lockdown 0.4.0 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +3 -0
- data/lib/lockdown/controller.rb +1 -3
- data/lib/lockdown/controller_inspector.rb +1 -1
- data/lib/lockdown/helper.rb +1 -1
- data/lib/lockdown/model.rb +0 -1
- data/lib/lockdown/system.rb +115 -115
- data/lib/lockdown/version.rb +1 -1
- data/lib/lockdown/view.rb +18 -19
- data/rails_generators/lockdown_all/templates/app/controllers/sessions_controller.rb +17 -16
- data/rails_generators/lockdown_all/templates/app/models/user.rb +15 -16
- data/rails_generators/lockdown_all/templates/app/models/user_group.rb +1 -1
- data/website/index.txt +8 -2
- metadata +2 -2
data/History.txt
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
== 0.4.1 2008-05-06
|
2
|
+
* Just some minor tabs-to-spaces formatting and removed unnecessary helper included into the user model.
|
3
|
+
|
1
4
|
== 0.4.0 2008-05-04
|
2
5
|
* Added: Automatically sync definitions in init.rb with database to remove migrations requirement
|
3
6
|
* Added: Improved notification if invalid user group or permission is referenced in init.rb
|
data/lib/lockdown/controller.rb
CHANGED
@@ -7,7 +7,7 @@ module Lockdown
|
|
7
7
|
def self.included(base)
|
8
8
|
base.send :include, Lockdown::Controller::Core::InstanceMethods
|
9
9
|
end
|
10
|
-
|
10
|
+
|
11
11
|
module InstanceMethods
|
12
12
|
def configure_lock_down
|
13
13
|
check_session_expiry
|
@@ -209,8 +209,6 @@ module Lockdown
|
|
209
209
|
|
210
210
|
end # InstanceMethods
|
211
211
|
end # Rails
|
212
|
-
|
213
|
-
|
214
212
|
end # Controller
|
215
213
|
end # Lockdown
|
216
214
|
|
data/lib/lockdown/helper.rb
CHANGED
data/lib/lockdown/model.rb
CHANGED
data/lib/lockdown/system.rb
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
module Lockdown
|
2
2
|
class System
|
3
3
|
class << self
|
4
|
-
|
4
|
+
include Lockdown::ControllerInspector
|
5
5
|
|
6
6
|
attr_accessor :options #:nodoc:
|
7
|
-
|
7
|
+
|
8
8
|
attr_accessor :permissions #:nodoc:
|
9
9
|
attr_accessor :user_groups #:nodoc:
|
10
10
|
|
@@ -20,7 +20,7 @@ module Lockdown
|
|
20
20
|
attr_accessor :controller_classes #:nodoc:
|
21
21
|
|
22
22
|
def configure(&block)
|
23
|
-
|
23
|
+
set_defaults
|
24
24
|
instance_eval(&block)
|
25
25
|
if options[:use_db_models] && options[:sync_init_rb_with_db]
|
26
26
|
sync_with_db
|
@@ -30,7 +30,7 @@ module Lockdown
|
|
30
30
|
def [](key)
|
31
31
|
(@options||={})[key]
|
32
32
|
end
|
33
|
-
|
33
|
+
|
34
34
|
def []=(key,val)
|
35
35
|
@options[key] = val
|
36
36
|
end
|
@@ -39,9 +39,9 @@ module Lockdown
|
|
39
39
|
@permissions[name] ||= []
|
40
40
|
method_arrays.each{|ary| @permissions[name] += ary}
|
41
41
|
end
|
42
|
-
|
43
|
-
|
44
|
-
|
42
|
+
|
43
|
+
def get_permissions
|
44
|
+
@permissions.keys
|
45
45
|
end
|
46
46
|
|
47
47
|
def permission_exists?(perm)
|
@@ -58,13 +58,13 @@ module Lockdown
|
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
61
|
-
|
62
|
-
|
61
|
+
def get_user_groups
|
62
|
+
@user_groups.keys
|
63
63
|
end
|
64
64
|
|
65
65
|
def permissions_for_user_group(ug)
|
66
66
|
sym = lockdown_symbol(ug)
|
67
|
-
|
67
|
+
|
68
68
|
if has_user_group?(sym)
|
69
69
|
@user_groups[sym].each do |perm|
|
70
70
|
unless permission_exists?(perm)
|
@@ -88,143 +88,143 @@ module Lockdown
|
|
88
88
|
|
89
89
|
def access_rights_for_permission(perm)
|
90
90
|
sym = lockdown_symbol(perm)
|
91
|
-
|
91
|
+
|
92
92
