lockdown 0.2.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +11 -1
- data/Manifest.txt +3 -3
- data/README.txt +2 -1
- data/app_generators/lockdown/lockdown_generator.rb +1 -1
- data/app_generators/lockdown/templates/init.rb +81 -0
- data/app_generators/lockdown/templates/session.rb +0 -3
- data/bin/lockdown +5 -9
- data/lib/lockdown.rb +11 -61
- data/lib/lockdown/controller.rb +7 -5
- data/lib/lockdown/controller_inspector.rb +6 -8
- data/lib/lockdown/helper.rb +17 -1
- data/lib/lockdown/model.rb +0 -2
- data/lib/lockdown/system.rb +169 -0
- data/lib/lockdown/version.rb +2 -2
- data/rails_generators/lockdown_all/lockdown_all_generator.rb +72 -34
- data/rails_generators/lockdown_all/templates/app/controllers/user_groups_controller.rb +2 -2
- data/rails_generators/lockdown_all/templates/app/controllers/users_controller.rb +2 -2
- data/rails_generators/lockdown_all/templates/app/models/permission.rb +0 -67
- data/rails_generators/lockdown_all/templates/app/models/user.rb +17 -40
- data/rails_generators/lockdown_all/templates/app/models/user_group.rb +0 -166
- data/rails_generators/lockdown_all/templates/db/migrate/create_admin_user_and_user_group.rb +25 -0
- data/rails_generators/lockdown_all/templates/db/migrate/create_profiles.rb +9 -0
- data/website/index.txt +17 -27
- metadata +5 -5
- data/app_generators/lockdown/templates/access.rb +0 -110
- data/rails_generators/lockdown_all/templates/db/migrate/create_base_user_groups.rb +0 -11
- data/website/index.html +0 -302
data/website/index.html
DELETED
@@ -1,302 +0,0 @@
|
|
1
|
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
2
|
-
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
3
|
-
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
4
|
-
<head>
|
5
|
-
<link rel="stylesheet" href="stylesheets/screen.css" type="text/css" media="screen" />
|
6
|
-
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
7
|
-
<title>
|
8
|
-
lockdown
|
9
|
-
</title>
|
10
|
-
<script src="javascripts/rounded_corners_lite.inc.js" type="text/javascript"></script>
|
11
|
-
<style>
|
12
|
-
|
13
|
-
</style>
|
14
|
-
<script type="text/javascript">
|
15
|
-
window.onload = function() {
|
16
|
-
settings = {
|
17
|
-
tl: { radius: 10 },
|
18
|
-
tr: { radius: 10 },
|
19
|
-
bl: { radius: 10 },
|
20
|
-
br: { radius: 10 },
|
21
|
-
antiAlias: true,
|
22
|
-
autoPad: true,
|
23
|
-
validTags: ["div"]
|
24
|
-
}
|
25
|
-
var versionBox = new curvyCorners(settings, document.getElementById("version"));
|
26
|
-
versionBox.applyCornersToAll();
|
27
|
-
}
|
28
|
-
</script>
|
29
|
-
</head>
|
30
|
-
<body>
|
31
|
-
<div id="main">
|
32
|
-
|
33
|
-
<h1>lockdown</h1>
|
34
|
-
<div id="version" class="clickable" onclick='document.location = "http://rubyforge.org/projects/lockdown"; return false'>
|
35
|
-
<p>Get Version</p>
|
36
|
-
<a href="http://rubyforge.org/projects/lockdown" class="numbers">0.2.0</a>
|
37
|
-
</div>
|
38
|
-
<h1>→ ‘lockdown’</h1>
|
39
|
-
|
40
|
-
|
41
|
-
<h3>Lockdown has not been officially released! This page is a Work-In-Progress. The first version will be released by May 1st.</h3>
|
42
|
-
|
43
|
-
|
44
|
-
<h2>What</h2>
|
45
|
-
|
46
|
-
|
47
|
-
<p>Lockdown is a authentication/authorization system for RubyOnRails and Merb designed for simplicity and extensibility. All access rules are in (initially) defined in lib/lockdown/access.rb. With the included <span class="caps">ORM</span> support (ActiveRecord or DataMapper) and management screens you can add user defined rules to the system.</p>
|
48
|
-
|
49
|
-
|
50
|
-
<p>If there is a “spec” directory, a test helper file will be included to provied some basic functionality for use with RSpec. This will show you how to create mock user objects and sign in as an adminstrator.</p>
|
51
|
-
|
52
|
-
|
53
|
-
<p>Also included is functionality to auto-populate created_by and updated_by fields.</p>
|
54
|
-
|
55
|
-
|
56
|
-
<p>Some model level access right functionality will also be added in the near future.</p>
|
57
|
-
|
58
|
-
|
59
|
-
<h2>Installing</h2>
|
60
|
-
|
61
|
-
|
62
|
-
<p>For the people who don’t care to know the details and just want to get the system installed:</p>
|
63
|
-
|
64
|
-
|
65
|
-
<pre>
|
66
|
-
$ sudo gem install lockdown
|
67
|
-
$ cd <your_project_directory>
|
68
|
-
$ lockdown .
