hone-lockdown 1.2.1

data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb

@@ -0,0 +1,122 @@
+class <%= "#{namespace.camelcase}::" unless namespace.blank? %>UserGroupsController < ApplicationController
+	before_filter :find_user_group, :only => [:show, :edit, :update, :destroy]
+	after_filter :update_permissions, :only => [:create, :update]
+
+  # GET /user_groups
+  # GET /user_groups.xml
+  def index
+    @user_groups = UserGroup.find(:all)
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @user_groups }
+    end
+  end
+
+  # GET /user_groups/1
+  # GET /user_groups/1.xml
+  def show
+		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @user_group }
+    end
+  end
+
+  # GET /user_groups/new
+  # GET /user_groups/new.xml
+  def new
+    @user_group = UserGroup.new
+		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @user_group }
+    end
+  end
+
+  # GET /user_groups/1/edit
+  def edit
+		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+  end
+
+  # POST /user_groups
+  # POST /user_groups.xml
+  def create
+    @user_group = UserGroup.new(params[:user_group])
+
+    respond_to do |format|
+      if @user_group.save
+        flash[:notice] = 'UserGroup was successfully created.'
+        <% if namespace %>
+          format.html { redirect_to(<%= namespace %>_user_group_path(@user_group)) }
+        <% else %>
+          format.html { redirect_to(user_group_path(@user_group)) }
+        <% end %>
+        format.xml  { render :xml => @user_group, :status => :created, :location => @user_group }
+      else
+				@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @user_group.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  # PUT /user_groups/1
+  # PUT /user_groups/1.xml
+  def update
+    respond_to do |format|
+      if @user_group.update_attributes(params[:user_group])
+        flash[:notice] = 'UserGroup was successfully updated.'
+        <% if namespace %>
+          format.html { redirect_to(<%= namespace %>_user_group_path(@user_group)) }
+        <% else %>
+          format.html { redirect_to(user_group_path(@user_group)) }
+        <% end %>
+        format.xml  { head :ok }
+      else
+				@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @user_group.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /user_groups/1
+  # DELETE /user_groups/1.xml
+  def destroy
+    @user_group.destroy
+
+    respond_to do |format|
+      format.html { redirect_to(<%= namespace.blank? ? 'user_groups_path' : "#{namespace}_user_groups_path" %>) }
+      format.xml  { head :ok }
+    end
+  end
+
+	private
+
+	def find_user_group
+    @user_group = UserGroup.find(params[:id])
+    if <%= action_name %> != "show" && Lockdown::System.has_user_group?(@user_group)
+      raise SecurityError,"Invalid attempt to modify user group."
+    end
+  end
+
+	def update_permissions
+		new_perm_ids = params.collect{|p| p[0].split("_")[1].to_i if p[0] =~ /^perm_/}.compact
+		#
+		# Removed previously associated permissions if not checked this time.
+		#
+		@user_group.permissions.dup.each do |p|
+			@user_group.permissions.delete(p) unless new_perm_ids.include?(p.id)
+    end
+
+		# 
+		# Add in the new permissions
+		#
+		new_perm_ids.each do |id|
+			next if @user_group.permission_ids.include?(id)
+			@user_group.permissions << Permission.find(id)
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/users_controller.rb