|
unless permission_exists?(sym)
|
93
93
|
raise SecurityError, "Permission requested is not defined: #{sym}"
|
94
94
|
end
|
95
95
|
@permissions[sym]
|
96
96
|
end
|
97
|
-
|
97
|
+
|
98
98
|
def public_access?(perm)
|
99
99
|
@public_access.include?(perm)
|
100
100
|
end
|
101
101
|
|
102
|
-
|
103
|
-
|
104
|
-
|
102
|
+
def set_public_access(*perms)
|
103
|
+
perms.each{|perm| @public_access += @permissions[perm]}
|
104
|
+
end
|
105
105
|
|
106
106
|
def protected_access?(perm)
|
107
107
|
@protected_access.include?(perm)
|
108
108
|
end
|
109
109
|
|
110
|
-
|
111
|
-
|
112
|
-
|
110
|
+
def set_protected_access(*perms)
|
111
|
+
perms.each{|perm| @protected_access += @permissions[perm]}
|
112
|
+
end
|
113
113
|
|
114
114
|
def permission_assigned_automatically?(perm)
|
115
115
|
public_access?(perm) || protected_access?(perm)
|
116
116
|
end
|
117
117
|
|
118
|
-
|
119
|
-
|
118
|
+
def standard_authorized_user_rights
|
119
|
+
Lockdown::System.public_access + Lockdown::System.protected_access
|
120
120
|
end
|
121
121
|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
122
|
+
#
|
123
|
+
# Determine if the user group is defined in init.rb
|
124
|
+
#
|
125
|
+
def has_user_group?(ug)
|
126
126
|
sym = lockdown_symbol(ug)
|
127
127
|
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
128
|
+
return true if sym == administrator_group_symbol
|
129
|
+
get_user_groups.each do |key|
|
130
|
+
return true if key == sym
|
131
|
+
end
|
132
|
+
false
|
133
|
+
end
|
134
|
+
|
135
|
+
#
|
136
|
+
# Delete a user group record from the database
|
137
|
+
#
|
138
|
+
def delete_user_group(str_sym)
|
139
|
+
ug = UserGroup.find(:first, :conditions => ["name = ?",string_name(str_sym)])
|
140
|
+
ug.destroy unless ug.nil?
|
141
|
+
end
|
142
|
+
|
143
|
+
def access_rights_for_user(usr)
|
144
|
+
return unless usr
|
145
|
+
return :all if administrator?(usr)
|
146
|
+
|
147
|
+
rights = standard_authorized_user_rights
|
148
|
+
|
149
|
+
if @options[:use_db_models]
|
150
|
+
usr.user_groups.each do |grp|
|
151
151
|
permissions_for_user_group(grp) do |perm|
|
152
152
|
rights += access_rights_for_permission(perm)
|
153
153
|
end
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
154
|
+
end
|
155
|
+
end
|
156
|
+
rights
|
157
|
+
end
|
158
|
+
|
159
|
+
#
|
160
|
+
# Use this for the management screen to restrict user group list to the
|
161
|
+
# user. This will prevent a user from creating a user with more power than
|
162
|
+
# him/her self.
|
163
|
+
#
|
164
|
+
#
|
165
|
+
def user_groups_assignable_for_user(usr)
|
166
|
+
return [] if usr.nil?
|
167
|
+
|
168
|
+
if administrator?(usr)
|
169
|
+
UserGroup.find(:all, :order => :name)
|
170
|
+
else
|
171
|
+
UserGroup.find_by_sql <<-SQL
|
172
|
+
select user_groups.* from user_groups, user_groups_users
|
173
|
+
where user_groups.id = user_groups_users.user_group_id
|
174
|
+
and user_groups_users.user_id = #{usr.id}
|
175
|
+
order by user_groups.name
|
176
|
+
SQL
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
#
|
181
|
+
# Similar to user_groups_assignable_for_user, this method should be
|
182
182
|
# used to restrict users from creating a user group with more power than
|
183
183
|
# they have been allowed.
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
184
|
+
#
|
185
|
+
def permissions_assignable_for_user(usr)
|
186
|
+
return [] if usr.nil?
