lockdown 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +3 -0
- data/lib/lockdown/controller.rb +1 -3
- data/lib/lockdown/controller_inspector.rb +1 -1
- data/lib/lockdown/helper.rb +1 -1
- data/lib/lockdown/model.rb +0 -1
- data/lib/lockdown/system.rb +115 -115
- data/lib/lockdown/version.rb +1 -1
- data/lib/lockdown/view.rb +18 -19
- data/rails_generators/lockdown_all/templates/app/controllers/sessions_controller.rb +17 -16
- data/rails_generators/lockdown_all/templates/app/models/user.rb +15 -16
- data/rails_generators/lockdown_all/templates/app/models/user_group.rb +1 -1
- data/website/index.txt +8 -2
- metadata +2 -2
data/History.txt
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
== 0.4.1 2008-05-06
|
2
|
+
* Just some minor tabs-to-spaces formatting and removed unnecessary helper included into the user model.
|
3
|
+
|
1
4
|
== 0.4.0 2008-05-04
|
2
5
|
* Added: Automatically sync definitions in init.rb with database to remove migrations requirement
|
3
6
|
* Added: Improved notification if invalid user group or permission is referenced in init.rb
|
data/lib/lockdown/controller.rb
CHANGED
@@ -7,7 +7,7 @@ module Lockdown
|
|
7
7
|
def self.included(base)
|
8
8
|
base.send :include, Lockdown::Controller::Core::InstanceMethods
|
9
9
|
end
|
10
|
-
|
10
|
+
|
11
11
|
module InstanceMethods
|
12
12
|
def configure_lock_down
|
13
13
|
check_session_expiry
|
@@ -209,8 +209,6 @@ module Lockdown
|
|
209
209
|
|
210
210
|
end # InstanceMethods
|
211
211
|
end # Rails
|
212
|
-
|
213
|
-
|
214
212
|
end # Controller
|
215
213
|
end # Lockdown
|
216
214
|
|
data/lib/lockdown/helper.rb
CHANGED
data/lib/lockdown/model.rb
CHANGED
data/lib/lockdown/system.rb
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
module Lockdown
|
2
2
|
class System
|
3
3
|
class << self
|
4
|
-
|
4
|
+
include Lockdown::ControllerInspector
|
5
5
|
|
6
6
|
attr_accessor :options #:nodoc:
|
7
|
-
|
7
|
+
|
8
8
|
attr_accessor :permissions #:nodoc:
|
9
9
|
attr_accessor :user_groups #:nodoc:
|
10
10
|
|
@@ -20,7 +20,7 @@ module Lockdown
|
|
20
20
|
attr_accessor :controller_classes #:nodoc:
|
21
21
|
|
22
22
|
def configure(&block)
|
23
|
-
|
23
|
+
set_defaults
|
24
24
|
instance_eval(&block)
|
25
25
|
if options[:use_db_models] && options[:sync_init_rb_with_db]
|
26
26
|
sync_with_db
|
@@ -30,7 +30,7 @@ module Lockdown
|
|
30
30
|
def [](key)
|
31
31
|
(@options||={})[key]
|
32
32
|
end
|
33
|
-
|
33
|
+
|
34
34
|
def []=(key,val)
|
35
35
|
@options[key] = val
|
36
36
|
end
|
@@ -39,9 +39,9 @@ module Lockdown
|
|
39
39
|
@permissions[name] ||= []
|
40
40
|
method_arrays.each{|ary| @permissions[name] += ary}
|
41
41
|
end
|
42
|
-
|
43
|
-
|
44
|
-
|
42
|
+
|
43
|
+
def get_permissions
|
44
|
+
@permissions.keys
|
45
45
|
end
|
46
46
|
|
47
47
|
def permission_exists?(perm)
|
@@ -58,13 +58,13 @@ module Lockdown
|
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
61
|
-
|
62
|
-
|
61
|
+
def get_user_groups
|
62
|
+
@user_groups.keys
|
63
63
|
end
|
64
