/permissions/_update_generic_role.html.erb", "generators/cbac/templates/views/permissions/index.html.erb", "generators/cbac/templates/views/upgrade/index.html.erb", "init.rb", "lib/cbac.rb", "lib/cbac/cbac_pristine/pristine.rb", "lib/cbac/cbac_pristine/pristine_file.rb", "lib/cbac/cbac_pristine/pristine_permission.rb", "lib/cbac/cbac_pristine/pristine_role.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/known_permission.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "spec/cbac_pristine_file_spec.rb", "spec/cbac_pristine_permission_spec.rb", "spec/cbac_pristine_role_spec.rb", "spec/rcov.opts", "spec/spec.opts", "spec/spec_helper.rb", "tasks/cbac.rake", "test/fixtures/cbac_generic_roles.yml", "test/fixtures/cbac_memberships.yml", "test/fixtures/cbac_permissions.yml", "test/fixtures/cbac_privilege_set.yml", "test/test_cbac_authorize_context_roles.rb", "test/test_cbac_authorize_generic_roles.rb", "test/test_cbac_context_role.rb", "test/test_cbac_privilege.rb", "test/test_cbac_privilege_set.rb"]
+  s.homepage = %q{http://cbac.rubyforge.org}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Cbac", "--main", "README.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{cbac}
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{CBAC - Simple authorization system for Rails applications.}
+  s.test_files = ["test/test_cbac_context_role.rb", "test/test_cbac_authorize_context_roles.rb", "test/test_cbac_privilege.rb", "test/test_cbac_privilege_set.rb", "test/test_cbac_authorize_generic_roles.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/generators/cbac/cbac_generator.rb

@@ -7,39 +7,60 @@ class CbacGenerator < Rails::Generator::Base
     #raise "silently quiting"
   end
 
+  def migration_exists?(name)
+    not Dir.glob("#{RAILS_ROOT}/db/migrate/[0-9]*_*.rb").grep(/[0-9]+_#{name}.rb$/).empty?
+  end
+
   def manifest
     record do |m|
       # developer files
-      m.file "config/privileges.rb", "config/privileges.rb", :collision => :skip
-      m.file "config/context_roles.rb", "config/context_roles.rb", :collision => :skip
+      m.directory "config/cbac"
+      m.file "config/privileges.rb", "config/cbac/privileges.rb", :collision => :skip
+      m.file "config/context_roles.rb", "config/cbac/context_roles.rb", :collision => :skip
+
+      # deployment file
+      m.file "config/cbac.pristine", "config/cbac/cbac.pristine", :collision => :skip
 
       # administration pages
       m.directory "app/controllers/cbac"
       m.file "controllers/permissions_controller.rb", "app/controllers/cbac/permissions_controller.rb"
       m.file "controllers/generic_roles_controller.rb", "app/controllers/cbac/generic_roles_controller.rb"
       m.file "controllers/memberships_controller.rb", "app/controllers/cbac/memberships_controller.rb"
+      m.file "controllers/upgrade_controller.rb", "app/controllers/cbac/upgrade_controller.rb"
       m.directory "app/views/layouts"
       m.file "views/layouts/cbac.html.erb", "app/views/layouts/cbac.html.erb"
       m.directory "app/views/cbac"
       m.directory "app/views/cbac/permissions"
       m.directory "app/views/cbac/generic_roles"
       m.directory "app/views/cbac/memberships"
+      m.directory "app/views/cbac/upgrade"
       m.file "views/permissions/index.html.erb", "app/views/cbac/permissions/index.html.erb"
       m.file "views/permissions/_update_context_role.html.erb", "app/views/cbac/permissions/_update_context_role.html.erb"
       m.file "views/permissions/_update_generic_role.html.erb", "app/views/cbac/permissions/_update_generic_role.html.erb"
       m.file "views/generic_roles/index.html.erb", "app/views/cbac/generic_roles/index.html.erb"
       m.file "views/memberships/index.html.erb", "app/views/cbac/memberships/index.html.erb"
       m.file "views/memberships/_update.html.erb", "app/views/cbac/memberships/_update.html.erb"
+      m.file "views/upgrade/index.html.erb", "app/views/cbac/upgrade/index.html.erb"
       m.directory "public/stylesheets"
       m.file "stylesheets/cbac.css", "public/stylesheets/cbac.css"
 