|
187
|
+
if administrator?(usr)
|
188
|
+
@permissions.keys.collect{|k| Permission.find_by_name(string_name(k)) }.compact
|
189
|
+
else
|
190
|
+
groups = user_groups_assignable_for_user(usr)
|
191
|
+
groups.collect{|g| g.permissions}.flatten.compact
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
def make_user_administrator(usr)
|
196
196
|
unless Lockdown.database_table_exists?(UserGroup)
|
197
197
|
create_administrator_user_group
|
198
198
|
end
|
199
199
|
|
200
|
-
|
201
|
-
|
200
|
+
usr.user_groups << UserGroup.find_or_create_by_name(administrator_group_string)
|
201
|
+
end
|
202
202
|
|
203
|
-
|
204
|
-
|
205
|
-
end
|
206
|
-
|
207
|
-
def administrator_rights
|
208
|
-
all_controllers
|
203
|
+
def administrator?(usr)
|
204
|
+
user_has_user_group?(usr, administrator_group_symbol)
|
209
205
|
end
|
210
206
|
|
207
|
+
def administrator_rights
|
208
|
+
all_controllers
|
209
|
+
end
|
210
|
+
|
211
211
|
def fetch_controller_class(str)
|
212
212
|
@controller_classes[controller_class_name(str)]
|
213
213
|
end
|
214
|
-
|
214
|
+
|
215
215
|
protected
|
216
216
|
|
217
217
|
def set_defaults
|
218
218
|
load_controller_classes
|
219
|
-
|
219
|
+
|
220
220
|
@permissions = {}
|
221
221
|
@user_groups = {}
|
222
|
-
|
222
|
+
|
223
223
|
@public_access = []
|
224
224
|
@protected_access = []
|
225
225
|
@private_access = []
|
226
226
|
|
227
|
-
|
227
|
+
@options = {
|
228
228
|
:use_db_models => true,
|
229
229
|
:sync_init_rb_with_db => true,
|
230
230
|
:session_timeout => (60 * 60),
|
@@ -234,19 +234,19 @@ module Lockdown
|
|
234
234
|
}
|
235
235
|
end
|
236
236
|
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
237
|
+
private
|
238
|
+
|
239
|
+
def create_administrator_user_group
|
240
|
+
return unless @options[:use_db_models]
|
241
|
+
UserGroup.create :name => administrator_group_name
|
242
|
+
end
|
243
|
+
|
244
|
+
def user_has_user_group?(usr, sym)
|
245
|
+
usr.user_groups.each do |ug|
|
246
|
+
return true if convert_reference_name(ug.name) == sym
|
247
|
+
end
|
248
|
+
false
|
249
|
+
end
|
250
250
|
|
251
251
|
def load_controller_classes
|
252
252
|
@controller_classes = {}
|
@@ -281,7 +281,7 @@ module Lockdown
|
|
281
281
|
load("application.rb") unless const_defined?("Application")
|
282
282
|
end
|
283
283
|
end
|
284
|
-
|
284
|
+
|
285
285
|
def lockdown_load(file)
|
286
286
|
klass = controller_class_name_from_file(file)
|
287
287
|
if Lockdown.rails_app?
|
@@ -365,8 +365,8 @@ module Lockdown
|
|
365
365
|
return unless const_defined?("Permission") && const_defined?("UserGroup")
|
366
366
|
|
367
367
|
Lockdown.database_table_exists?(Permission) &&
|
368
|
-
|
368
|
+
Lockdown.database_table_exists?(UserGroup)
|
369
369
|
end
|
370
|
-
|
370
|
+
end # class block
|
371
371
|
end # System class
|
372
372
|
end # Lockdown
|
data/lib/lockdown/version.rb
CHANGED
data/lib/lockdown/view.rb
CHANGED
@@ -21,17 +21,17 @@ module Lockdown
|
|
21
21
|
return ""
|
22
22
|
end
|
23
23
|
|
24
|
-
|
25
|
-
|
26
|
-
|
24
|
+
def link_to_or_show(name, url = '', options = {})
|
25
|
+
lnk = link_to(name, options, html_options)
|
26
|
+
lnk.length == 0 ? name : lnk
|
27
27
|
end
|
28
28
|
end # Merb
|
29
29
|
|
30
30
|
module Rails
|
31
31
|
include Lockdown::View::Core
|
32
32
|
def self.included(base)
|
33
|
-
|
34
|
-
|
33
|
+
base.send :alias_method, :rails_link_to, :link_to
|
34
|
+
base.send :alias_method, :rails_button_to, :button_to
|
35
35
|
end
|
36
36
|
|
37
37
|
def ld_link_to(name, options = {}, html_options = nil)
|
@@ -42,11 +42,10 @@ module Lockdown
|
|
42
42
|
return ""
|
43
43
|
end
|
44
44
|
|
45
|
-
|
46
|
-
|
47
|
-
|
45
|
+
def link_to_or_show(name, options = {}, html_options = nil)
|
46
|
+
lnk = link_to(name, options, html_options)
|
47
|
+
lnk.length == 0 ? name : lnk
|
48
48
|
end
|
49
|
-
|
50
49
|
|
51
50
|
def button_to(name, options = {}, html_options = nil)
|
52
51
|
url = lock_down_url(options, html_options)
|
@@ -55,19 +54,19 @@ module Lockdown
|
|
55
54
|
end
|
56
55
|
return ""
|
57
56
|
end
|
58
|
-
|
59
57
|
|
60
58
|
private
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
return p
|
59
|
+
|
60
|
+
def lock_down_url(options, html_options = {})
|
61
|
+
return options unless options.respond_to?(:new_record?)
