lockdown 0.2.0 → 0.3.1

data/rails_generators/lockdown_all/templates/app/models/user_group.rb

@@ -1,157 +1,9 @@
 class UserGroup < ActiveRecord::Base
-  include Lockdown::Helper
   has_and_belongs_to_many :permissions
   has_and_belongs_to_many :users
 
   validates_presence_of :name
-	
-	before_update :protect_private
-	before_destroy :protect_private_and_protected
   
-  class << self
-    include Lockdown::Helper
-    #
-    # Pull from the Lockdown::UserGroups module if defined.
-    # Otherwise. load from db.
-    #
-    def [](sym)
-	    return Lockdown::UserGroups[sym] if Lockdown::UserGroups.respond_to? sym
-      ug = UserGroup.find_by_name(convert_reference_name(sym))
-			ug.access_rights
-    end
-    
-    def find_by_sym(sym)
-      if ENV['RAILS_ENV'] == "test"
-        new(:name => convert_reference_name(sym))
-      else
-        find_by_name(convert_reference_name(sym))
-      end
-    end
-
-		def find_by_name(str)
-			find :first, :conditions => ["name = ?",str] 
-    end
-    
-		#
-    # Use this in your migrations to create a db record for management
-    # functionality.  
-    #
-    def create_record(sym)
-      raise NameError.new("#{sym} is not defined.") unless Lockdown::UserGroups.respond_to?(sym)
-      ug = create(:name => convert_reference_name(sym))
-      unless Lockdown::UserGroups.private_records.include?(sym)
-        Lockdown::UserGroups.permissions(sym).each do |perm|
-          ug.permissions << Permission.find_or_create_by_name(convert_reference_name(perm))
-        end
-      end
-    end
-
-    #
-    # Use this in your migrations to add permissions to a user group 
-    # identified by sym.
-    #
-    # privies are param(s) of symbols
-    # e.g. add_permissions(:public_access, :view_catalog)
-    #
-    def add_permissions(sym, *privies)
-			ug = find_by_sym(sym)
-			raise NameError.new("#{sym} is not defined.") if ug.nil?
-			privies.each do |priv|
-				ug.permissions << Permission.find_or_create_by_name(convert_reference_name(priv))
-			end
-    end
-    
-    #
-    # Use this in your migrations to remove permissions from a user group 
-    # identified by sym.
-    #
-    # privies are param(s) of symbols
-    # e.g. add_permissions(:catalog_management, :manage_categories,
-    #                     :manage_products)
-    #
-    def remove_permissions(sym, *privies)
-			ug = find_by_sym(sym)
-			raise NameError.new("#{sym} is not defined.") if ug.nil?
-			privies.each do |priv|
-				ug.permissions.delete Permission.find_by_name(convert_reference_name(priv))
-			end
-    end
-    
-    #
-    # Use this in your migrations to delete the user group identified by sym.
-    #
-    def delete_record(sym)
-      ug = find_by_sym(sym)
-      ug.destroy unless ug.nil?
-    end
-    
-		#
-		# Use this for the management screen to restrict user group list to the
-    # user.  This will prevent a user from creating a user with more power than
-    # him/herself.
-    # 
-    # Public Access and Registered Users groups are automatically assigned, 
-    # so having it on the management screen is just confusing and will lead
-    # to errors by mistakingly removing them.
-		#
-		def find_assignable_for_user(usr)
-      return [] if usr.nil?
-
-			if usr.administrator?
-				find :all, 
-							:conditions => "name != 'Public Access' and name != 'Registered Users'", 
-							:order => :name
-			else
-				find_by_sql <<-SQL
-					select user_groups.* from user_groups, user_groups_users
-					where user_groups.id = user_groups_users.user_group_id
-						and user_groups.name != 'Public Access'
-						and user_groups.name != 'Registered Users'
-						and user_groups_users.user_id = #{usr.id}	 
-					order by user_groups.name
-				SQL
-      end
-    end
-
-		#
-		# Use this for the content associations to restrict user group list for
-    # content association to the current user. 
-    # 
-    # For example, in a content management system, I may be able creat pages
-    # but want to restrict the users who can view the page.  This will return
-    # a list of user groups I can grant access to this page.
-    # 
-		#
-		def find_content_assignable_for_user(usr)
-      return [] if usr.nil?
-
-			if usr.administrator?
-				find :all
-			else
-				find_by_sql <<-SQL
-					select user_groups.* from user_groups, user_groups_users
-					where user_groups.id = user_groups_users.user_group_id
-						and user_groups_users.user_id = #{usr.id}	 
-					order by user_groups.name
-				SQL
-      end
-    end
-  end # end class block
-  
-  #
-  # Return an array of the permissions for the UserGroup object
-  #
-  def all_permissions
-    if permissions.empty?
-      sym = convert_reference_name(self.name)
-      Lockdown::UserGroups.static_permissions(sym)
-    else
-			syms_from_names(permissions)
-    end
-  rescue Exception => e
-    []
-  end
-
 	def all_users
 		User.find_by_sql <<-SQL
 			select users.* 
@@ -160,22 +12,4 @@ class UserGroup < ActiveRecord::Base
 			and user_groups_users.user_group_id = #{self.id}
 			SQL
 	end
-
-	def access_rights
-		Lockdown::Permissions.access_rights_for  syms_from_names(self.permissions)
-  end
-
-	def private_record?
-		Lockdown::UserGroups.respond_to? convert_reference_name(self.name) 
-  end
-
-	def system_assigned?
-		self.private_record?
-  end
-
-	def protect_private
-		if self.private_record?
-			raise SecurityError, "Trying to update a private UserGroup"
-		end
-  end
 end