       # migrations
-      m.migration_template "migrate/create_cbac.rb", "db/migrate", {:migration_file_name => "create_cbac"}
-
+      puts "type of m: " + m.class.name
+      if migration_exists?("create_cbac")
+        # This is an upgrade from a previous version of CBAC
+        m.migration_template "migrate/create_cbac_upgrade_path.rb", "db/migrate", {:migration_file_name => "create_cbac_upgrade_path"} unless migration_exists?("create_cbac_upgrade_path")
+      else
+        # This is the first install of CBAC into the current project	
+        m.migration_template "migrate/create_cbac_from_scratch.rb", "db/migrate", {:migration_file_name => "create_cbac_from_scratch"} unless migration_exists?("create_cbac_from_scratch")
+      end
       # default fixtures
       m.file "fixtures/cbac_permissions.yml", "test/fixtures/cbac_permissions.yml"
       m.file "fixtures/cbac_generic_roles.yml", "test/fixtures/cbac_generic_roles.yml"
       m.file "fixtures/cbac_memberships.yml", "test/fixtures/cbac_memberships.yml"
+
+      # Rake task
+      m.directory "lib/tasks"
+      m.file "tasks/cbac.rake", "lib/tasks/cbac.rake"
     end
-  end  
-end
+  end
+end

data/generators/cbac/templates/config/cbac.pristine

@@ -0,0 +1,2 @@
+0:+:PrivilegeSet(login) ContextRole(everybody)
+1:+:PrivilegeSet(cbac_administration) Admin()

data/generators/cbac/templates/controllers/permissions_controller.rb

@@ -4,8 +4,27 @@ class Cbac::PermissionsController < ApplicationController
 
   # GET /index GET /index.xml
   def index
-    @context_roles = ContextRole.roles.collect{|key, value| [key, value]}
-    @generic_roles = Cbac::GenericRole.find(:all)
+    if params[:role_substr] and params[:role_substr] != ""
+      @context_roles = []
+      @generic_roles = []
+
+      params[:role_substr].split('|').each do |role_start|
+          @context_roles += (ContextRole.roles.select {|key,value| !key.to_s.match(/^#{role_start}/).nil?}).collect{|key, value| [key, value]}
+        @generic_roles += Cbac::GenericRole.find(:all).select {|role| !role.name.match(/^#{role_start}/).nil? }
+      end
+    else
+      @context_roles = ContextRole.roles
+      @generic_roles = Cbac::GenericRole.all    
+    end
+
+    if params[:priv_substr] && params[:priv_substr] != ""
+      @sets = []
+      params[:priv_substr].split('|').each do |priv_start|
+        @sets += PrivilegeSet.sets.select {|key, value| !key.to_s.match(/^#{priv_start}/).nil?}
+      end
+    else 
+      @sets = PrivilegeSet.sets
+    end
   end
 
   def update

data/generators/cbac/templates/controllers/upgrade_controller.rb

@@ -0,0 +1,24 @@
+class Cbac::UpgradeController < ApplicationController
+
+  layout 'cbac'
+
+  def index
+    @permissions =  Cbac::CbacPristine::PristinePermission.all    
+  end
+
+  def update
+
+    params[:permissions].each do |perm_array|
+      next if perm_array[1][:action] == 'leave'
+      permission = Cbac::CbacPristine::PristinePermission.find(perm_array[1][:id])
+      case perm_array[1][:action]
+        when 'accept'
+          permission.accept
+        when 'reject'
+          permission.reject
+      end
+    end
+    redirect_to :action => :index
+
+  end
+end

data/generators/cbac/templates/fixtures/cbac_memberships.yml

@@ -5,4 +5,4 @@
 # Making the first user member of the administrator group
 one:
     user_id: 1
-    cbac_generic_role_id: 1
+    generic_role_id: 1

data/generators/cbac/templates/migrate/create_cbac_from_scratch.rb

@@ -0,0 +1,59 @@
+class CreateCbacFromScratch < ActiveRecord::Migration
+  def self.up
+    create_table :cbac_permissions do |t|
+      t.integer :generic_role_id, :default => 0
+      t.string :context_role
+      t.integer :privilege_set_id
+      t.timestamps
+    end
+
+    create_table :cbac_generic_roles do |t|
+      t.string :name
+      t.text :remarks
+      t.timestamps
+    end
+
+    create_table :cbac_memberships do |t|
+      t.integer :user_id
+      t.integer :generic_role_id
+      t.timestamps
+    end
+
+    create_table :cbac_privilege_set do |t|
+      t.string :name
+      t.string :comment
+      t.timestamps
+    end
+
+    create_table :cbac_staged_permissions do |t|
+      t.integer :pristine_role_id
+      t.string :privilege_set_name
+      t.integer :line_number
+      t.string :comment
+      t.text :operation, :limit => 2
+      t.timestamps
+    end
+
+    create_table :cbac_staged_roles do |t|
+      t.string :role_type
+      t.string :name
+      t.integer :role_id
+      t.timestamps
+    end
+
+    create_table :cbac_known_permissions do |t|
+      t.integer :permission_number, :null => :no
+      t.integer :permission_type, :default => 0
+    end
+  end
+
+  def self.down
+    drop_table :cbac_permissions
+    drop_table :cbac_generic_roles
+    drop_table :cbac_memberships
+    drop_table :cbac_privilege_set
+    drop_table :cbac_staged_permissions
+    drop_table :cbac_staged_roles
+    drop_table :cbac_known_permission
+  end
+end