64
|
|
65
65
|
def permissions_for_user_group(ug)
|
66
66
|
sym = lockdown_symbol(ug)
|
67
|
-
|
67
|
+
|
68
68
|
if has_user_group?(sym)
|
69
69
|
@user_groups[sym].each do |perm|
|
70
70
|
unless permission_exists?(perm)
|
@@ -88,143 +88,143 @@ module Lockdown
|
|
88
88
|
|
89
89
|
def access_rights_for_permission(perm)
|
90
90
|
sym = lockdown_symbol(perm)
|
91
|
-
|
91
|
+
|
92
92
|
unless permission_exists?(sym)
|
93
93
|
raise SecurityError, "Permission requested is not defined: #{sym}"
|
94
94
|
end
|
95
95
|
@permissions[sym]
|
96
96
|
end
|
97
|
-
|
97
|
+
|
98
98
|
def public_access?(perm)
|
99
99
|
@public_access.include?(perm)
|
100
100
|
end
|
101
101
|
|
102
|
-
|
103
|
-
|
104
|
-
|
102
|
+
def set_public_access(*perms)
|
103
|
+
perms.each{|perm| @public_access += @permissions[perm]}
|
104
|
+
end
|
105
105
|
|
106
106
|
def protected_access?(perm)
|
107
107
|
@protected_access.include?(perm)
|
108
108
|
end
|
109
109
|
|
110
|
-
|
111
|
-
|
112
|
-
|
110
|
+
def set_protected_access(*perms)
|
111
|
+
perms.each{|perm| @protected_access += @permissions[perm]}
|
112
|
+
end
|
113
113
|
|
114
114
|
def permission_assigned_automatically?(perm)
|
115
115
|
public_access?(perm) || protected_access?(perm)
|
116
116
|
end
|
117
117
|
|
118
|
-
|
119
|
-
|
118
|
+
def standard_authorized_user_rights
|
119
|
+
Lockdown::System.public_access + Lockdown::System.protected_access
|
120
120
|
end
|
121
121
|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
122
|
+
#
|
123
|
+
# Determine if the user group is defined in init.rb
|
124
|
+
#
|
125
|
+
def has_user_group?(ug)
|
126
126
|
sym = lockdown_symbol(ug)
|
127
127
|
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
128
|
+
return true if sym == administrator_group_symbol
|
129
|
+
get_user_groups.each do |key|
|
130
|
+
return true if key == sym
|
131
|
+
end
|
132
|
+
false
|
133
|
+
end
|
134
|
+
|
135
|
+
#
|
136
|
+
# Delete a user group record from the database
|
137
|
+
#
|
138
|
+
def delete_user_group(str_sym)
|
139
|
+
ug = UserGroup.find(:first, :conditions => ["name = ?",string_name(str_sym)])
|
140
|
+
ug.destroy unless ug.nil?
|
141
|
+
end
|
142
|
+
|
143
|
+
def access_rights_for_user(usr)
|
144
|
+
return unless usr
|
145
|
+
return :all if administrator?(usr)
|
146
|
+
|
147
|
+
rights = standard_authorized_user_rights
|
148
|
+
|
149
|
+
if @options[:use_db_models]
|
150
|
+
usr.user_groups.each do |grp|
|
151
151
|
permissions_for_user_group(grp) do |perm|
|
152
152
|
rights += access_rights_for_permission(perm)
|
153
153
|
end
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
154
|
+
end
|
155
|
+
end
|
156
|
+
rights
|
157
|
+
end
|
158
|
+
|
159
|
+
#
|
160
|
+
# Use this for the management screen to restrict user group list to the
|
161
|
+
# user. This will prevent a user from creating a user with more power than
|
162
|
+
# him/her self.
|
163
|
+
#
|
164
|
+
#
|
165
|
+
def user_groups_assignable_for_user(usr)
|
166
|
+
return [] if usr.nil?