data/rails_generators/lockdown_all/templates/db/migrate/create_admin_user_and_user_group.rb

@@ -0,0 +1,25 @@
+class CreateAdminUserAndUserGroup < ActiveRecord::Migration
+  def self.up
+		#
+		# Creating an administrators user group database record
+    # to allow for the creation of other administrators
+		#
+		Lockdown::System.create_administrator_user_group
+
+		# TODO: Change the password
+    u = User.new(	:password => "password", 
+									:password_confirmation => "password", 
+									:login => "admin")
+
+    u.profile = Profile.create(:first_name => "Administrator",
+																:last_name => "User",
+																:email => "administrator@a.com")
+    u.save
+
+		Lockdown::System.make_user_administrator(u)
+  end
+	 
+  def self.down
+    #Nothing to see here...
+	end
+end

data/rails_generators/lockdown_all/templates/db/migrate/create_profiles.rb

@@ -9,6 +9,15 @@ class CreateProfiles < ActiveRecord::Migration
 
       t.timestamps
     end
+
+		# The System profile is used as the updated_by reference when records 
+    # are created programatically and the responsible user cannot be determined 
+    # or is simply not available.
+		# TODO: Change email address
+		Profile.create(:first_name => "System",
+										:last_name => "User",
+										:email => "system@a.com")
+
   end
 
   def self.down

data/website/index.txt

@@ -6,7 +6,7 @@ h3. Lockdown has not been officially released!  This page is a Work-In-Progress.
 
 h2. What
 
-Lockdown is a authentication/authorization system for RubyOnRails and Merb designed for simplicity and extensibility.  All access rules are in (initially) defined in lib/lockdown/access.rb.  With the included ORM support (ActiveRecord or DataMapper) and management screens you can add user defined rules to the system.
+Lockdown is a authentication/authorization system for RubyOnRails and Merb designed for simplicity and extensibility.  All access rules are defined in lib/lockdown/init.rb.  With the included ORM support (ActiveRecord or DataMapper) and management screens you can add user defined rules to the system.
 
 If there is a "spec" directory, a test helper file will be included to provied some basic functionality for use with RSpec. This will show you how to create mock user objects and sign in as an adminstrator.
 
@@ -24,7 +24,14 @@ $ cd <your_project_directory>
 $ lockdown .
 </pre>
 
-This will create a "lockdown" directory in the lib dir add two files: access.rb and session.rb.  Modify access.rb to define the rules that apply to your system.
+This will create a "lockdown" directory in the lib dir add two files: init.rb and session.rb.  Modify init.rb to set defaults and define the rules that apply to your system.
+
+If you want the full 'subsystem' (models, views, controllers, helpers):
+
+<pre>
+$ cd <your_project_directory>
+$ ./script/generate lockdown_all
+</pre>
 
 I recommend reading this page to get a feel for Lockdown's functionality.  
 