@@ -0,0 +1,117 @@
+class <%= "#{namespace.camelcase}::" unless namespace.blank? %>UsersController < ApplicationController
+	before_filter :find_user, :only => [:show, :edit, :update, :destroy]
+	after_filter :update_user_groups, :only => [:create, :update]
+  # GET /users
+  # GET /users.xml
+  def index
+    @users = User.find :all, :include => [:profile, :user_groups]
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @users }
+    end
+  end
+
+  # GET /users/1
+  # GET /users/1.xml
+  def show
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @user }
+    end
+  end
+
+  # GET /users/new
+  # GET /users/new.xml
+  def new
+		@user = User.new
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+		respond_to do |format|
+     format.html # new.html.erb
+     format.xml  { render :xml => @user }
+		end
+  end
+
+  # GET /users/1/edit
+  def edit
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+  end
+  
+  # POST /users
+  # POST /users.xml
+  def create
+    @user = User.new(params[:user])
+
+		if @user.save
+			flash[:notice] = "Thanks for signing up!"
+			redirect_to(<%= namespace.blank? ? 'user_path(@user)' : "#{namespace}_user_path(@user)" %>)
+		else
+			@user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+			flash[:error] = "Please correct the following issues"
+			render :action => "new" 
+    end
+  end
+  
+  # PUT /users/1
+  # PUT /users/1.xml
+  def update
+		@user.attributes = params[:user]
+
+    respond_to do |format|
+      if @user.save
+        flash[:notice] = 'User was successfully updated.'
+          format.html { redirect_to(<%= namespace.blank?  ? 'user_path(@user)' : "#{namespace}_user_path(@user)"%>) }
+        format.xml  { head :ok }
+      else
+        @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /users/1
+  # DELETE /users/1.xml
+  def destroy
+    @user.destroy
+
+    respond_to do |format|
+      format.html { redirect_to(<%= namespace.blank? ? 'users_path' : "#{namespace}_users_path" %>) }
+      format.xml  { head :ok }
+    end
+  end
+
+	def change_password 
+		render :update do |page|
+			page.replace_html 'password', :partial => 'password'
+		end
+	end
+
+	private
+
+	def find_user
+		# Skip test if current user is an administrator
+		unless current_user_is_admin? 
+			# Raise error if id not = current logged in user
+			raise SecurityError.new if (current_user_id != params[:id].to_i)
+		end
+		@user = User.find(params[:id])
+		raise SecurityError.new if @user.nil?
+	end
+
+	def update_user_groups
+		new_ug_ids = params.collect{|p| p[0].split("_")[1].to_i if p[0] =~ /^ug_/}.compact
+		# Removed previously associated user_groups if not checked this time.
+		#
+		@user.user_groups.dup.each do |g|
+			@user.user_groups.delete(g) unless new_ug_ids.include?(g.id)
+    end
+	
+		# Add in the new permissions
+		#
+		new_ug_ids.each do |id|
+			next if @user.user_group_ids.include?(id)
+			@user.user_groups << UserGroup.find(id)
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb

@@ -0,0 +1,2 @@
+module <%= "#{namespace.camelcase}::" unless namespace.blank? %>PermissionsHelper
+end

data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb

@@ -0,0 +1,2 @@
+module <%= "#{namespace.camelcase}::" unless namespace.blank? %>UserGroupsHelper
+end

data/rails_generators/lockdown/templates/app/helpers/users_helper.rb

@@ -0,0 +1,2 @@
+module <%= "#{namespace.camelcase}::" unless namespace.blank? %>UsersHelper
+end

data/rails_generators/lockdown/templates/app/models/permission.rb

@@ -0,0 +1,13 @@
+class Permission < ActiveRecord::Base
+  has_and_belongs_to_many :user_groups
+  
+	def all_users
+		User.find_by_sql <<-SQL
+			select users.* 
+			from users, user_groups_users, permissions_user_groups
+			where users.id = user_groups_users.user_id 
+			and user_groups_users.user_group_id = permissions_user_groups.user_group_id
+			and permissions_user_groups.permission_id = #{self.id}
+		SQL
+  end
+end

data/rails_generators/lockdown/templates/app/models/profile.rb

@@ -0,0 +1,10 @@
+class Profile < ActiveRecord::Base
+  SYSTEM = 1
+  
+  validates_presence_of :email, :first_name, :last_name
+  
+  validates_length_of :email, :within => 5..100
+  validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
+  
+  validates_uniqueness_of :email, :case_sensitive => false
+end

