lockdown 0.2.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +11 -1
- data/Manifest.txt +3 -3
- data/README.txt +2 -1
- data/app_generators/lockdown/lockdown_generator.rb +1 -1
- data/app_generators/lockdown/templates/init.rb +81 -0
- data/app_generators/lockdown/templates/session.rb +0 -3
- data/bin/lockdown +5 -9
- data/lib/lockdown.rb +11 -61
- data/lib/lockdown/controller.rb +7 -5
- data/lib/lockdown/controller_inspector.rb +6 -8
- data/lib/lockdown/helper.rb +17 -1
- data/lib/lockdown/model.rb +0 -2
- data/lib/lockdown/system.rb +169 -0
- data/lib/lockdown/version.rb +2 -2
- data/rails_generators/lockdown_all/lockdown_all_generator.rb +72 -34
- data/rails_generators/lockdown_all/templates/app/controllers/user_groups_controller.rb +2 -2
- data/rails_generators/lockdown_all/templates/app/controllers/users_controller.rb +2 -2
- data/rails_generators/lockdown_all/templates/app/models/permission.rb +0 -67
- data/rails_generators/lockdown_all/templates/app/models/user.rb +17 -40
- data/rails_generators/lockdown_all/templates/app/models/user_group.rb +0 -166
- data/rails_generators/lockdown_all/templates/db/migrate/create_admin_user_and_user_group.rb +25 -0
- data/rails_generators/lockdown_all/templates/db/migrate/create_profiles.rb +9 -0
- data/website/index.txt +17 -27
- metadata +5 -5
- data/app_generators/lockdown/templates/access.rb +0 -110
- data/rails_generators/lockdown_all/templates/db/migrate/create_base_user_groups.rb +0 -11
- data/website/index.html +0 -302
@@ -0,0 +1,169 @@
|
|
1
|
+
module Lockdown
|
2
|
+
class System
|
3
|
+
class << self
|
4
|
+
include Lockdown::ControllerInspector
|
5
|
+
|
6
|
+
attr_accessor :options #:nodoc:
|
7
|
+
|
8
|
+
attr_accessor :permissions #:nodoc:
|
9
|
+
attr_accessor :user_groups #:nodoc:
|
10
|
+
|
11
|
+
# :public_access allows access to all
|
12
|
+
attr_accessor :public_access #:nodoc:
|
13
|
+
# :protected_access will restrict access to authenticated users.
|
14
|
+
attr_accessor :protected_access #:nodoc:
|
15
|
+
|
16
|
+
# Future functionality:
|
17
|
+
# :private_access will restrict access to model data to their creators.
|
18
|
+
# attr_accessor :private_access #:nodoc:
|
19
|
+
|
20
|
+
def configure(&block)
|
21
|
+
self.set_defaults
|
22
|
+
self.instance_eval(&block)
|
23
|
+
end
|
24
|
+
|
25
|
+
def [](key)
|
26
|
+
(@options||={})[key]
|
27
|
+
end
|
28
|
+
|
29
|
+
def []=(key,val)
|
30
|
+
@options[key] = val
|
31
|
+
end
|
32
|
+
|
33
|
+
def set_permission(name, *method_arrays)
|
34
|
+
@permissions[name] ||= []
|
35
|
+
method_arrays.each{|ary| @permissions[name] += ary}
|
36
|
+
end
|
37
|
+
|
38
|
+
def get_permissions
|
39
|
+
@permissions.keys
|
40
|
+
end
|
41
|
+
|
42
|
+
def set_user_group(name, *perms)
|
43
|
+
@user_groups[name] ||= []
|
44
|
+
perms.each{|perm| @user_groups[name].push(perm)}
|
45
|
+
end
|
46
|
+
|
47
|
+
def get_user_groups
|
48
|
+
@user_groups.keys
|
49
|
+
end
|
50
|
+
|
51
|
+
def set_public_access(*perms)
|
52
|
+
perms.each{|perm| @public_access += @permissions[perm]}
|
53
|
+
end
|
54
|
+
|
55
|
+
def set_protected_access(*perms)
|
56
|
+
perms.each{|perm| @protected_access += @permissions[perm]}
|
57
|
+
end
|
58
|
+
|
59
|
+
def standard_authorized_user_rights
|
60
|
+
Lockdown::System.public_access + Lockdown::System.protected_access
|
61
|
+
end
|
62
|
+
|
63
|
+
#
|
64
|
+
# Create a user group record in the database
|
65
|
+
#
|
66
|
+
def create_user_group(str_sym)
|
67
|
+
return unless @options[:use_db_models]
|
68
|
+
UserGroup.create(:name => string_name(str_sym))
|
69
|
+
end
|
70
|
+
|
71
|
+
def create_administrator_user_group
|
72
|
+
return unless @options[:use_db_models]
|
73
|
+
Lockdown::System.create_user_group administrator_group_symbol
|
74
|
+
end
|
75
|
+
|
76
|
+
#
|
77
|
+
# Delete a user group record from the database
|
78
|
+
#
|
79
|
+
def delete_user_group(str_sym)
|
80
|
+
ug = UserGroup.find_by_name(string_name(str_sym))
|
81
|
+
ug.destroy unless ug.nil?
