lockdown 0.2.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,3 +1,13 @@
1
+ == 0.3.1 2008-04-29
2
+ * Some initital testing done.
3
+
4
+ == 0.3.0 2008-04-29
5
+ * Big change in how the system is installed and configured in the project.
6
+ Introduced lib/lockdown/init.rb.
7
+ Removed lib/lockdown/access.rb.
8
+ Now use more of a Rails-ish initializer functionality. This adds flexibility
9
+ and places the core code back in the gem, that's what I was after.
10
+
1
11
  == 0.2.0 2008-04-25
2
12
  * First full implementation of generate script "lockdown_all". Warranted a bump up of the minor version.
3
13
 
@@ -14,7 +24,7 @@
14
24
  * Fixed bug with session cleanup.
15
25
 
16
26
  == 0.1.0 2008-04-18
17
- * Nearing public release status. Will release at a minor version of 1
27
+ * Nearing public release status.
18
28
  * In bug testing mode now.
19
29
 
20
30
  == 0.0.1 2008-04-18
@@ -8,7 +8,7 @@ Rakefile
8
8
  app_generators/lockdown/USAGE
9
9
  app_generators/lockdown/lockdown_generator.rb
10
10
  app_generators/lockdown/lockdown_generator.rb.orig
11
- app_generators/lockdown/templates/access.rb
11
+ app_generators/lockdown/templates/init.rb
12
12
  app_generators/lockdown/templates/session.rb
13
13
  bin/lockdown
14
14
  config/hoe.rb
@@ -18,6 +18,7 @@ lib/lockdown/controller.rb
18
18
  lib/lockdown/controller_inspector.rb
19
19
  lib/lockdown/helper.rb
20
20
  lib/lockdown/model.rb
21
+ lib/lockdown/system.rb
21
22
  lib/lockdown/version.rb
22
23
  lib/lockdown/view.rb
23
24
  rails_generators/lockdown_all/USAGE
@@ -50,7 +51,7 @@ rails_generators/lockdown_all/templates/app/views/users/edit.html.erb
50
51
  rails_generators/lockdown_all/templates/app/views/users/index.html.erb
51
52
  rails_generators/lockdown_all/templates/app/views/users/new.html.erb
52
53
  rails_generators/lockdown_all/templates/app/views/users/show.html.erb
53
- rails_generators/lockdown_all/templates/db/migrate/create_base_user_groups.rb
54
+ rails_generators/lockdown_all/templates/db/migrate/create_admin_user_and_user_group.rb
54
55
  rails_generators/lockdown_all/templates/db/migrate/create_permissions.rb
55
56
  rails_generators/lockdown_all/templates/db/migrate/create_profiles.rb
56
57
  rails_generators/lockdown_all/templates/db/migrate/create_user_groups.rb
@@ -69,7 +70,6 @@ test/test_lockdown.rb
69
70
  test/test_lockdown_all_generator.rb
70
71
  test/test_lockdown_generator.rb
71
72
  test/test_lockdown_models_generator.rb
72
- website/index.html
73
73
  website/index.txt
74
74
  website/javascripts/rounded_corners_lite.inc.js
75
75
  website/stylesheets/screen.css
data/README.txt CHANGED
@@ -30,7 +30,8 @@ cd <your application>
30
30
 
31
31
  lockdown .
32
32
 
33
- # Modify lib/lockdown/access.rb to grant access to your application
33
+ # Modify lib/lockdown/init.rb to set defaults and grant access
34
+ to your application
34
35
 