|
69
|
-
</pre>
|
70
|
-
|
71
|
-
<p>This will create a “lockdown” directory in the lib dir add two files: access.rb and session.rb. Modify access.rb to define the rules that apply to your system.</p>
|
72
|
-
|
73
|
-
|
74
|
-
<p>I recommend reading this page to get a feel for Lockdown’s functionality.</p>
|
75
|
-
|
76
|
-
|
77
|
-
<h2>How it works</h2>
|
78
|
-
|
79
|
-
|
80
|
-
Lockdown stores an array of access rights in the session. For example, if you have a standard <span class="caps">REST</span> users controller, the access rights would be:
|
81
|
-
<pre>
|
82
|
-
users/index
|
83
|
-
users/show
|
84
|
-
users/edit
|
85
|
-
users/update
|
86
|
-
users/new
|
87
|
-
users/create
|
88
|
-
users/destroy (delete for Merb)
|
89
|
-
</pre>
|
90
|
-
|
91
|
-
<p>The above list will be stored in the session as an array and each request is tested against this list. So this means, you <strong>should not use client side session storage</strong>. If you can, I recommend using memcache, but a database session store will suffice.</p>
|
92
|
-
|
93
|
-
|
94
|
-
<p>To define access rights you need to modify lib/lockdown/access.rb. This is the default access.rb included with Lockdown:
|
95
|
-
<pre class='syntax'>
|
96
|
-
<span class="ident">require</span> <span class="punct">"</span><span class="string">lockdown</span><span class="punct">"</span>
|
97
|
-
|
98
|
-
<span class="keyword">module </span><span class="module">Lockdown</span>
|
99
|
-
<span class="comment">#</span>
|
100
|
-
<span class="comment">#</span>
|
101
|
-
<span class="comment"># Permissions are used to group access rights into logical components.</span>
|
102
|
-
<span class="comment"># Each method defined in the Permissions module represents an array</span>
|
103
|
-
<span class="comment"># of methods from a controller (or multiple controllers.)</span>
|
104
|
-
<span class="comment"># </span>
|
105
|
-
<span class="comment"># Controller methods available are: </span>
|
106
|
-
<span class="comment">#</span>
|
107
|
-
<span class="comment"># # Returns all methods from all controllers</span>
|
108
|
-
<span class="comment"># all_controllers</span>
|
109
|
-
<span class="comment"># </span>
|
110
|
-
<span class="comment"># # Returns all methods from all controllers listed</span>
|
111
|
-
<span class="comment"># all_methods :controller1, controller2, ...</span>
|
112
|
-
<span class="comment"># </span>
|
113
|
-
<span class="comment"># # For a single controller, returns only methods listed</span>
|
114
|
-
<span class="comment"># only_methods :controller1, :method1, :method2, ...</span>
|
115
|
-
<span class="comment"># </span>
|
116
|
-
<span class="comment"># # For a single controller, returns all methods except the methods listed</span>
|
117
|
-
<span class="comment"># all_except_methods :controller1, :method1, :method2, ...</span>
|
118
|
-
<span class="comment">#</span>
|
119
|
-
<span class="comment"># They all return an array of controller/action. For example, if you had a</span>
|
120
|
-
<span class="comment"># standard REST controller called products this would be the result:</span>
|
121
|
-
<span class="comment">#</span>
|
122
|
-
<span class="comment">#</span>
|
123
|
-
<span class="comment"># all_methods :products => [ "products/index , "products/show",</span>
|
124
|
-
<span class="comment"># "products/new", "products/edit",</span>
|
125
|
-
<span class="comment"># "products/create", "products/update",</span>
|
126
|
-
<span class="comment"># "products/destroy"]</span>
|
127
|
-
<span class="comment">#</span>
|
128
|
-
<span class="keyword">module </span><span class="module">Permissions</span>