|
82
|
+
end
|
83
|
+
|
84
|
+
def access_rights_for_user(usr)
|
85
|
+
return unless usr
|
86
|
+
return :all if administrator?(usr)
|
87
|
+
|
88
|
+
rights = standard_authorized_user_rights
|
89
|
+
|
90
|
+
if @options[:use_db_models]
|
91
|
+
usr.user_groups.each do |grp|
|
92
|
+
if @user_groups.has_key? symbol_name(grp.name)
|
93
|
+
@user_groups[symbol_name(grp.name)].each do |perm|
|
94
|
+
rights += @permissions[perm]
|
95
|
+
end
|
96
|
+
else
|
97
|
+
grp.permissions.each do |perm|
|
98
|
+
rights += @permissions[symbol_name(perm.name)]
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
rights
|
104
|
+
end
|
105
|
+
|
106
|
+
#
|
107
|
+
# Use this for the management screen to restrict user group list to the
|
108
|
+
# user. This will prevent a user from creating a user with more power than
|
109
|
+
# him/her self.
|
110
|
+
#
|
111
|
+
#
|
112
|
+
def user_groups_assignable_for_user(usr)
|
113
|
+
return [] if usr.nil?
|
114
|
+
|
115
|
+
if administrator?(usr)
|
116
|
+
UserGroup.find(:all, :order => :name)
|
117
|
+
else
|
118
|
+
UserGroup.find_by_sql <<-SQL
|
119
|
+
select user_groups.* from user_groups, user_groups_users
|
120
|
+
where user_groups.id = user_groups_users.user_group_id
|
121
|
+
and user_groups_users.user_id = #{usr.id}
|
122
|
+
order by user_groups.name
|
123
|
+
SQL
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
def make_user_administrator(usr)
|
128
|
+
usr.user_groups << UserGroup.find_or_create_by_name(administrator_group_string)
|
129
|
+
end
|
130
|
+
|
131
|
+
def administrator?(usr)
|
132
|
+
user_has_user_group?(usr, administrator_group_symbol)
|
133
|
+
end
|
134
|
+
|
135
|
+
def administrator_rights
|
136
|
+
all_controllers
|
137
|
+
end
|
138
|
+
|
139
|
+
protected
|
140
|
+
|
141
|
+
def set_defaults
|
142
|
+
@permissions = {}
|
143
|
+
@user_groups = {}
|
144
|
+
|
145
|
+
@public_access = []
|
146
|
+
@protected_access = []
|
147
|
+
@private_access = []
|
148
|
+
|
149
|
+
@options = {
|
150
|
+
:use_db_models => true,
|
151
|
+
:session_timeout => (60 * 60),
|
152
|
+
:logout_on_access_violation => false,
|
153
|
+
:access_denied_path => "/",
|
154
|
+
:successful_login_path => "/"
|
155
|
+
}
|
156
|
+
end
|
157
|
+
|
158
|
+
private
|
159
|
+
|
160
|
+
def user_has_user_group?(usr, sym)
|
161
|
+
usr.user_groups.each do |ug|
|
162
|
+
return true if convert_reference_name(ug.name) == sym
|
163
|
+
end
|
164
|
+
false
|
165
|
+
end
|
166
|
+
|
167
|
+
end # class block
|
168
|
+
end # System class
|
169
|
+
end # Lockdown
|
data/lib/lockdown/version.rb
CHANGED
@@ -14,25 +14,49 @@ class LockdownAllGenerator < Rails::Generator::Base
|
|
14
14
|
m.directory 'app/controllers'
|
15
15
|
|
16
16
|
#Controllers
|
17
|
-
m.file "app/controllers/permissions_controller.rb",
|
18
|
-
|
19
|
-
|
20
|
-
m.file "app/controllers/
|
17
|
+
m.file "app/controllers/permissions_controller.rb",
|
18
|
+
"app/controllers/permissions_controller.rb"
|
19
|
+
|
20
|
+
m.file "app/controllers/users_controller.rb",
|
21
|
+
"app/controllers/users_controller.rb"
|
22
|
+
|
23
|
+
m.file "app/controllers/user_groups_controller.rb",
|
24
|
+
"app/controllers/user_groups_controller.rb"
|
25
|
+
|