35
36
  # Modify lib/lockdown/session.rb to add/remove session information
36
37
 
@@ -19,7 +19,7 @@ class LockdownGenerator < RubiGen::Base
19
19
  record do |m|
20
20
  m.directory "lib/lockdown"
21
21
  m.template "session.rb", "lib/lockdown/session.rb"
22
- m.file "access.rb", "lib/lockdown/access.rb"
22
+ m.file "init.rb", "lib/lockdown/init.rb"
23
23
  end
24
24
  end
25
25
  end
@@ -0,0 +1,81 @@
1
+ require "lockdown"
2
+ require File.join(File.dirname(__FILE__), "session")
3
+
4
+ Lockdown::System.configure do |c|
5
+
6
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7
+ # Configuration Options
8
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9
+ # Options with defaults:
10
+ #
11
+ # Set timeout to 1 hour:
12
+ # options[:session_timeout] = (60 * 60)
13
+ #
14
+ # Set system to logout if unauthorized access is attempted:
15
+ # options[:logout_on_access_violation] = false
16
+ #
17
+ # Set redirect to path on unauthorized access attempt:
18
+ # options[:access_denied_path] = "/"
19
+ #
20
+ # Set redirect to path on successful login:
21
+ # options[:successful_login_path] = "/"
22
+ #
23
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
24
+ # Define permissions
25
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
26
+ #
27
+ # set_permission(:product_management, all_methods(:products))
28
+ #
29
+ # :product_management is the name of the permission which is later
30
+ # referenced by the user_group method
31
+ #
32
+ # :all_methods(:products) will return an array of all controller actions
33
+ # for the products controller
34
+ #
35
+ # if products is your standard RESTful resource you'll get:
36
+ # ["products/index , "products/show",
37
+ # "products/new", "products/edit",
38
+ # "products/create", "products/update",
39
+ # "products/destroy"]
40
+ #
41
+ # You can pass multiple parameters to concat permissions such as:
42
+ #
43
+ # set_permission(:security_management,all_methods(:users),
44
+ # all_methods(:user_groups),
45
+ # all_methods(:permissions) )
46
+ #
47
+ # In addition to all_methods(:controller) there are:
48
+ #
49
+ # only_methods(:controller, :only_method_1, :only_method_2)
50
+ #
51
+ # all_except_methods(:controller, :except_method_1, :except_method_2)
52
+ #
53
+ # Some other sample permissions:
54
+ #
55
+ # set_permission(:sessions, all_methods(:sessions))
56
+ # set_permission(:my_account, only_methods(:users, :edit, :update, :show))
57
+ #
58
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
59
+ # Built-in user groups
60
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
61
+ # You can assign the above permission to one of the built-in user groups
62
+ # by using the following:
63
+ #
64
+ # To allow public access on the permissions :sessions and :home:
65
+ # set_public_access :sessions, :home
66
+ #
67
+ #
68
+ # Restrict :my_account access to only authenticated users:
69
+ # set_protected_access :my_account
70
+ #
71
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
72
+ # Define user groups
73
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
74
+ #
75
+ # set_user_group(:catalog_management, :category_management,
76
+ # :product_management)
77
+ #
78
+ # :catalog_management is the name of the user group
79
+ # :category_management and :product_management refer to permission names
80
+ #
81
+ end
@@ -1,7 +1,4 @@
1
1
  module Lockdown
2
- # 1 hour
3
- SESSION_TIMEOUT = 60 * 60
4
-
5
2
  #
6
3
  # The Lockdown gem defines additional Session methods:
7
4
  #
@@ -60,7 +60,7 @@ end
60
60
 
61
61
  parser = OptionParser.new do |opts|
62
62
  opts.banner = <<-BANNER
63
- Lockdown will add access.rb and session.rb to the lib/lockdown directory and require them in #{config_file}.
63
+ Lockdown will add init.rb and session.rb to the lib/lockdown directory and require them in #{config_file}.
64
64
 
65
65
  Usage: #{File.basename($0)} [options]
66
66
 
@@ -100,12 +100,9 @@ begin
100
100
  RubiGen::Scripts::Generate.new.run(ARGV, :generator => 'lockdown', :framework => @framework)
101
101
 
102
102
  File.open(config_file, "a") do |f|
103
- require_access = %Q(require "lockdown/access")
104
- require_session = %Q(require "lockdown/session")
103
+ require_lockdown = %Q(require "lockdown/init")
105
104
 
106
- f << %Q(\n#{require_access}\n) unless configuration_file_has?(require_access)
107
-
108
- f << %Q(#{require_session}\n\n) unless configuration_file_has?(require_session)
105
+ f << %Q(#{require_lockdown}\n\n) unless configuration_file_has?(require_lockdown)
109
106
  end
110
107
  rescue Exception => e
111
108
  puts e.backtrace.join("\n")
@@ -119,15 +116,14 @@ MSG
119
116
  puts <<-MSG
120
117
  \n------------------------------------------------------------
121
118
  Modified #{config_file} by adding:
122
- require "lockdown/access"
123
- require "lockdown/session"
119
+ require "lockdown/init"
124
120
  ------------------------------------------------------------\n
125
121
  MSG
126
122
 
127
123
  puts <<-MSG
128
124
  \n------------------------------------------------------------
129
125
  You are now locked down. To open up access to your application
130
- please modify lib/lockdown/access.rb. This is where you'll
126
+ please modify lib/lockdown/init.rb. This is where you'll
131
127
  add permissions and create user groups.
132
128
 
133
129
  To modify the contents of your session and to add access
@@ -61,51 +61,12 @@ module Lockdown
61
61
  end
62
62
  end # class block
63
63
 