@@ -43,7 +50,7 @@ Lockdown stores an array of access rights in the session.  For example, if you h
 
 The above list will be stored in the session as an array and each request is tested against this list.  So this means, you <strong>should not use client side session storage</strong>.  If you can, I recommend using memcache, but a database session store will suffice.
 
-To define access rights you need to modify lib/lockdown/access.rb.  This is the default access.rb included with Lockdown:
+To define access rights you need to modify lib/lockdown/init.rb.  This is the default init.rb included with Lockdown:
 <pre syntax="ruby">
   require "lockdown"
 
@@ -143,8 +150,11 @@ To define access rights you need to modify lib/lockdown/access.rb.  This is the
         #
         # All newly created users are assigned to this User Group by default
         #
+        #  Sample registered_users permission:
+        # [:my_account]
+        #
         def registered_users
-          #[:my_account]
+          []
         end
 
         #
@@ -156,13 +166,13 @@ To define access rights you need to modify lib/lockdown/access.rb.  This is the
 </pre>
 
 
+
 h2. Some History
 
 Lockdown was initially designed as a authentication/authorization system to be configured by system administrators. This means it was database driven and had an interface to manage the access rights.  I didn't like the static methodology of using code scattered amongst the controllers to define my access rights for the system.  I also didn't like the fact that everything was accessible unless you restricted access.  So, I designed Lockdown to restrict access to all resources unless rights have been granted. 
 
 The system was nice and worked well until I had a project that required RSpec tests.  I don't have anything against testing frameworks (now that I've see the light) but what bothered me most what the fact that I would have to duplicate the information I already defined in my migrations as mock data.  I simply refused to do that extra work.  So, a serious refactoring of Lockdown was required.
 
-<blockquote>This is where the access.rb file was born. This file contains the rules that grant/deny access to your system.  More on this later.</blockquote>
 
 After the RSpec project was completed, the refactoring continued.  This time the focus was on releasing the code to the masses.  I like this system a lot and think both the system itself and the community could benefit from releasing this as an open source project.  
 
@@ -173,30 +183,10 @@ There is code in place for using Lockdown with Rails, after all, that's where Lo
 Writing code for public release is difficult and much different from architecting/coding for a closed source project.  A lot of things you could get by with in a proprietary application won't be well received by the general public.  In addition, if you don't make things easy, the adoption rate will probably be non-existent.
 
 
-h2. Features
-
-<strong>I have these components (for the most part)...figuring out how to package them.  The following is just an idea right now... </strong>
-<br/>
-<br/>
-The goal of Lockdown is to give you only what you want from the system.  
-
-The initial install is all that is required to lock down your system.  However, you'll probably want the authorization functionality.  You can get this by: 
-
-<pre syntax="ruby">rake lockdown:install:authorization</pre>
-
-If you want to install ORM support:
-
-<pre syntax="ruby">rake lockdown:install:orm</pre>
-
-If you want to install management screens (ORM support included):
-<pre syntax="ruby">rake lockdown:install:management</pre>
-
-If you want to install authorization + management screens:
-<pre syntax="ruby">rake lockdown:install:all</pre>
-
-
 h2. Forum
 
+If you are having a problem understanding how to use Lockdown, please post your question on the lockdown group.  If it's documentation related, I will keep this page updated to help everyone. 
+
 "http://groups.google.com/group/stonean_lockdown?hl=en":http://groups.google.com/group/stonean_lockdown?hl=en
 
