lockdown 0.2.0 → 0.3.1

data/History.txt

@@ -1,3 +1,13 @@
+== 0.3.1 2008-04-29
+* Some initital testing done.  
+
+== 0.3.0 2008-04-29
+* Big change in how the system is installed and configured in the project. 
+	Introduced lib/lockdown/init.rb.
+	Removed lib/lockdown/access.rb.
+	Now use more of a Rails-ish initializer functionality.  This adds flexibility
+	and places the core code back in the gem, that's what I was after.
+
 == 0.2.0 2008-04-25
 * First full implementation of generate script "lockdown_all".  Warranted a bump up of the minor version.
 
@@ -14,7 +24,7 @@
 * Fixed bug with session cleanup.
 
 == 0.1.0 2008-04-18
-* Nearing public release status.  Will release at a minor version of 1
+* Nearing public release status.  
   * In bug testing mode now.
 
 == 0.0.1 2008-04-18

data/Manifest.txt

@@ -8,7 +8,7 @@ Rakefile
 app_generators/lockdown/USAGE
 app_generators/lockdown/lockdown_generator.rb
 app_generators/lockdown/lockdown_generator.rb.orig
-app_generators/lockdown/templates/access.rb
+app_generators/lockdown/templates/init.rb
 app_generators/lockdown/templates/session.rb
 bin/lockdown
 config/hoe.rb
@@ -18,6 +18,7 @@ lib/lockdown/controller.rb
 lib/lockdown/controller_inspector.rb
 lib/lockdown/helper.rb
 lib/lockdown/model.rb
+lib/lockdown/system.rb
 lib/lockdown/version.rb
 lib/lockdown/view.rb
 rails_generators/lockdown_all/USAGE
@@ -50,7 +51,7 @@ rails_generators/lockdown_all/templates/app/views/users/edit.html.erb
 rails_generators/lockdown_all/templates/app/views/users/index.html.erb
 rails_generators/lockdown_all/templates/app/views/users/new.html.erb
 rails_generators/lockdown_all/templates/app/views/users/show.html.erb
-rails_generators/lockdown_all/templates/db/migrate/create_base_user_groups.rb
+rails_generators/lockdown_all/templates/db/migrate/create_admin_user_and_user_group.rb
 rails_generators/lockdown_all/templates/db/migrate/create_permissions.rb
 rails_generators/lockdown_all/templates/db/migrate/create_profiles.rb
 rails_generators/lockdown_all/templates/db/migrate/create_user_groups.rb
@@ -69,7 +70,6 @@ test/test_lockdown.rb
 test/test_lockdown_all_generator.rb
 test/test_lockdown_generator.rb
 test/test_lockdown_models_generator.rb
-website/index.html
 website/index.txt
 website/javascripts/rounded_corners_lite.inc.js
 website/stylesheets/screen.css

data/README.txt

@@ -30,7 +30,8 @@ cd <your application>
 
 lockdown .
 
-# Modify lib/lockdown/access.rb to grant access to your application
+# Modify lib/lockdown/init.rb to set defaults and grant access 
+  to your application
 
 # Modify lib/lockdown/session.rb to add/remove session information
 

data/app_generators/lockdown/lockdown_generator.rb

@@ -19,7 +19,7 @@ class LockdownGenerator < RubiGen::Base
     record do |m|
       m.directory "lib/lockdown"
       m.template "session.rb", "lib/lockdown/session.rb"
-      m.file "access.rb", "lib/lockdown/access.rb"
+      m.file "init.rb", "lib/lockdown/init.rb"
     end
   end
 end