64
- require "lockdown/helper.rb"
65
- require "lockdown/controller_inspector.rb"
66
- require "lockdown/controller.rb"
67
- require "lockdown/model.rb"
68
- require "lockdown/view.rb"
69
-
70
- module Permissions#:nodoc:
71
- class << self
72
- include Lockdown::ControllerInspector
73
-
74
- def[](sym)
75
- raise NameError.new("#{sym} is not defined") unless respond_to?(sym)
76
- send(sym)
77
- end
78
-
79
- def access_rights_for(ary)
80
- ary.collect{|m| send(m)}.flatten
81
- end
82
-
83
- def all
84
- all_controllers
85
- end
86
- end # class block
87
- end # permissions
88
-
89
- module UserGroups#:nodoc:
90
- class << self
91
- def[](sym)
92
- permissions(sym).collect{|rec| Lockdown::Permissions[rec]}.flatten
93
- end
94
-
95
- def permissions(sym)
96
- if self.private_records.include?(sym)
97
- return self.send(sym)
98
- end
99
-
100
- static_permissions(sym)
101
- end
102
-
103
- def static_permissions(sym)
104
- raise NameError.new("#{sym} is not defined") unless respond_to?(sym)
105
- send(sym)
106
- end
107
- end # class block
108
- end # usergroups
64
+ require File.join("lockdown", "helper.rb")
65
+ require File.join("lockdown", "controller_inspector.rb")
66
+ require File.join("lockdown", "system.rb")
67
+ require File.join("lockdown", "controller.rb")
68
+ require File.join("lockdown", "model.rb")
69
+ require File.join("lockdown", "view.rb")
109
70
 
110
71
  module Session
111
72
  include Lockdown::Helper
@@ -122,7 +83,7 @@ module Lockdown
122
83
  #
123
84
  def current_user_access_in_group?(grp)
124
85
  return true if current_user_is_admin?
125
- Lockdown::UserGroups.permissions(grp).each do |perm|
86
+ Lockdown::System.user_groups[grp].each do |perm|
126
87
  return true if access_in_perm?(perm)
127
88
  end
128
89
  false
@@ -135,26 +96,20 @@ module Lockdown
135
96
  private
136
97
 
137
98
  #
138
- # session[:user_group] and session[:access_rights] are the keys to Lockdown.
99
+ # session[:access_rights] are the keys to Lockdown.
139
100
  #
140
101
  # session[:access_rights] holds the array of "controller/action" strings
141
102
  # allowed for the user.
142
103
  #
143
104
  #
144
105
  def add_lockdown_session_values(user)
145
- session[:access_rights] = user.access_rights.delete_if{|ar| ar.nil? || ar.strip.length == 0}
146
- if user.user_groups
147
- groups = syms_from_names(user.user_groups)
148
- if groups.include? :administrators
149
- session[:access_rights] = :all
150
- end
151
- end
106
+ session[:access_rights] = Lockdown::System.access_rights_for_user(user)
152
107
  end
153
108
 
154
109
  def access_in_perm?(perm)
155
- Lockdown::Permissions[perm].each do |ar|
110
+ Lockdown::System.permissions[perm].each do |ar|
156
111
  return true if session_access_rights_include?(ar)
157
- end
112
+ end unless Lockdown::System.permissions[perm].nil?
158
113
  false
159
114
  end
160
115
 
@@ -163,10 +118,5 @@ module Lockdown
163
118
  session[:access_rights].include?(str)
164
119
  end
165
120
  end
166
- # module Session
167
- # protected
168
- # include Lockdown::Session
169
- #
170
- # end
171
121
  end
172
122
 
@@ -36,7 +36,7 @@ module Lockdown
36
36
 
37
37
  def path_allowed?(url)
38
38
  req = Lockdown.format_controller_action(url)
39
- session[:access_rights] ||= Lockdown::UserGroups[:public_access]
39
+ session[:access_rights] ||= Lockdown::System.public_access
40
40
  session[:access_rights].each do |ar|
41
41
  return true if req =~ /#{ar}$/
42
42
  end
@@ -47,7 +47,7 @@ module Lockdown
47
47
  if session[:expiry_time] && session[:expiry_time] < Time.now
48
48
  nil_lockdown_values
49
49
  end
50
- session[:expiry_time] = Time.now + Lockdown::SESSION_TIMEOUT
50
+ session[:expiry_time] = Time.now + Lockdown::System[:session_timeout]
51
51
  end
52
52
 