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: lockdown
 version: !ruby/object:Gem::Version 
-  version: 0.2.0
+  version: 0.3.1
 platform: ruby
 authors: 
 - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-04-25 00:00:00 -04:00
+date: 2008-04-30 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -46,7 +46,7 @@ files:
 - app_generators/lockdown/USAGE
 - app_generators/lockdown/lockdown_generator.rb
 - app_generators/lockdown/lockdown_generator.rb.orig
-- app_generators/lockdown/templates/access.rb
+- app_generators/lockdown/templates/init.rb
 - app_generators/lockdown/templates/session.rb
 - bin/lockdown
 - config/hoe.rb
@@ -56,6 +56,7 @@ files:
 - lib/lockdown/controller_inspector.rb
 - lib/lockdown/helper.rb
 - lib/lockdown/model.rb
+- lib/lockdown/system.rb
 - lib/lockdown/version.rb
 - lib/lockdown/view.rb
 - rails_generators/lockdown_all/USAGE
@@ -88,7 +89,7 @@ files:
 - rails_generators/lockdown_all/templates/app/views/users/index.html.erb
 - rails_generators/lockdown_all/templates/app/views/users/new.html.erb
 - rails_generators/lockdown_all/templates/app/views/users/show.html.erb
-- rails_generators/lockdown_all/templates/db/migrate/create_base_user_groups.rb
+- rails_generators/lockdown_all/templates/db/migrate/create_admin_user_and_user_group.rb
 - rails_generators/lockdown_all/templates/db/migrate/create_permissions.rb
 - rails_generators/lockdown_all/templates/db/migrate/create_profiles.rb
 - rails_generators/lockdown_all/templates/db/migrate/create_user_groups.rb
@@ -107,7 +108,6 @@ files:
 - test/test_lockdown_all_generator.rb
 - test/test_lockdown_generator.rb
 - test/test_lockdown_models_generator.rb
-- website/index.html
 - website/index.txt
 - website/javascripts/rounded_corners_lite.inc.js
 - website/stylesheets/screen.css

data/app_generators/lockdown/templates/access.rb

@@ -1,110 +0,0 @@
-require "lockdown"
-
-module Lockdown
-  #
-  #
-  # Permissions are used to group access rights into logical components.
-  # Each method defined in the Permissions module represents an array
-  # of methods from a controller (or multiple controllers.)
-  # 
-  # Controller methods available are: 
-  #
-  #   # Returns all methods from all controllers
-  #   all_controllers
-  #  
-  #   # Returns all methods from all controllers listed
-  #   all_methods :controller1, controller2, ...
-  #  
-  #   # For a single controller, returns only methods listed
-  #   only_methods :controller1, :method1, :method2, ...
-  #  
-  #   # For a single controller, returns all methods except the methods listed
-  #   all_except_methods :controller1, :method1, :method2, ...
-  #
-  #   They all return an array of controller/action.  For example, if you had a
-  #   standard REST controller called products this would be the result:
-  #
-  #
-  #     all_methods :products  => [ "products/index , "products/show",
-  #                                 "products/new", "products/edit",
-  #                                 "products/create", "products/update",
-  #                                 "products/destroy"]
-  #
-  module Permissions
-    class << self      
-            
-      def sessions_management
-       # all_methods :sessions
-      end
-      
-    end # end class block
-  end # end Permissions module
-  
-  #
-  # UserGroups are used to group Permissions together to define role type
-  # functionality. Users may belong to multiple groups.
-  # 
-  module UserGroups
-    class << self
-      #
-      # This method defines which UserGroups cannot be managed
-      # via the management screens. 
-      # 
-      # Users can still be assigned to these groups.
-      #
-      def private_records
-        [:administrators]
-      end
-      #
-      # This method defines which UserGroups have limited access
-      # via the management screens. Deletion is not allowed.
-      # 
-      # Users can still be assigned to these groups.
-      #
-      def protected_records
-        [:public_access, :registered_users]
-      end
-      
-      # ** The administrator method is "special", please don't rename.
-      #     If you remove/rename, etc... YOU WILL BREAK STUFF
-      #
-      # Standard administrator user group.
-      # Please don't alter without careful consideration.
-      #
-      def administrators
-        [:all]
-      end
-      
-      # ** The public_access method is "special", please don't rename.
-      #     If you remove/rename, etc... YOU WILL BREAK STUFF
-      #
-      # Standard public_access user group.  
-      #
-      # Feel free to add Permissions to the array without issue.
-      #
-      # **Notice:  All permissions added to this public_access group will not be
-      #             restricted to logged in users.
-      #             So be careful what you add here!
-      #
-      def public_access
-        [:sessions_management] 
-      end
-      
-      # ** The registered_users method is "special", please don't rename.
-      #     Not as special as the others, but still...
-      #
-      # All newly created users are assigned to this User Group by default
-      #
-      # Sample registered user permission:
-      # [:my_account]
-      def registered_users
-        []
-      end
-
-      #
-      # Define your own user groups below
-      #
-      
-    end # end class block
-  end # end UserGroups module
-end # end Lockdown module