|
129
|
-
<span class="keyword">class </span><span class="punct"><<</span> <span class="constant">self</span>
|
130
|
-
|
131
|
-
<span class="keyword">def </span><span class="method">sessions_management</span>
|
132
|
-
<span class="comment"># all_methods :sessions</span>
|
133
|
-
<span class="keyword">end</span>
|
134
|
-
|
135
|
-
<span class="keyword">end</span> <span class="comment"># end class block</span>
|
136
|
-
<span class="keyword">end</span> <span class="comment"># end Permissions module</span>
|
137
|
-
|
138
|
-
<span class="comment">#</span>
|
139
|
-
<span class="comment"># UserGroups are used to group Permissions together to define role type</span>
|
140
|
-
<span class="comment"># functionality. Users may belong to multiple groups.</span>
|
141
|
-
<span class="comment"># </span>
|
142
|
-
<span class="keyword">module </span><span class="module">UserGroups</span>
|
143
|
-
<span class="keyword">class </span><span class="punct"><<</span> <span class="constant">self</span>
|
144
|
-
|
145
|
-
<span class="comment">#</span>
|
146
|
-
<span class="comment"># This method defines which UserGroups cannot be managed</span>
|
147
|
-
<span class="comment"># via the management screens. </span>
|
148
|
-
<span class="comment"># </span>
|
149
|
-
<span class="comment"># Users can still be assigned to these groups.</span>
|
150
|
-
<span class="comment">#</span>
|
151
|
-
<span class="keyword">def </span><span class="method">private_records</span>
|
152
|
-
<span class="punct">[</span><span class="symbol">:administrators</span><span class="punct">]</span>
|
153
|
-
<span class="keyword">end</span>
|
154
|
-
<span class="comment">#</span>
|
155
|
-
<span class="comment"># This method defines which UserGroups have limited access</span>
|
156
|
-
<span class="comment"># via the management screens. Deletion is not allowed.</span>
|
157
|
-
<span class="comment"># </span>
|
158
|
-
<span class="comment"># Users can still be assigned to these groups.</span>
|
159
|
-
<span class="comment">#</span>
|
160
|
-
<span class="keyword">def </span><span class="method">protected_records</span>
|
161
|
-
<span class="punct">[</span><span class="symbol">:public_access</span><span class="punct">,</span> <span class="symbol">:registered_users</span><span class="punct">]</span>
|
162
|
-
<span class="keyword">end</span>
|
163
|
-
|
164
|
-
<span class="comment"># ** The administrator method is "special", please don't rename.</span>
|
165
|
-
<span class="comment"># If you remove/rename, etc... YOU WILL BREAK STUFF</span>
|
166
|
-
<span class="comment">#</span>
|
167
|
-
<span class="comment"># Standard administrator user group.</span>
|
168
|
-
<span class="comment"># Please don't alter without careful consideration.</span>
|
169
|
-
<span class="comment">#</span>
|
170
|
-
<span class="keyword">def </span><span class="method">administrators</span>
|
171
|
-
<span class="punct">[</span><span class="symbol">:all</span><span class="punct">]</span>
|
172
|
-
<span class="keyword">end</span>
|
173
|
-
|
174
|
-
<span class="comment"># ** The public_access method is "special", please don't rename.</span>
|
175
|
-
<span class="comment"># If you remove/rename, etc... YOU WILL BREAK STUFF</span>
|
176
|
-
<span class="comment">#</span>
|
177
|
-
<span class="comment"># Standard public_access user group. </span>
|
178
|
-
<span class="comment">#</span>
|
179
|
-
<span class="comment"># Feel free to add Permissions to the array without issue.</span>
|
180
|
-
<span class="comment">#</span>
|
181
|
-
<span class="comment"># **Notice: All permissions added to this public_access group will not be</span>