53
53
  def store_location
@@ -112,7 +112,7 @@ module Lockdown
112
112
  # Can log Error => e if desired, I don't desire to now.
113
113
  # For now, just send home, but will probably make this configurable
114
114
  def access_denied(e)
115
- send_to "/"
115
+ send_to Lockdown::Session[:access_denied_path]
116
116
  end
117
117
 
118
118
  def path_from_hash(hsh)
@@ -186,11 +186,13 @@ module Lockdown
186
186
  end
187
187
 
188
188
  def access_denied(e)
189
- reset_session
189
+ if Lockdown::System[:logout_on_access_violation]
190
+ reset_session
191
+ end
190
192
  respond_to do |accepts|
191
193
  accepts.html do
192
194
  store_location
193
- send_to "/"
195
+ send_to Lockdown::System[:access_denied_path]
194
196
  end
195
197
  accepts.xml do
196
198
  headers["Status"] = "Unauthorized"
@@ -1,5 +1,3 @@
1
- require File.join(File.dirname(__FILE__), "helper") unless Lockdown.const_defined?("Helper")
2
-
3
1
  module Lockdown
4
2
  module ControllerInspector
5
3
  def self.included(base)
@@ -58,8 +56,8 @@ module Lockdown
58
56
 
59
57
  private
60
58
 
61
- def paths_for(sym_str, *methods)
62
- str = sym_str.to_s if sym_str.is_a?(Symbol)
59
+ def paths_for(str_sym, *methods)
60
+ str = str_sym.to_s if str_sym.is_a?(Symbol)
63
61
  if methods.empty?
64
62
  klass = get_controller_class(str)
65
63
  methods = available_actions(klass)
@@ -129,12 +127,12 @@ module Lockdown
129
127
  # Convert the str parameter (originally the symbol) to the
130
128
  # class name.
131
129
  #
132
- # For a controller defined as :users in access.rb, the str
130
+ # For a controller defined as :users in init.rb, the str
133
131
  # parameter here would be "users". The result of this method
134
132
  # would be "/users"
135
133
  #
136
134
  # For a namespaced controller:
137
- # In access.rb it would be defined as :admin__users.
135
+ # In init.rb it would be defined as :admin__users.
138
136
  # The str paramter would be "admin__users".
139
137
  # The result would be "/admin/users".
140
138
  #
@@ -150,7 +148,7 @@ module Lockdown
150
148
  # Convert the str parameter (originally the symbol) to the
151
149
  # class name.
152
150
  #
153
- # For a controller defined as :users in access.rb, the str
151
+ # For a controller defined as :users in init.rb, the str
154
152
  # parameter here would be "users". The result of this method
155
153
  # would be "Users"
156
154
  #
@@ -166,7 +164,7 @@ module Lockdown
166
164
  # The reverse of controller_class_name. Convert the controllers
167
165
  # class name to the string version of the symbols used in acces.rb.
168
166
  #
169
- # For a controller defined as :users in access.rb, the klass
167
+ # For a controller defined as :users in init.rb, the klass
170
168
  # parameter here would be Users (the class). The result of this method
171
169
  # would be "users", the string version of :users.
172
170
  #
@@ -20,6 +20,14 @@ module Lockdown
20
20
  end
21
21
  end
22
22
 
23
+ def string_name(str_sym)
24
+ str_sym.is_a?(Symbol) ? convert_reference_name(str_sym) : str_sym
25
+ end
26
+
27
+ def symbol_name(str_sym)
28
+ str_sym.is_a?(String) ? convert_reference_name(str_sym) : str_sym
29
+ end
30
+
23
31
  def symbolize(str)
24
32
  str.downcase.gsub("admin ","admin__").gsub(" ","_").to_sym
25
33
  end
@@ -27,14 +35,22 @@ module Lockdown
27
35
  def camelize(str)
28
36
  str.to_s.gsub(/\/(.?)/) { "::" + $1.upcase }.gsub(/(^|_)(.)/) { $2.upcase }
29
37
  end
30
-
31
38
 
32
39
  def random_string(len = 10)
33
40
  chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
34
41
  Array.new(len){||chars[rand(chars.size)]}.join
35
42
  end
36
43
 
44
+ def administrator_group_string
45
+ string_name(:administrators)
46
+ end
47
+
48
+ def administrator_group_symbol
49
+ :administrators
50
+ end
51
+
37
52
  private
53
+
38
54
  def titleize(str)
39
55
  humanize(underscore(str)).gsub(/\b([a-z])/) { $1.capitalize }
40
56
  end
@@ -1,5 +1,3 @@
1
- require File.join(File.dirname(__FILE__), "helper") unless Lockdown.const_defined?("Helper")
2
-
3
1
  module Lockdown
4
2
  module Model
5
3
  def self.included(base)