lockdown 0.2.0 → 0.3.1

data/lib/lockdown/system.rb

@@ -0,0 +1,169 @@
+module Lockdown
+  class System
+    class << self
+			include Lockdown::ControllerInspector
+
+      attr_accessor :options #:nodoc:
+
+      attr_accessor :permissions #:nodoc:
+      attr_accessor :user_groups #:nodoc:
+
+      # :public_access allows access to all
+      attr_accessor :public_access #:nodoc:
+      # :protected_access will restrict access to authenticated users.
+      attr_accessor :protected_access #:nodoc:
+
+      # Future functionality:
+      # :private_access will restrict access to model data to their creators.
+      # attr_accessor :private_access #:nodoc:
+
+      def configure(&block)
+				self.set_defaults
+        self.instance_eval(&block)
+      end
+
+      def [](key)
+        (@options||={})[key]
+      end
+
+			def []=(key,val)
+        @options[key] = val
+      end
+
+      def set_permission(name, *method_arrays)
+        @permissions[name] ||= []
+        method_arrays.each{|ary| @permissions[name] += ary}
+      end
+
+			def get_permissions
+				@permissions.keys
+      end
+
+      def set_user_group(name, *perms)
+        @user_groups[name] ||= []
+        perms.each{|perm| @user_groups[name].push(perm)}
+      end
+
+			def get_user_groups
+				@user_groups.keys
+      end
+
+			def set_public_access(*perms)
+				perms.each{|perm| @public_access += @permissions[perm]}
+			end
+
+			def set_protected_access(*perms)
+				perms.each{|perm| @protected_access += @permissions[perm]}
+			end
+			
+			def standard_authorized_user_rights
+				Lockdown::System.public_access + Lockdown::System.protected_access 
+      end
+
+			#
+			# Create a user group record in the database
+			#
+			def create_user_group(str_sym)
+				return unless @options[:use_db_models]
+				UserGroup.create(:name => string_name(str_sym))
+			end
+
+			def create_administrator_user_group
+				return unless @options[:use_db_models]
+				Lockdown::System.create_user_group administrator_group_symbol
+  		end
+
+			#
+			# Delete a user group record from the database
+			#
+			def delete_user_group(str_sym)
+				ug = UserGroup.find_by_name(string_name(str_sym))
+				ug.destroy unless ug.nil?
+			end
+
+			def access_rights_for_user(usr)
+				return unless usr
+				return :all if administrator?(usr)
+
+			  rights = standard_authorized_user_rights
+
+				if @options[:use_db_models]
+					usr.user_groups.each do |grp|
+						if @user_groups.has_key? symbol_name(grp.name)
+							@user_groups[symbol_name(grp.name)].each do |perm|
+								rights += @permissions[perm]
+							end
+						else
+							grp.permissions.each do |perm|
+								rights += @permissions[symbol_name(perm.name)]
+							end
+						end
+					end
+				end
+				rights
+			end
+
+			#
+			# Use this for the management screen to restrict user group list to the
+			# user.  This will prevent a user from creating a user with more power than
+			# him/her self.
+			# 
+			#
+			def user_groups_assignable_for_user(usr)
+				return [] if usr.nil?
+
+				if administrator?(usr)
+					UserGroup.find(:all, :order => :name)
+				else
+					UserGroup.find_by_sql <<-SQL
+						select user_groups.* from user_groups, user_groups_users
+						where user_groups.id = user_groups_users.user_group_id
+							and user_groups_users.user_id = #{usr.id}	 
+						order by user_groups.name
+					SQL
+				end
+			end
+
+			def make_user_administrator(usr)
+				usr.user_groups << UserGroup.find_or_create_by_name(administrator_group_string)
+			end
+
+			def administrator?(usr)
+				user_has_user_group?(usr, administrator_group_symbol)
+			end
+
+			def administrator_rights
+				all_controllers
+      end
+
+      protected 
+
+      def set_defaults
+        @permissions = {}
+        @user_groups = {}
+
+        @public_access = []
+        @protected_access = []
+        @private_access = []
+
+				@options = {
+					:use_db_models => true,
+					:session_timeout => (60 * 60),
+					:logout_on_access_violation => false,
+					:access_denied_path => "/",
+					:successful_login_path => "/"
+				}
+      end
+
+			private
+
+			def user_has_user_group?(usr, sym)
+				usr.user_groups.each do |ug|
+					return true if convert_reference_name(ug.name) == sym
+				end
+				false
+			end
+
+    end # class block
+  end # System class
+end # Lockdown

data/lib/lockdown/version.rb

@@ -1,8 +1,8 @@
 module Lockdown #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 0
-    MINOR = 2
-    TINY  = 0
+    MINOR = 3
+    TINY  = 1
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/rails_generators/lockdown_all/lockdown_all_generator.rb