data/generators/cbac/templates/migrate/create_cbac_upgrade_path.rb

@@ -0,0 +1,31 @@
+class CreateCbacUpgradePath < ActiveRecord::Migration
+  def self.up
+
+    create_table :cbac_staged_permissions do |t|
+      t.integer :pristine_role_id
+      t.string :privilege_set_name
+      t.integer :line_number
+      t.string :comment
+      t.text :operation, :limit => 2
+      t.timestamps
+    end
+
+    create_table :cbac_staged_roles do |t|
+      t.string :role_type
+      t.string :name
+      t.integer :role_id
+      t.timestamps
+    end
+    
+    create_table :cbac_known_permissions do |t|
+      t.integer :permission_number, :null => :no
+      t.integer :permission_type, :default => 0
+    end
+  end
+
+  def self.down
+    drop_table :cbac_staged_permissions
+    drop_table :cbac_staged_roles
+    drop_table :cbac_known_permissions
+  end
+end

data/generators/cbac/templates/tasks/cbac.rake

@@ -0,0 +1,345 @@
+#TODO: zip (or something) the directory resulting from a snapshot and delete it
+#TODO: unzip (or something) the provided snapshot and load from it, then delete temp dir
+#TODO: add staging area to extracted snapshot, inserted snapshot, clearing code, etc.
+
+#TODO: add comments to pristine lines, in a Comment() style
+
+# WARNING: Non-changes are not saved as known_permissions when using pristine or such. THIS IS NOT A BUG! Think of the following scenario:
+# 1) Developers grant permission X
+# 2) User deploys. Permission X is granted in the database.
+# 3) User revokes permission X
+# 4) Developers revoke permission X
+# 5) User upgrades. No change in permission X detected, (since devteam and user agree) so the user is not prompted to accept the change.
+# 6) User grants permission X again
+# 7) User upgrades again. At this point, we want the user to be warned that the devteam thinks granting this permission is not a good idea. 
+#    This is only possible if the non-change in #5 is not registered as KnownChange
+
+# Get a privilege set that fulfills the provided conditions
+  def get_privilege_set(conditions)
+    Cbac::PrivilegeSetRecord.first(:conditions => conditions)
+  end
+
+# Get a Hash containing all entries from the provided table
+  def select_all(table)
+    ActiveRecord::Base.connection.select_all("SELECT * FROM %s;" % table)
+  end
+
+# Generate a usable filename for dumping records of the specified type
+  def get_filename(type)
+    "#{ENV['SNAPSHOT_NAME']}/cbac_#{type}.yml"
+  end
+
+  def load_objects_from_yaml(type)
+    filename = get_filename(type)
+
+    Yaml.load_file(filename)
+  end
+
+# Dump the specified permissions to a YAML file
+  def dump_permissions_to_yaml_file(permissions)
+    permissions.each do |cp|
+      privilege_set_name = get_privilege_set(:id => cp['privilege_set_id']).name
+      cp['privilege_set_id'] = "<%= Cbac::PrivilegeSetRecord.find(:first, :conditions => {:name => '#{privilege_set_name}'}).id %>"
+    end
+    dump_objects_to_yaml_file(permissions, "permissions")
+  end
+
+# Dump a set of objects to a YAML file. Filename is determined by type-string
+  def dump_objects_to_yaml_file(objects, type)
+    filename = get_filename(type)
+
+    puts "Writing #{type} to disk"
+
+    File.open(filename, "w") do |output_file|
+      index = "0000"
+      output_file.write objects.inject({}) { |hash, record|
+        hash["#{type.singularize}_#{index.succ!}"] = record
+        hash
+      }.to_yaml
+    end
+  end
+
+  def get_cbac_pristine_adapter
+    adapter_class = Class.new
+    adapter_class.send :include, Cbac::CbacPristine
+    adapter_class.new
+  end
+
+  namespace :cbac do
+    desc 'Initialize CBAC tables with bootstrap data. Allows ADMINUSER to log in and visit CBAC administration pages. Also, if a Privilege Set called "login" exists, this privilege is granted to "everyone"'
+    task :bootstrap => :environment do
+      adapter = get_cbac_pristine_adapter
+      if adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified: emptying CBAC tables"
+          adapter.clear_cbac_tables
+        else
+          puts "CBAC bootstrap failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      adminuser = ENV['ADMINUSER'] || 1
+      login_privilege_set = get_privilege_set(:name => "login")
+      everybody_context_role = ContextRole.roles[:everybody]
+      if !login_privilege_set.nil? and !everybody_context_role.nil?
+        puts "Login privilege exists. Allowing context role 'everybody' to use login privilege"
+        login_permission = Cbac::Permission.new(:context_role => 'everybody', :privilege_set_id => login_privilege_set.id)
+        throw "Failed to save Login Permission" unless login_permission.save
+      end
+