|
182
|
-
<span class="comment"># restricted to logged in users.</span>
|
183
|
-
<span class="comment"># So be careful what you add here!</span>
|
184
|
-
<span class="comment">#</span>
|
185
|
-
<span class="keyword">def </span><span class="method">public_access</span>
|
186
|
-
<span class="punct">[</span><span class="symbol">:sessions_management</span><span class="punct">]</span>
|
187
|
-
<span class="keyword">end</span>
|
188
|
-
|
189
|
-
<span class="comment"># ** The registered_users method is "special", please don't rename.</span>
|
190
|
-
<span class="comment"># Not as special as the others, but still...</span>
|
191
|
-
<span class="comment">#</span>
|
192
|
-
<span class="comment"># All newly created users are assigned to this User Group by default</span>
|
193
|
-
<span class="comment">#</span>
|
194
|
-
<span class="keyword">def </span><span class="method">registered_users</span>
|
195
|
-
<span class="comment">#[:my_account]</span>
|
196
|
-
<span class="keyword">end</span>
|
197
|
-
|
198
|
-
<span class="comment">#</span>
|
199
|
-
<span class="comment"># Define your own user groups below</span>
|
200
|
-
<span class="comment">#</span>
|
201
|
-
<span class="keyword">end</span> <span class="comment"># end class block</span>
|
202
|
-
<span class="keyword">end</span> <span class="comment"># end UserGroups module</span>
|
203
|
-
<span class="keyword">end</span> <span class="comment"># end Lockdown module</span>
|
204
|
-
</pre></p>
|
205
|
-
|
206
|
-
|
207
|
-
<h2>Some History</h2>
|
208
|
-
|
209
|
-
|
210
|
-
<p>Lockdown was initially designed as a authentication/authorization system to be configured by system administrators. This means it was database driven and had an interface to manage the access rights. I didn’t like the static methodology of using code scattered amongst the controllers to define my access rights for the system. I also didn’t like the fact that everything was accessible unless you restricted access. So, I designed Lockdown to restrict access to all resources unless rights have been granted.</p>
|
211
|
-
|
212
|
-
|
213
|
-
<p>The system was nice and worked well until I had a project that required RSpec tests. I don’t have anything against testing frameworks (now that I’ve see the light) but what bothered me most what the fact that I would have to duplicate the information I already defined in my migrations as mock data. I simply refused to do that extra work. So, a serious refactoring of Lockdown was required.</p>
|
214
|
-
|
215
|
-
|
216
|
-
<blockquote>This is where the access.rb file was born. This file contains the rules that grant/deny access to your system. More on this later.</blockquote>
|
217
|
-
|
218
|
-
<p>After the RSpec project was completed, the refactoring continued. This time the focus was on releasing the code to the masses. I like this system a lot and think both the system itself and the community could benefit from releasing this as an open source project.</p>
|
219
|
-
|
220
|
-
|
221
|
-
<p>In the middle of my refactoring for a public release, I made the decision to use Merb (when the choice was mine). This meant I needed to modify Lockdown for use with Merb. So this is what I have done.</p>
|
222
|
-
|
223
|
-
|
224
|
-
<p>There is code in place for using Lockdown with Rails, after all, that’s where Lockdown was born. However, I have not yet tested the Rails functionality after this last refactor. In addition, the deployment mechanism for Rails has to be tested.</p>
|
225
|
-
|
226
|
-
|
227
|
-