@@ -14,25 +14,49 @@ class LockdownAllGenerator < Rails::Generator::Base
       m.directory 'app/controllers'
 
       #Controllers
-      m.file "app/controllers/permissions_controller.rb",  "app/controllers/permissions_controller.rb"
-      m.file "app/controllers/users_controller.rb",        "app/controllers/users_controller.rb"
-      m.file "app/controllers/user_groups_controller.rb",  "app/controllers/user_groups_controller.rb"
-      m.file "app/controllers/sessions_controller.rb",  "app/controllers/sessions_controller.rb"
+      m.file "app/controllers/permissions_controller.rb",
+							"app/controllers/permissions_controller.rb"
+
+      m.file "app/controllers/users_controller.rb",
+							"app/controllers/users_controller.rb"
+
+      m.file "app/controllers/user_groups_controller.rb",
+							"app/controllers/user_groups_controller.rb"
+
+      m.file "app/controllers/sessions_controller.rb",
+							"app/controllers/sessions_controller.rb"
 
       #Models
-      m.file "app/models/permission.rb",  "app/models/permission.rb"
-      m.file "app/models/user.rb",        "app/models/user.rb"
-      m.file "app/models/user_group.rb",  "app/models/user_group.rb"
-      m.file "app/models/profile.rb",  "app/models/profile.rb"
+      m.file "app/models/permission.rb",
+							"app/models/permission.rb"
+
+      m.file "app/models/user.rb",
+							"app/models/user.rb"
+
+      m.file "app/models/user_group.rb",
+							"app/models/user_group.rb"
+
+      m.file "app/models/profile.rb",
+							"app/models/profile.rb"
 
 
 
       #Migrations
-      m.migration_template "db/migrate/create_profiles.rb", "db/migrate", :migration_file_name => "create_profiles"
-      m.migration_template "db/migrate/create_users.rb", "db/migrate", :migration_file_name => "create_users"
-      m.migration_template "db/migrate/create_user_groups.rb", "db/migrate", :migration_file_name => "create_user_groups"
-      m.migration_template "db/migrate/create_permissions.rb", "db/migrate", :migration_file_name => "create_permissions"
-      m.migration_template "db/migrate/create_base_user_groups.rb", "db/migrate", :migration_file_name => "create_base_user_groups"
+      m.migration_template "db/migrate/create_profiles.rb", "db/migrate", 
+														:migration_file_name => "create_profiles"
+
+      m.migration_template "db/migrate/create_users.rb", "db/migrate", 
+														:migration_file_name => "create_users"
+
+      m.migration_template "db/migrate/create_user_groups.rb", "db/migrate", 
+														:migration_file_name => "create_user_groups"
+
+      m.migration_template "db/migrate/create_permissions.rb", "db/migrate", 
+														:migration_file_name => "create_permissions"
+
+      m.migration_template "db/migrate/create_admin_user_and_user_group.rb", 
+														"db/migrate", 
+														:migration_file_name => "create_admin_user_and_user_group"
 
       #Route file (i like having them on individual lines)
       m.route_resources "permissions"
@@ -41,40 +65,54 @@ class LockdownAllGenerator < Rails::Generator::Base
       m.route_resources "sessions"
 
       #Helpers
-      m.file "app/helpers/permissions_helper.rb",  "app/helpers/permissions_helper.rb"
-      m.file "app/helpers/users_helper.rb",        "app/helpers/users_helper.rb"
-      m.file "app/helpers/user_groups_helper.rb",  "app/helpers/user_groups_helper.rb"
+      m.file "app/helpers/permissions_helper.rb",
+							"app/helpers/permissions_helper.rb"
+
+      m.file "app/helpers/users_helper.rb",
+							"app/helpers/users_helper.rb"
+
+      m.file "app/helpers/user_groups_helper.rb",
+							"app/helpers/user_groups_helper.rb"
 
       #Views
       copy_views(m, "users")
-      m.file "app/views/users/_password.html.erb", "app/views/users/_password.html.erb"
+
+      m.file "app/views/users/_password.html.erb",
+							"app/views/users/_password.html.erb"
 
       copy_views(m, "user_groups")
 