+      puts "Creating Generic Role: administrators"
+      admin_role = Cbac::GenericRole.new(:name => "administrators", :remarks => "System administrators - may edit CBAC permissions")
+      throw "Failed to save new Generic Role" unless admin_role.save
+
+      puts "Creating Administrator Membership for user #{adminuser}"
+      membership = Cbac::Membership.new(:user_id => adminuser, :generic_role_id => admin_role.id)
+      throw "Failed to save new Administrator Membership" unless membership.save
+
+      begin
+        admin_privilege_set_id = get_privilege_set({:name => 'cbac_administration'}).id
+      rescue
+        throw "No PrivilegeSet cbac_administration defined. Aborting."
+      end
+      cbac_admin_permission = Cbac::Permission.new(:generic_role_id => admin_role.id, :privilege_set_id => admin_privilege_set_id)
+      throw "Failed to save Cbac_Administration Permission" unless cbac_admin_permission.save
+
+      puts <<EOF
+**********************************************************
+* Succesfully bootstrapped CBAC. The specified user (# #{adminuser} ) *
+* may now visit the cbac administration pages, which are *
+* located at the URL /cbac/permissions/index by default  *
+**********************************************************
+EOF
+    end
+
+    desc 'Extract a snapshot of the current authorization settings, which can later be restored using the restore_snapshot task. Parameter SNAPSHOT_NAME determines where the snapshot is stored'
+    task :extract_snapshot => :environment do
+      if ENV['SNAPSHOT_NAME'].nil?
+        puts "Missing argument SNAPSHOT_NAME. Substituting timestamp for SNAPSHOT_NAME"
+        require 'date'
+        ENV['SNAPSHOT_NAME'] = DateTime.now.strftime("%Y%m%d%H%M%S")
+      end
+
+      if File::exists?(ENV['SNAPSHOT_NAME']) # Directory already exists!
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified - overwriting older snapshot with same name."
+        else
+          puts "A snapshot with the given name (#{ENV['SNAPSHOT_NAME']}) already exists, and overwriting is dangerous. Specify FORCE=true to override this check"
+          exit
+        end
+      else # Directory does not exist yet
+        FileUtils.mkdir(ENV['SNAPSHOT_NAME'])
+      end
+
+      puts "Extracting CBAC permissions to #{ENV['SNAPSHOT_NAME']}"
+
+      # Don't need privilege sets since they are loaded from a config file.
+      staged_changes = select_all "cbac_staged_permissions"
+      dump_objects_to_yaml_file(staged_changes, "staged_permissions")
+
+      staged_roles = select_all "cbac_staged_roles"
+      dump_objects_to_yaml_file(staged_roles, "staged_roles")
+
+      permissions = select_all "cbac_permissions"
+      dump_permissions_to_yaml_file(permissions)
+
+      generic_roles = select_all "cbac_generic_roles"
+      dump_objects_to_yaml_file(generic_roles, "generic_roles")
+
+      memberships = select_all "cbac_memberships"
+      dump_objects_to_yaml_file(memberships, "memberships")
+
+      known_permissions = select_all "cbac_known_permissions"
+      dump_objects_to_yaml_file(known_permissions, "known_permissions")
+    end
+
+    desc 'Restore a snapshot of authorization settings that was extracted earlier. Specify a snapshot using SNAPSHOT_NAME'
+    task :restore_snapshot => :environment do
+      adapter = get_cbac_pristine_adapter
+      if ENV['SNAPSHOT_NAME'].nil?
+        puts "Missing required parameter SNAPSHOT_NAME. Exiting."
+        exit
+      elsif adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified: emptying CBAC tables"
+          adapter.clear_cbac_tables
+        else
+          puts "Reloading snapshot failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      puts "Restoring snapshot #{ENV['SNAPSHOT_NAME']}"
+
+      ENV['FIXTURES_PATH'] = ENV['SNAPSHOT_NAME']
+
+      # Don't need privilege sets since they are loaded from a config file.
+      ENV['FIXTURES'] = "cbac_generic_roles,cbac_memberships,cbac_known_permissions,cbac_permissions,cbac_staged_permissions, cbac_staged_roles"
+
+      Rake::Task["db:fixtures:load"].invoke
+      puts "Successfully restored snapshot."
+      #TODO: check if rake task was successful. else
+      #  puts "Restoring snapshot failed."
+      #end
+    end
+
+    desc 'Restore permissions to factory settings by loading the pristine file into the database'
+    task :pristine => :environment do
+      adapter = get_cbac_pristine_adapter
+      if adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified: emptying CBAC tables"
+        else
+          puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+      filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+      puts "Parsing pristine file #{filename}"