data/app_generators/lockdown/templates/init.rb

@@ -0,0 +1,81 @@
+require "lockdown"
+require File.join(File.dirname(__FILE__), "session")
+
+Lockdown::System.configure do |c|
+
+	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+	# Configuration Options
+	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+	# Options with defaults:
+	#
+	# Set timeout to 1 hour:
+	#		options[:session_timeout] = (60 * 60)
+	#
+	# Set system to logout if unauthorized access is attempted:
+	#		options[:logout_on_access_violation] = false
+	#
+	# Set redirect to path on unauthorized access attempt:
+	#		options[:access_denied_path] = "/"
+	#
+	# Set redirect to path on successful login:
+	#		options[:successful_login_path] = "/"
+	#
+	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+	# Define permissions
+	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+	#
+	#		set_permission(:product_management, all_methods(:products))
+	#
+	#			:product_management is the name of the permission which is later
+	#					referenced by the user_group method
+	# 
+	#			:all_methods(:products) will return an array of all controller actions
+	#			for the products controller
+  #			
+	#				if products is your standard RESTful resource you'll get:
+	#				["products/index , "products/show",
+  #					"products/new", "products/edit",
+  #         "products/create", "products/update",
+  #         "products/destroy"]
+	#
+	#	You can pass multiple parameters to concat permissions such as:
+	#		
+	#		set_permission(:security_management,all_methods(:users),
+	#																				all_methods(:user_groups),
+	#																			  all_methods(:permissions) )
+	#
+	# In addition to all_methods(:controller) there are:
+	#
+	#		only_methods(:controller, :only_method_1, :only_method_2)
+	#
+	#		all_except_methods(:controller, :except_method_1, :except_method_2)
+	#
+	#	Some other sample permissions:
+  #	
+  #		set_permission(:sessions, all_methods(:sessions))
+  #		set_permission(:my_account, only_methods(:users, :edit, :update, :show))
+	# 
+	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+	# Built-in user groups
+	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+	#	You can assign the above permission to one of the built-in user groups
+  #	by using the following:
+  #	
+	#		To allow public access on the permissions :sessions and :home:
+  #		set_public_access :sessions, :home
+  #		
+	#		
+	#		Restrict :my_account access to only authenticated users:
+  #		set_protected_access :my_account
+  #		
+	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+	# Define user groups
+	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+	#
+	#		set_user_group(:catalog_management, :category_management, 
+  #																			  :product_management) 
+	# 
+	#			:catalog_management is the name of the user group
+	#			:category_management and :product_management refer to permission names
+	#
+end 

data/app_generators/lockdown/templates/session.rb

@@ -1,7 +1,4 @@
 module Lockdown
-  # 1 hour
-  SESSION_TIMEOUT = 60 * 60
-  
   #
   # The Lockdown gem defines additional Session methods:
   #

data/bin/lockdown

@@ -60,7 +60,7 @@ end
 
   parser = OptionParser.new do |opts|
     opts.banner = <<-BANNER
-    Lockdown will add access.rb and session.rb to the lib/lockdown directory and require them in #{config_file}.
+    Lockdown will add init.rb and session.rb to the lib/lockdown directory and require them in #{config_file}.
 
     Usage: #{File.basename($0)} [options]
 
@@ -100,12 +100,9 @@ begin
   RubiGen::Scripts::Generate.new.run(ARGV, :generator => 'lockdown', :framework => @framework)
 
   File.open(config_file, "a") do |f|
-    require_access =  %Q(require "lockdown/access")
-    require_session = %Q(require "lockdown/session")
+    require_lockdown =  %Q(require "lockdown/init")
 
-    f << %Q(\n#{require_access}\n) unless configuration_file_has?(require_access)
-
-    f << %Q(#{require_session}\n\n) unless configuration_file_has?(require_session)
+    f << %Q(#{require_lockdown}\n\n) unless configuration_file_has?(require_lockdown)
   end
 rescue Exception => e
   puts e.backtrace.join("\n")
@@ -119,15 +116,14 @@ MSG
 puts <<-MSG
 \n------------------------------------------------------------
 Modified #{config_file} by adding:
-    require "lockdown/access"
-    require "lockdown/session"
+    require "lockdown/init"
 ------------------------------------------------------------\n
 MSG
 
 puts <<-MSG
 \n------------------------------------------------------------
 You are now locked down.  To open up access to your application 
-please modify lib/lockdown/access.rb.  This is where you'll 
+please modify lib/lockdown/init.rb.  This is where you'll 
 add permissions and create user groups.
 