-      m.file "app/views/permissions/_data.html.erb", "app/views/permissions/_data.html.erb"
-      m.file "app/views/permissions/index.html.erb", "app/views/permissions/index.html.erb"
-      m.file "app/views/permissions/show.html.erb", "app/views/permissions/show.html.erb"
+      m.file "app/views/permissions/_data.html.erb",
+							"app/views/permissions/_data.html.erb"
+
+      m.file "app/views/permissions/index.html.erb",
+							"app/views/permissions/index.html.erb"
+
+      m.file "app/views/permissions/show.html.erb",
+							"app/views/permissions/show.html.erb"
 
-      m.file "app/views/sessions/new.html.erb", "app/views/sessions/new.html.erb"
+      m.file "app/views/sessions/new.html.erb",
+							"app/views/sessions/new.html.erb"
     end
   end
 
   protected
-    def banner
-      <<-EOS
-Installs the lockdown framework to managing users user_groups and viewing permissions. 
-Also includes a login screen.
+
+  def banner
+<<-EOS
+Installs the lockdown framework to managing users user_groups 
+and viewing permissions. Also includes a login screen.
 
 USAGE: #{$0} #{spec.name} 
 EOS
-    end
+  end
 
-    def copy_views(m, vw)
-      m.file "app/views/#{vw}/_data.html.erb", "app/views/#{vw}/_data.html.erb"
-      m.file "app/views/#{vw}/_form.html.erb", "app/views/#{vw}/_form.html.erb"
-      m.file "app/views/#{vw}/index.html.erb", "app/views/#{vw}/index.html.erb"
-      m.file "app/views/#{vw}/show.html.erb", "app/views/#{vw}/show.html.erb"
-      m.file "app/views/#{vw}/edit.html.erb", "app/views/#{vw}/edit.html.erb"
-      m.file "app/views/#{vw}/new.html.erb", "app/views/#{vw}/new.html.erb"
-    end
+	def copy_views(m, vw)
+		m.file "app/views/#{vw}/_data.html.erb", "app/views/#{vw}/_data.html.erb"
+		m.file "app/views/#{vw}/_form.html.erb", "app/views/#{vw}/_form.html.erb"
+		m.file "app/views/#{vw}/index.html.erb", "app/views/#{vw}/index.html.erb"
+		m.file "app/views/#{vw}/show.html.erb", "app/views/#{vw}/show.html.erb"
+		m.file "app/views/#{vw}/edit.html.erb", "app/views/#{vw}/edit.html.erb"
+		m.file "app/views/#{vw}/new.html.erb", "app/views/#{vw}/new.html.erb"
+	end
 end

data/rails_generators/lockdown_all/templates/app/controllers/user_groups_controller.rb

@@ -27,7 +27,7 @@ class UserGroupsController < ApplicationController
   # GET /user_groups/new.xml
   def new
     @user_group = UserGroup.new
-		@all_permissions = Permission.all_but_public
+		@all_permissions = Lockdown::System.get_permissions
 
     respond_to do |format|
       format.html # new.html.erb
@@ -37,7 +37,7 @@ class UserGroupsController < ApplicationController
 
   # GET /user_groups/1/edit
   def edit
-		@all_permissions = Permission.all_but_public
+		@all_permissions = Lockdown::System.get_permissions
   end
 
   # POST /user_groups

data/rails_generators/lockdown_all/templates/app/controllers/users_controller.rb

@@ -25,7 +25,7 @@ class UsersController < ApplicationController
   def new
 		@user = User.new
 		@profile = Profile.new
-    @user_groups_for_user = UserGroup.find_assignable_for_user(current_user)
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
 		respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @user }
@@ -34,7 +34,7 @@ class UsersController < ApplicationController
 
   # GET /users/1/edit
   def edit
-    @user_groups_for_user = UserGroup.find_assignable_for_user(current_user)
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
   end
   
   # POST /users

data/rails_generators/lockdown_all/templates/app/models/permission.rb

@@ -1,59 +1,6 @@
-#
-# This is merely an extension of the Lockdown::Permissions module to
-# allow for database manipulation of Permissions
-#
-# This is typically done via management screens.
-#
 class Permission < ActiveRecord::Base
-  include Lockdown::Helper
   has_and_belongs_to_many :user_groups
   