+      pristine_file = adapter.create_pristine_file(filename)
+      adapter.set_pristine_state([pristine_file], true)
+      puts "Applied #{pristine_file.permissions.length.to_s} permissions."
+      puts "Task cbac:pristine finished."
+    end
+
+    desc 'Restore generic permissions to factory settings'
+    task :pristine_generic => :environment do
+      adapter = get_cbac_pristine_adapter
+      if adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified. Dropping all generic permissions and replacing them with generic pristine"
+          adapter.delete_generic_known_permissions
+          adapter.delete_generic_permissions
+        else
+          puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+
+      filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+      puts "Parsing pristine file #{filename}"
+      pristine_file = adapter.create_generic_pristine_file(filename)
+      adapter.set_pristine_state([pristine_file], false)
+      puts "Applied #{pristine_file.permissions.length.to_s} permissions."
+      puts "Task cbac:pristine_generic finished."
+    end
+
+    desc 'Restore all permissions to factory state. Uses the pristine file and the generic pristine file'
+    task :pristine_all => :environment do
+      adapter = get_cbac_pristine_adapter
+      if adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified: emptying CBAC tables"
+        else
+          puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+      filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+      generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+      puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
+      pristine_file = adapter.create_pristine_file(filename)
+      generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
+      adapter.set_pristine_state([pristine_file, generic_pristine_file], true)
+      puts "Applied #{pristine_file.permissions.length.to_s} permissions and #{generic_pristine_file.permissions.length.to_s} generic permissions."
+      puts "Task cbac:pristine_all finished."
+    end
+
+    desc 'Upgrade permissions by adding them to the staging area. Does not upgrade generic permissions'
+    task :upgrade_pristine => :environment do
+      adapter = get_cbac_pristine_adapter
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+
+      ENV['CHANGE_TYPE'] = 'context'
+      filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+      puts "Parsing pristine file #{filename}"
+
+      pristine_file = adapter.create_pristine_file(filename)
+      adapter.delete_non_generic_staged_permissions
+      puts "Deleted all staged context and administrator permissions"
+
+      adapter.stage_permissions([pristine_file])
+      puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions."
+      puts "Task cbac:upgrade_pristine finished."
+    end
+
+
+    desc 'Upgrade generic permissions by adding them to the staging area. Does not upgrade context or admin permissions.'
+    task :upgrade_pristine_generic => :environment do
+      adapter = get_cbac_pristine_adapter
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+
+      ENV['CHANGE_TYPE'] = 'context'
+      generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+
+      puts "Parsing pristine file #{generic_filename}"
+      generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
+
+      adapter.delete_non_generic_staged_permissions
+      puts "Deleted all staged generic permissions"
+
+      adapter.stage_permissions([generic_pristine_file])
+      puts "Staged #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
+      puts "Task cbac:upgrade_pristine finished."
+    end
+
+    desc 'Upgrade all permissions by adding them to the staging area.'
+    task :upgrade_all => :environment do
+      adapter = get_cbac_pristine_adapter
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+
+      ENV['CHANGE_TYPE'] = 'context'
+      filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+      generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+      puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
+
+      pristine_file = adapter.create_pristine_file(filename)
+      generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
+
+      adapter.delete_generic_staged_permissions
+      adapter.delete_non_generic_staged_permissions
+      puts "Deleted all current staged permissions"
+
+
+      adapter.stage_permissions([pristine_file, generic_pristine_file])
+      puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions and #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
+      puts "Task cbac:upgrade_all finished."
+    end
+end