26
|
+
m.file "app/controllers/sessions_controller.rb",
|
27
|
+
"app/controllers/sessions_controller.rb"
|
21
28
|
|
22
29
|
#Models
|
23
|
-
m.file "app/models/permission.rb",
|
24
|
-
|
25
|
-
|
26
|
-
m.file "app/models/
|
30
|
+
m.file "app/models/permission.rb",
|
31
|
+
"app/models/permission.rb"
|
32
|
+
|
33
|
+
m.file "app/models/user.rb",
|
34
|
+
"app/models/user.rb"
|
35
|
+
|
36
|
+
m.file "app/models/user_group.rb",
|
37
|
+
"app/models/user_group.rb"
|
38
|
+
|
39
|
+
m.file "app/models/profile.rb",
|
40
|
+
"app/models/profile.rb"
|
27
41
|
|
28
42
|
|
29
43
|
|
30
44
|
#Migrations
|
31
|
-
m.migration_template "db/migrate/create_profiles.rb", "db/migrate",
|
32
|
-
|
33
|
-
|
34
|
-
m.migration_template "db/migrate/
|
35
|
-
|
45
|
+
m.migration_template "db/migrate/create_profiles.rb", "db/migrate",
|
46
|
+
:migration_file_name => "create_profiles"
|
47
|
+
|
48
|
+
m.migration_template "db/migrate/create_users.rb", "db/migrate",
|
49
|
+
:migration_file_name => "create_users"
|
50
|
+
|
51
|
+
m.migration_template "db/migrate/create_user_groups.rb", "db/migrate",
|
52
|
+
:migration_file_name => "create_user_groups"
|
53
|
+
|
54
|
+
m.migration_template "db/migrate/create_permissions.rb", "db/migrate",
|
55
|
+
:migration_file_name => "create_permissions"
|
56
|
+
|
57
|
+
m.migration_template "db/migrate/create_admin_user_and_user_group.rb",
|
58
|
+
"db/migrate",
|
59
|
+
:migration_file_name => "create_admin_user_and_user_group"
|
36
60
|
|
37
61
|
#Route file (i like having them on individual lines)
|
38
62
|
m.route_resources "permissions"
|
@@ -41,40 +65,54 @@ class LockdownAllGenerator < Rails::Generator::Base
|
|
41
65
|
m.route_resources "sessions"
|
42
66
|
|
43
67
|
#Helpers
|
44
|
-
m.file "app/helpers/permissions_helper.rb",
|
45
|
-
|
46
|
-
|
68
|
+
m.file "app/helpers/permissions_helper.rb",
|
69
|
+
"app/helpers/permissions_helper.rb"
|
70
|
+
|
71
|
+
m.file "app/helpers/users_helper.rb",
|
72
|
+
"app/helpers/users_helper.rb"
|
73
|
+
|
74
|
+
m.file "app/helpers/user_groups_helper.rb",
|
75
|
+
"app/helpers/user_groups_helper.rb"
|
47
76
|
|
48
77
|
#Views
|
49
78
|
copy_views(m, "users")
|
50
|
-
|
79
|
+
|
80
|
+
m.file "app/views/users/_password.html.erb",
|
81
|
+
"app/views/users/_password.html.erb"
|
51
82
|
|
52
83
|
copy_views(m, "user_groups")
|
53
84
|
|
54
|
-
m.file "app/views/permissions/_data.html.erb",
|
55
|
-
|
56
|
-
|
85
|
+
m.file "app/views/permissions/_data.html.erb",
|
86
|
+
"app/views/permissions/_data.html.erb"
|
87
|
+
|
88
|
+
m.file "app/views/permissions/index.html.erb",
|
89
|
+
"app/views/permissions/index.html.erb"
|
90
|
+
|
91
|
+
m.file "app/views/permissions/show.html.erb",
|
92
|
+
"app/views/permissions/show.html.erb"
|
57
93
|
|
58
|
-
m.file "app/views/sessions/new.html.erb",
|
94
|
+
m.file "app/views/sessions/new.html.erb",
|
95
|
+
"app/views/sessions/new.html.erb"
|
59
96
|
end
|
60
97
|
end
|
61
98
|
|
62
99
|
protected
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
100
|
+
|
101
|
+
def banner
|
102
|
+
<<-EOS
|
103
|
+
Installs the lockdown framework to managing users user_groups
|
104
|
+
and viewing permissions. Also includes a login screen.