-  before_save :ensure_lockdown_permission_exists
-  
-	class << self
-    include Lockdown::Helper
-		#
-    # Use this in your migrations to create a db record for management
-    # functionality.  
-    # 
-    # Permission must be defined in:
-    #		RAILS_ROOT/config/initializers/lockdown/access.rb
-    #
-		def create_record(sym)
-      raise NameError.new("#{sym} is not defined.") unless Lockdown::Permissions.respond_to?(sym)
-      create(:name => convert_reference_name(sym) )
-		end
-
-    #
-    # Use this in your migrations to delete the permission identified by sym.
-    #
-    def delete_record(sym)
-      privi = find_by_sym(sym)
-      privi.destroy unless privi.nil?
-    end
-
-		    
-    def find_by_sym(sym)
-      if ENV['RAILS_ENV'] == "test"
-        new(:name => convert_reference_name(sym))
-      else
-        find_by_name(convert_reference_name(sym))
-      end
-    end
-
-    def all_but_public
-      find(:all).delete_if do |perm| 
-        Lockdown::UserGroups.public_access.include?(convert_reference_name(perm.name))
-      end
-    end
-  end # end class block
-
-
-	def access_rights
-		sym = convert_reference_name(self.name) 
-    Lockdown::Permissions[sym]
-  end
-
 	def all_users
 		User.find_by_sql <<-SQL
 			select users.* 
@@ -63,18 +10,4 @@ class Permission < ActiveRecord::Base
 			and permissions_user_groups.permission_id = #{self.id}
 		SQL
   end
-  protected
-	#
-	# Cannot create a permission record in the db that is not defined
-	# in config/initializers/lock_down_access
-	#
-	# Creating a db record is to simplify the creation of user groups
-	# via management screens.
-	#
-	def ensure_lockdown_permission_exists
-		unless Lockdown::Permissions.respond_to?(convert_reference_name(self.name))
-			raise NameError.new("#{sym} is not defined.")
-		end
-	end
-    
 end

data/rails_generators/lockdown_all/templates/app/models/user.rb

@@ -20,11 +20,10 @@ class User < ActiveRecord::Base
   
 	before_save :prepare_for_save
 
-	after_create :assign_registered_users_user_group
-  
   attr_accessible :login, :password, :password_confirmation
   
-  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
+  # Authenticates a user by their login name and unencrypted password.  
+  # Returns the user or nil.
   def self.authenticate(login, password)
     u = find :first, :conditions => ['login = ?', login] # need to get the salt
     u && u.authenticated?(password) ? u : nil
@@ -35,10 +34,6 @@ class User < ActiveRecord::Base
     Digest::SHA1.hexdigest("--#{salt}--#{password}--")
   end
 
-	def self.all
-		find :all, :include => [:profile, :user_groups] 
-  end
-
   # Encrypts the password with the user salt
   def encrypt(password)
     self.class.encrypt(password, salt)
@@ -48,13 +43,7 @@ class User < ActiveRecord::Base
     crypted_password == encrypt(password)
   end
   
-  def access_rights
-    rvalue = Lockdown::UserGroups[:public_access]
-    self.user_groups.each{|grp| rvalue += grp.access_rights}
-    rvalue
-  end
-
-  def email
+   def email
     self.profile.email
   end
   
@@ -62,35 +51,23 @@ class User < ActiveRecord::Base
     self.profile.first_name + " " + self.profile.last_name
   end
   
-	def administrator?
-		has_user_group? :administrators
-  end
-
-  def has_user_group?(sym)
-    self.user_groups.each do |ug|
-      return true if convert_reference_name(ug.name) == sym
-    end
-    false
-  end
-
   protected
-		def assign_registered_users_user_group
-			self.user_groups << UserGroup.find_by_sym(:registered_users)
-    end 
 
-    def prepare_for_save
-			encrypt_password
-			self.profile.save
-    end
+	def prepare_for_save
+		encrypt_password
+		self.profile.save
+	end
       
-    def encrypt_password
-      return if password.blank?
-      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
-      self.crypted_password = encrypt(password)
-    end
+	def encrypt_password
+		return if password.blank?
+		if new_record?
+			self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") 
+		end
+		self.crypted_password = encrypt(password)
+	end
     
-    def password_required?
-      (crypted_password.blank? || !password.blank?)
-    end
+	def password_required?
+		(crypted_password.blank? || !password.blank?)
+	end
     
 end