data/rails_generators/lockdown/templates/app/models/user.rb

@@ -0,0 +1,95 @@
+require 'digest/sha1'
+class User < ActiveRecord::Base
+  has_and_belongs_to_many :user_groups
+  belongs_to :profile
+  
+  # Virtual attributes
+  attr_accessor :password
+
+  validates_presence_of     :login
+  validates_presence_of     :password,                   :if => :password_required?
+  validates_presence_of     :password_confirmation,      :if => :password_required?
+  validates_length_of       :password, :within => 4..40, :if => :password_required?
+  validates_confirmation_of :password,                   :if => :password_required?
+  validates_length_of       :login,    :within => 3..40
+  validates_uniqueness_of   :login, :case_sensitive => false
+  
+	before_save :encrypt_password
+	before_save :save_profile
+
+  attr_accessible :login, :password, :password_confirmation, 
+                  :first_name, :last_name, :email
+  
+  # Authenticates a user by their login name and unencrypted password.  
+  # Returns the user or nil.
+  def self.authenticate(login, password)
+    u = find :first, :conditions => ['login = ?', login] # need to get the salt
+    u && u.authenticated?(password) ? u : nil
+  end
+
+  # Encrypts some data with the salt.
+  def self.encrypt(password, salt)
+    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+  end
+
+  # Encrypts the password with the user salt
+  def encrypt(password)
+    self.class.encrypt(password, salt)
+  end
+
+  def authenticated?(password)
+    crypted_password == encrypt(password)
+  end
+  
+  def full_name
+    first_name + " " + last_name
+  end
+
+  # Profile information
+  def first_name
+    user_profile.first_name
+  end
+  
+  def first_name=(string)
+    user_profile.first_name = string
+  end
+  
+  def last_name
+    user_profile.last_name
+  end
+  
+  def last_name=(string)
+    user_profile.last_name = string
+  end
+  
+  def email
+    user_profile.email
+  end
+  
+  def email=(string)
+    user_profile.email = string
+  end
+
+  def user_profile
+    self.profile || self.profile = Profile.new
+  end
+  
+  protected
+      
+  def encrypt_password
+    return if password.blank?
+    if new_record?
+      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") 
+    end
+    self.crypted_password = encrypt(password)
+  end
+
+  def save_profile
+    profile.save
+  end
+  
+  def password_required?
+    (crypted_password.blank? || !password.blank?)
+  end
+    
+end

data/rails_generators/lockdown/templates/app/models/user_group.rb

@@ -0,0 +1,15 @@
+class UserGroup < ActiveRecord::Base
+  has_and_belongs_to_many :permissions
+  has_and_belongs_to_many :users
+
+  validates_presence_of :name
+  
+	def all_users
+		User.find_by_sql <<-SQL
+			select users.* 
+			from users, user_groups_users
+			where users.id = user_groups_users.user_id 
+			and user_groups_users.user_group_id = #{self.id}
+    SQL
+	end
+end

data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb

@@ -0,0 +1,16 @@
+<h1>Listing Permissions</h1>
+
+<table>
+  <tr>
+    <th>Name</th>
+  </tr>
+
+<%% for permission in @permissions %>
+  <tr>
+    <td><%%=h permission.name %></td>
+    <td><%%= link_to 'Show', <%= namespace.blank? ? 'permission_path(permission)' : "#{namespace}_permission_path(permission)" %> %></td>
+  </tr>
+<%% end %>
+</table>
+
+<br />

data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb

@@ -0,0 +1,26 @@
+<p>
+  <b>Name</b><br />
+  <%%= h @permission.name %>
+</p>
+<p>
+  <b>Access rights:</b><br />
+  <%%
+    Lockdown::System.access_rights_for_permission(@permission).each do |access_right| 
+  %>
+    <%%= access_right %><br/>
+  <%%
+    end
+  %>
+</p>
+<p>
+  <b>Users with permission:</b><br />
+  <%%
+    @permission.all_users.each do |user| 
+  %>
+      <%%= link_to_or_show(user.full_name, <%= namespace.blank? ? 'user' : "#{namespace}_user_path(user)" %>) %><br/>
+  <%%
+    end
+  %>
+</p>
+
+<%%= link_to 'Back', <%= namespace.blank? ? 'permissions_path' : "#{namespace}_permissions_path" %> %>

data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb

@@ -0,0 +1,12 @@
+<%%= flash[:notice] if flash[:notice] %>
+<%%= flash[:error] if flash[:error] %>
+
+<%% form_tag sessions_path  do -%>
+	<p><label for="login">Login</label><br/>
+	<%%= text_field_tag 'login' %></p>
+
+	<p><label for="password">Password</label><br/>
+	<%%= password_field_tag 'password' %></p>
+
+	<p><%%= submit_tag 'Log in' %></p>
+<%% end -%>