|
67
105
|
|
68
106
|
USAGE: #{$0} #{spec.name}
|
69
107
|
EOS
|
70
|
-
|
108
|
+
end
|
71
109
|
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
110
|
+
def copy_views(m, vw)
|
111
|
+
m.file "app/views/#{vw}/_data.html.erb", "app/views/#{vw}/_data.html.erb"
|
112
|
+
m.file "app/views/#{vw}/_form.html.erb", "app/views/#{vw}/_form.html.erb"
|
113
|
+
m.file "app/views/#{vw}/index.html.erb", "app/views/#{vw}/index.html.erb"
|
114
|
+
m.file "app/views/#{vw}/show.html.erb", "app/views/#{vw}/show.html.erb"
|
115
|
+
m.file "app/views/#{vw}/edit.html.erb", "app/views/#{vw}/edit.html.erb"
|
116
|
+
m.file "app/views/#{vw}/new.html.erb", "app/views/#{vw}/new.html.erb"
|
117
|
+
end
|
80
118
|
end
|
@@ -27,7 +27,7 @@ class UserGroupsController < ApplicationController
|
|
27
27
|
# GET /user_groups/new.xml
|
28
28
|
def new
|
29
29
|
@user_group = UserGroup.new
|
30
|
-
@all_permissions =
|
30
|
+
@all_permissions = Lockdown::System.get_permissions
|
31
31
|
|
32
32
|
respond_to do |format|
|
33
33
|
format.html # new.html.erb
|
@@ -37,7 +37,7 @@ class UserGroupsController < ApplicationController
|
|
37
37
|
|
38
38
|
# GET /user_groups/1/edit
|
39
39
|
def edit
|
40
|
-
@all_permissions =
|
40
|
+
@all_permissions = Lockdown::System.get_permissions
|
41
41
|
end
|
42
42
|
|
43
43
|
# POST /user_groups
|
@@ -25,7 +25,7 @@ class UsersController < ApplicationController
|
|
25
25
|
def new
|
26
26
|
@user = User.new
|
27
27
|
@profile = Profile.new
|
28
|
-
@user_groups_for_user =
|
28
|
+
@user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
|
29
29
|
respond_to do |format|
|
30
30
|
format.html # new.html.erb
|
31
31
|
format.xml { render :xml => @user }
|
@@ -34,7 +34,7 @@ class UsersController < ApplicationController
|
|
34
34
|
|
35
35
|
# GET /users/1/edit
|
36
36
|
def edit
|
37
|
-
@user_groups_for_user =
|
37
|
+
@user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
|
38
38
|
end
|
39
39
|
|
40
40
|
# POST /users
|
@@ -1,59 +1,6 @@
|
|
1
|
-
#
|
2
|
-
# This is merely an extension of the Lockdown::Permissions module to
|
3
|
-
# allow for database manipulation of Permissions
|
4
|
-
#
|
5
|
-
# This is typically done via management screens.
|
6
|
-
#
|
7
1
|
class Permission < ActiveRecord::Base
|
8
|
-
include Lockdown::Helper
|
9
2
|
has_and_belongs_to_many :user_groups
|
10
3
|
|
11
|
-
before_save :ensure_lockdown_permission_exists
|
12
|
-
|
13
|
-
class << self
|
14
|
-
include Lockdown::Helper
|
15
|
-
#
|
16
|
-
# Use this in your migrations to create a db record for management
|
17
|
-
# functionality.
|
18
|
-
#
|
19
|
-
# Permission must be defined in:
|
20
|
-
# RAILS_ROOT/config/initializers/lockdown/access.rb
|
21
|
-
#
|
22
|
-
def create_record(sym)
|
23
|
-
raise NameError.new("#{sym} is not defined.") unless Lockdown::Permissions.respond_to?(sym)
|
24
|
-
create(:name => convert_reference_name(sym) )
|
25
|
-
end
|
26
|
-
|
27
|
-
#
|
28
|
-
# Use this in your migrations to delete the permission identified by sym.
|
29
|
-
#
|
30
|
-
def delete_record(sym)
|
31
|
-
privi = find_by_sym(sym)
|
32
|
-
privi.destroy unless privi.nil?