|
62
|
+
p = polymorphic_path(options)
|
63
|
+
if html_options.is_a?(Hash) && html_options[:method] == :delete
|
64
|
+
p += "/destroy"
|
65
|
+
elsif p.split("/").last.to_i > 0
|
66
|
+
p += "/show"
|
70
67
|
end
|
68
|
+
return p
|
69
|
+
end
|
71
70
|
end # Rails
|
72
71
|
end # View
|
73
72
|
end # Lockdown
|
@@ -16,22 +16,23 @@ class SessionsController < ApplicationController
|
|
16
16
|
end
|
17
17
|
|
18
18
|
protected
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
19
|
+
|
20
|
+
def password_authentication(login, password)
|
21
|
+
set_session_user(User.authenticate(login, password))
|
22
|
+
if logged_in?
|
23
|
+
successful_login
|
24
|
+
else
|
25
|
+
failed_login
|
26
|
+
end
|
27
|
+
end
|
27
28
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
29
|
+
def failed_login(message = 'Authentication failed.')
|
30
|
+
flash[:error] = message
|
31
|
+
redirect_back_or_default login_url
|
32
|
+
end
|
32
33
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
34
|
+
def successful_login
|
35
|
+
flash[:notice] = "Logged in successfully"
|
36
|
+
redirect_back_or_default "/"
|
37
|
+
end
|
37
38
|
end
|
@@ -1,6 +1,5 @@
|
|
1
1
|
require 'digest/sha1'
|
2
2
|
class User < ActiveRecord::Base
|
3
|
-
include Lockdown::Helper
|
4
3
|
has_and_belongs_to_many :user_groups
|
5
4
|
belongs_to :profile
|
6
5
|
|
@@ -43,7 +42,7 @@ class User < ActiveRecord::Base
|
|
43
42
|
crypted_password == encrypt(password)
|
44
43
|
end
|
45
44
|
|
46
|
-
|
45
|
+
def email
|
47
46
|
self.profile.email
|
48
47
|
end
|
49
48
|
|
@@ -53,21 +52,21 @@ class User < ActiveRecord::Base
|
|
53
52
|
|
54
53
|
protected
|
55
54
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
55
|
+
def prepare_for_save
|
56
|
+
encrypt_password
|
57
|
+
self.profile.save
|
58
|
+
end
|
60
59
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
60
|
+
def encrypt_password
|
61
|
+
return if password.blank?
|
62
|
+
if new_record?
|
63
|
+
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--")
|
64
|
+
end
|
65
|
+
self.crypted_password = encrypt(password)
|
66
|
+
end
|
68
67
|
|
69
|
-
|
70
|
-
|
71
|
-
|
68
|
+
def password_required?
|
69
|
+
(crypted_password.blank? || !password.blank?)
|
70
|
+
end
|
72
71
|
|
73
72
|
end
|
data/website/index.txt
CHANGED
@@ -1,7 +1,5 @@
|
|
1
1
|
h1. <a href="http://lockdown.rubyforge.org">Lockdown</a>
|
2
2
|
|
3
|
-
h3. Lockdown has not been officially released! This page is a Work-In-Progress.
|
4
|
-
|
5
3
|
h2. What
|
6
4
|
|
7
5
|
Lockdown is a authentication/authorization system for RubyOnRails (ver 2.x). While Merb functionality is in place, it is not complete. There will be a release solely focused on getting the Merb functionality up to par with Rails.
|
@@ -18,6 +16,14 @@ $ lockdown .
|
|
18
16
|
|
19
17
|
This will create a "lockdown" directory in the lib dir add two files: init.rb and session.rb. Modify init.rb to set defaults and define the rules that apply to your system.
|
20
18
|
|
19
|
+
<strong> Some noteworthy points:</strong>
|
20
|
+
<ul>
|
21
|
+
<li><strong>All Permissions are defined in init.rb, they cannot be defined via the administration screens.</strong></li>
|
22
|
+
<li><strong>All User Groups should be defined in init.rb. The administration screens can be used to create user groups, but doing so should be reserved for the unexpected.</strong></li>
|
23
|
+
<li><strong>Lockdown will sync up the rules (Permissions and User Groups) defined in init.rb with your database.</strong></li>
|
24
|
+
</ul>
|
25
|
+
|
26
|
+
|
21
27
|
To help you with your new application, Lockdown comes with a generator called lockdown_all.
|
22
28
|
|
23
29
|
<pre>
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lockdown
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Stone
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-05-
|
12
|
+
date: 2008-05-06 00:00:00 -04:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|