 To modify the contents of your session and to add access 

data/lib/lockdown.rb

@@ -61,51 +61,12 @@ module Lockdown
     end
   end # class block
   
-  require "lockdown/helper.rb"
-  require "lockdown/controller_inspector.rb"
-  require "lockdown/controller.rb"
-  require "lockdown/model.rb"
-  require "lockdown/view.rb"
-
-  module Permissions#:nodoc:
-    class << self
-      include Lockdown::ControllerInspector
-      
-      def[](sym)
-        raise NameError.new("#{sym} is not defined") unless respond_to?(sym)
-        send(sym)
-      end
-      
-      def access_rights_for(ary)
-        ary.collect{|m| send(m)}.flatten
-      end
-
-      def all
-        all_controllers
-      end
-    end # class block
-  end # permissions
-
-  module UserGroups#:nodoc:
-    class << self
-      def[](sym)
-        permissions(sym).collect{|rec| Lockdown::Permissions[rec]}.flatten
-      end
-
-      def permissions(sym)
-        if self.private_records.include?(sym)
-          return self.send(sym)
-        end
-
-        static_permissions(sym)
-      end
-
-      def static_permissions(sym)
-        raise NameError.new("#{sym} is not defined") unless respond_to?(sym)
-        send(sym)
-      end
-    end # class block
-  end # usergroups
+  require File.join("lockdown", "helper.rb")
+  require File.join("lockdown", "controller_inspector.rb")
+  require File.join("lockdown", "system.rb")
+  require File.join("lockdown", "controller.rb")
+  require File.join("lockdown", "model.rb")
+  require File.join("lockdown", "view.rb")
 
   module Session
     include Lockdown::Helper
@@ -122,7 +83,7 @@ module Lockdown
     #
     def current_user_access_in_group?(grp)
       return true if current_user_is_admin?
-        Lockdown::UserGroups.permissions(grp).each do |perm|
+        Lockdown::System.user_groups[grp].each do |perm|
           return true if access_in_perm?(perm)
         end
       false
@@ -135,26 +96,20 @@ module Lockdown
     private
 
     #
-    # session[:user_group] and session[:access_rights] are the keys to Lockdown.
+    # session[:access_rights] are the keys to Lockdown.
     #
     # session[:access_rights] holds the array of "controller/action" strings 
     # allowed for the user.
     #
     #
     def add_lockdown_session_values(user)
-      session[:access_rights] = user.access_rights.delete_if{|ar| ar.nil? || ar.strip.length == 0}
-      if user.user_groups
-        groups = syms_from_names(user.user_groups)
-        if groups.include? :administrators
-          session[:access_rights] = :all
-        end
-      end
+      session[:access_rights] = Lockdown::System.access_rights_for_user(user)
     end
 
     def access_in_perm?(perm)
-      Lockdown::Permissions[perm].each do |ar|
+      Lockdown::System.permissions[perm].each do |ar|
         return true if session_access_rights_include?(ar)
-      end
+      end unless Lockdown::System.permissions[perm].nil?
       false
     end
 
@@ -163,10 +118,5 @@ module Lockdown
       session[:access_rights].include?(str)
     end
   end
- # module Session
- #   protected 
- #   include Lockdown::Session
- # 
- # end
 end
 

data/lib/lockdown/controller.rb

@@ -36,7 +36,7 @@ module Lockdown
 
         def path_allowed?(url)
           req = Lockdown.format_controller_action(url)
-          session[:access_rights] ||= Lockdown::UserGroups[:public_access]
+          session[:access_rights] ||= Lockdown::System.public_access
           session[:access_rights].each do |ar|
             return true if req =~ /#{ar}$/
           end
@@ -47,7 +47,7 @@ module Lockdown
           if session[:expiry_time] && session[:expiry_time] < Time.now
             nil_lockdown_values
           end
-          session[:expiry_time] = Time.now + Lockdown::SESSION_TIMEOUT
+          session[:expiry_time] = Time.now + Lockdown::System[:session_timeout]
         end
               