|
33
|
-
end
|
34
|
-
|
35
|
-
|
36
|
-
def find_by_sym(sym)
|
37
|
-
if ENV['RAILS_ENV'] == "test"
|
38
|
-
new(:name => convert_reference_name(sym))
|
39
|
-
else
|
40
|
-
find_by_name(convert_reference_name(sym))
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
def all_but_public
|
45
|
-
find(:all).delete_if do |perm|
|
46
|
-
Lockdown::UserGroups.public_access.include?(convert_reference_name(perm.name))
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end # end class block
|
50
|
-
|
51
|
-
|
52
|
-
def access_rights
|
53
|
-
sym = convert_reference_name(self.name)
|
54
|
-
Lockdown::Permissions[sym]
|
55
|
-
end
|
56
|
-
|
57
4
|
def all_users
|
58
5
|
User.find_by_sql <<-SQL
|
59
6
|
select users.*
|
@@ -63,18 +10,4 @@ class Permission < ActiveRecord::Base
|
|
63
10
|
and permissions_user_groups.permission_id = #{self.id}
|
64
11
|
SQL
|
65
12
|
end
|
66
|
-
protected
|
67
|
-
#
|
68
|
-
# Cannot create a permission record in the db that is not defined
|
69
|
-
# in config/initializers/lock_down_access
|
70
|
-
#
|
71
|
-
# Creating a db record is to simplify the creation of user groups
|
72
|
-
# via management screens.
|
73
|
-
#
|
74
|
-
def ensure_lockdown_permission_exists
|
75
|
-
unless Lockdown::Permissions.respond_to?(convert_reference_name(self.name))
|
76
|
-
raise NameError.new("#{sym} is not defined.")
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
13
|
end
|
@@ -20,11 +20,10 @@ class User < ActiveRecord::Base
|
|
20
20
|
|
21
21
|
before_save :prepare_for_save
|
22
22
|
|
23
|
-
after_create :assign_registered_users_user_group
|
24
|
-
|
25
23
|
attr_accessible :login, :password, :password_confirmation
|
26
24
|
|
27
|
-
# Authenticates a user by their login name and unencrypted password.
|
25
|
+
# Authenticates a user by their login name and unencrypted password.
|
26
|
+
# Returns the user or nil.
|
28
27
|
def self.authenticate(login, password)
|
29
28
|
u = find :first, :conditions => ['login = ?', login] # need to get the salt
|
30
29
|
u && u.authenticated?(password) ? u : nil
|
@@ -35,10 +34,6 @@ class User < ActiveRecord::Base
|
|
35
34
|
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
|
36
35
|
end
|
37
36
|
|
38
|
-
def self.all
|
39
|
-
find :all, :include => [:profile, :user_groups]
|
40
|
-
end
|
41
|
-
|
42
37
|
# Encrypts the password with the user salt
|
43
38
|
def encrypt(password)
|
44
39
|
self.class.encrypt(password, salt)
|
@@ -48,13 +43,7 @@ class User < ActiveRecord::Base
|
|
48
43
|
crypted_password == encrypt(password)
|
49
44
|
end
|
50
45
|
|
51
|
-
|
52
|
-
rvalue = Lockdown::UserGroups[:public_access]
|
53
|
-
self.user_groups.each{|grp| rvalue += grp.access_rights}
|
54
|
-
rvalue
|
55
|
-
end
|
56
|
-
|
57
|
-
def email
|
46
|
+
def email
|
58
47
|
self.profile.email
|
59
48
|
end
|
60
49
|
|
@@ -62,35 +51,23 @@ class User < ActiveRecord::Base
|
|
62
51
|
self.profile.first_name + " " + self.profile.last_name
|
63
52
|
end
|
64
53
|
|
65
|
-
def administrator?
|
66
|
-
has_user_group? :administrators
|
67
|
-
end
|
68
|
-
|
69
|
-
def has_user_group?(sym)
|
70
|
-
self.user_groups.each do |ug|
|
71
|
-
return true if convert_reference_name(ug.name) == sym
|
72
|
-
end
|
73
|
-
false
|
74
|
-
end
|
75
|
-
|
76
54
|
protected
|
77
|
-
def assign_registered_users_user_group
|
78
|
-
self.user_groups << UserGroup.find_by_sym(:registered_users)
|
79
|
-
end
|
80
55
|
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
56
|
+
def prepare_for_save
|
57
|
+
encrypt_password
|
58
|
+
self.profile.save
|
59
|
+
end
|
85
60
|
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
61
|
+
def encrypt_password
|
62
|
+
return if password.blank?
|
63
|
+
if new_record?
|
64
|
+
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--")
|
65
|
+
end
|
66
|
+
self.crypted_password = encrypt(password)
|
67
|
+
end
|
91
68
|
|
92
|
-
|
93
|
-
|
94
|
-
|
69
|
+
def password_required?
|
70
|
+
(crypted_password.blank? || !password.blank?)
|
71
|
+
end
|
95
72
|
|
96
73
|
end
|