<p>Writing code for public release is difficult and much different from architecting/coding for a closed source project. A lot of things you could get by with in a proprietary application won’t be well received by the general public. In addition, if you don’t make things easy, the adoption rate will probably be non-existent.</p>
|
228
|
-
|
229
|
-
|
230
|
-
<h2>Features</h2>
|
231
|
-
|
232
|
-
|
233
|
-
<p><strong>I have these components (for the most part)...figuring out how to package them. The following is just an idea right now… </strong>
|
234
|
-
<br/>
|
235
|
-
<br/>
|
236
|
-
The goal of Lockdown is to give you only what you want from the system.</p>
|
237
|
-
|
238
|
-
|
239
|
-
<p>The initial install is all that is required to lock down your system. However, you’ll probably want the authorization functionality. You can get this by:</p>
|
240
|
-
|
241
|
-
|
242
|
-
<p><pre class='syntax'><span class="ident">rake</span> <span class="ident">lockdown</span><span class="symbol">:install:authorization</span></pre></p>
|
243
|
-
|
244
|
-
|
245
|
-
<p>If you want to install <span class="caps">ORM</span> support:</p>
|
246
|
-
|
247
|
-
|
248
|
-
<p><pre class='syntax'><span class="ident">rake</span> <span class="ident">lockdown</span><span class="symbol">:install:orm</span></pre></p>
|
249
|
-
|
250
|
-
|
251
|
-
<p>If you want to install management screens (ORM support included):
|
252
|
-
<pre class='syntax'><span class="ident">rake</span> <span class="ident">lockdown</span><span class="symbol">:install:management</span></pre></p>
|
253
|
-
|
254
|
-
|
255
|
-
<p>If you want to install authorization + management screens:
|
256
|
-
<pre class='syntax'><span class="ident">rake</span> <span class="ident">lockdown</span><span class="symbol">:install:all</span></pre></p>
|
257
|
-
|
258
|
-
|
259
|
-
<h2>Forum</h2>
|
260
|
-
|
261
|
-
|
262
|
-
<p><a href="http://groups.google.com/group/stonean_lockdown?hl=en">http://groups.google.com/group/stonean_lockdown?hl=en</a></p>
|
263
|
-
|
264
|
-
|
265
|
-
<h2>How to submit patches</h2>
|
266
|
-
|
267
|
-
|
268
|
-
<p>The Clone <span class="caps">URL</span>: git://github.com/stonean/lockdown.git</p>
|
269
|
-
|
270
|
-
|
271
|
-
<p>Read the <a href="http://drnicwilliams.com/2007/06/01/8-steps-for-fixing-other-peoples-code/">8 steps for fixing other people’s code</a> and for section <a href="http://drnicwilliams.com/2007/06/01/8-steps-for-fixing-other-peoples-code/#8b-google-groups">8b: Submit patch to Google Groups</a>, use the Google Group above.</p>
|
272
|
-
|
273
|
-
|
274
|
-
<p>I’m new to git and this whole opensource project admin gig, so please be patient with my stumbling around.</p>
|
275
|
-
|
276
|
-
|
277
|
-
<h2>License</h2>
|
278
|
-
|
279
|
-
|
280
|
-
<p>This code is free to use under the terms of the <span class="caps">MIT</span> license.</p>
|
281
|
-
|
282
|
-
|
283
|
-
<h2>Contact</h2>
|
284
|
-
|
285
|
-
|
286
|
-
<p>Comments and suggestions are welcome via the <a href="http://groups.google.com/group/stonean_lockdown?hl=en">forum</a></p>
|
287
|
-
<p class="coda">
|
288
|
-
22nd April 2008<br/>
|
289
|
-
Theme extended from <a href="http://rb2js.rubyforge.org/">Paul Battley</a>
|
290
|
-
</p>
|
291
|
-
</div>
|
292
|
-
<script type="text/javascript">
|
293
|
-
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
|
294
|
-
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
|
295
|
-
</script>
|
296
|
-
<script type="text/javascript">
|
297
|
-
var pageTracker = _gat._getTracker("UA-4189092-1");
|
298
|
-
pageTracker._initData();
|
299
|
-
pageTracker._trackPageview();
|
300
|
-
</script>
|
301
|
-
</body>
|
302
|
-
</html>
|