         def store_location
@@ -112,7 +112,7 @@ module Lockdown
         # Can log Error => e if desired, I don't desire to now.
         # For now, just send home, but will probably make this configurable
         def access_denied(e)
-          send_to "/"
+          send_to Lockdown::Session[:access_denied_path]
         end
 
         def path_from_hash(hsh)
@@ -186,11 +186,13 @@ module Lockdown
         end
       
         def access_denied(e)
-          reset_session
+					if Lockdown::System[:logout_on_access_violation]
+						reset_session
+					end
           respond_to do |accepts|
             accepts.html do
               store_location
-              send_to "/"
+              send_to Lockdown::System[:access_denied_path]
             end
             accepts.xml do
               headers["Status"] = "Unauthorized"

data/lib/lockdown/controller_inspector.rb

@@ -1,5 +1,3 @@
-require File.join(File.dirname(__FILE__), "helper") unless Lockdown.const_defined?("Helper")
-
 module Lockdown
   module ControllerInspector
     def self.included(base)
@@ -58,8 +56,8 @@ module Lockdown
     
       private 
 
-      def paths_for(sym_str, *methods)
-        str = sym_str.to_s if sym_str.is_a?(Symbol)
+      def paths_for(str_sym, *methods)
+        str = str_sym.to_s if str_sym.is_a?(Symbol)
         if methods.empty?
           klass = get_controller_class(str)
           methods = available_actions(klass) 
@@ -129,12 +127,12 @@ module Lockdown
       # Convert the str parameter (originally the symbol) to the 
       # class name.
       #
-      # For a controller defined as :users in access.rb, the str
+      # For a controller defined as :users in init.rb, the str
       # parameter here would be "users". The result of this method
       # would be "/users"
       #
       # For a namespaced controller:
-      # In access.rb it would be defined as :admin__users.
+      # In init.rb it would be defined as :admin__users.
       # The str paramter would be "admin__users".
       # The result would be "/admin/users".
       #
@@ -150,7 +148,7 @@ module Lockdown
       # Convert the str parameter (originally the symbol) to the 
       # class name.
       #
-      # For a controller defined as :users in access.rb, the str
+      # For a controller defined as :users in init.rb, the str
       # parameter here would be "users". The result of this method
       # would be "Users"
       #
@@ -166,7 +164,7 @@ module Lockdown
       # The reverse of controller_class_name.  Convert the controllers
       # class name to the string version of the symbols used in acces.rb.
       #
-      # For a controller defined as :users in access.rb, the klass 
+      # For a controller defined as :users in init.rb, the klass 
       # parameter here would be Users (the class). The result of this method
       # would be "users", the string version of :users.
       #

data/lib/lockdown/helper.rb

@@ -20,6 +20,14 @@ module Lockdown
       end
     end
 
+		def string_name(str_sym)
+			str_sym.is_a?(Symbol) ? convert_reference_name(str_sym) : str_sym
+		end
+
+		def symbol_name(str_sym)
+			str_sym.is_a?(String) ? convert_reference_name(str_sym) : str_sym
+		end
+
     def symbolize(str)
       str.downcase.gsub("admin ","admin__").gsub(" ","_").to_sym
     end
@@ -27,14 +35,22 @@ module Lockdown
     def camelize(str)
       str.to_s.gsub(/\/(.?)/) { "::" + $1.upcase }.gsub(/(^|_)(.)/) { $2.upcase }
     end
-    
 
     def random_string(len = 10)
       chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
       Array.new(len){||chars[rand(chars.size)]}.join
     end
 
+		def administrator_group_string
+			string_name(:administrators)
+    end
+
+		def administrator_group_symbol
+			:administrators
+    end
+
     private
+
     def titleize(str)
       humanize(underscore(str)).gsub(/\b([a-z])/) { $1.capitalize }
     end

data/lib/lockdown/model.rb

@@ -1,5 +1,3 @@
-require File.join(File.dirname(__FILE__), "helper") unless Lockdown.const_defined?("Helper")
-
 module Lockdown
   module Model
     def self.included(base)