|
167
|
+
|
168
|
+
if administrator?(usr)
|
169
|
+
UserGroup.find(:all, :order => :name)
|
170
|
+
else
|
171
|
+
UserGroup.find_by_sql <<-SQL
|
172
|
+
select user_groups.* from user_groups, user_groups_users
|
173
|
+
where user_groups.id = user_groups_users.user_group_id
|
174
|
+
and user_groups_users.user_id = #{usr.id}
|
175
|
+
order by user_groups.name
|
176
|
+
SQL
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
#
|
181
|
+
# Similar to user_groups_assignable_for_user, this method should be
|
182
182
|
# used to restrict users from creating a user group with more power than
|
183
183
|
# they have been allowed.
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
184
|
+
#
|
185
|
+
def permissions_assignable_for_user(usr)
|
186
|
+
return [] if usr.nil?
|
187
|
+
if administrator?(usr)
|
188
|
+
@permissions.keys.collect{|k| Permission.find_by_name(string_name(k)) }.compact
|
189
|
+
else
|
190
|
+
groups = user_groups_assignable_for_user(usr)
|
191
|
+
groups.collect{|g| g.permissions}.flatten.compact
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
def make_user_administrator(usr)
|
196
196
|
unless Lockdown.database_table_exists?(UserGroup)
|
197
197
|
create_administrator_user_group
|
198
198
|
end
|
199
199
|
|
200
|
-
|
201
|
-
|
200
|
+
usr.user_groups << UserGroup.find_or_create_by_name(administrator_group_string)
|
201
|
+
end
|
202
202
|
|
203
|
-
|
204
|
-
|
205
|
-
end
|
206
|
-
|
207
|
-
def administrator_rights
|
208
|
-
all_controllers
|
203
|
+
def administrator?(usr)
|
204
|
+
user_has_user_group?(usr, administrator_group_symbol)
|
209
205
|
end
|
210
206
|
|
207
|
+
def administrator_rights
|
208
|
+
all_controllers
|
209
|
+
end
|
210
|
+
|
211
211
|
def fetch_controller_class(str)
|
212
212
|
@controller_classes[controller_class_name(str)]
|
213
213
|
end
|
214
|
-
|
214
|
+
|
215
215
|
protected
|
216
216
|
|
217
217
|
def set_defaults
|
218
218
|
load_controller_classes
|
219
|
-
|
219
|
+
|
220
220
|
@permissions = {}
|
221
221
|
@user_groups = {}
|
222
|
-
|
222
|
+
|
223
223
|
@public_access = []
|
224
224
|
@protected_access = []
|
225
225
|
@private_access = []
|
226
226
|
|
227
|
-
|
227
|
+
@options = {
|
228
228
|
:use_db_models => true,
|
229
229
|
:sync_init_rb_with_db => true,
|
230
230
|
:session_timeout => (60 * 60),
|
@@ -234,19 +234,19 @@ module Lockdown
|
|
234
234
|
}
|
235
235
|
end
|
236
236
|
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
237
|
+
private
|
238
|
+
|
239
|
+
def create_administrator_user_group
|
240
|
+
return unless @options[:use_db_models]
|
241
|
+
UserGroup.create :name => administrator_group_name
|
242
|
+
end
|
243
|
+
|
244
|
+
def user_has_user_group?(usr, sym)
|
245
|
+
usr.user_groups.each do |ug|
|
246
|
+
return true if convert_reference_name(ug.name) == sym
|
247
|
+
end
|
248
|
+
false
|
249
|
+
end
|
250
250
|
|
251
251
|
def load_controller_classes
|
252
252
|
@controller_classes = {}
|
@@ -281,7 +281,7 @@ module Lockdown
|
|
281
281
|
load("application.rb") unless const_defined?("Application")
|
282
282
|
end
|
283
283
|
end
|
284
|
-
|
284
|
+
|
285
285
|
def lockdown_load(file)
|
286
286
|
klass = controller_class_name_from_file(file)
|
287
287
|
if Lockdown.rails_app?
|
@@ -365,8 +365,8 @@ module Lockdown
|
|
365
365
|
return unless const_defined?("Permission") && const_defined?("UserGroup")
|
366
366
|
|
367
367
|
Lockdown.database_table_exists?(Permission) &&
|
368
|
-
|
368
|
+
Lockdown.database_table_exists?(UserGroup)
|
369
369
|
end
|
370
|
-
|
370
|
+
end # class block
|
371
371
|
end # System class
|
372
372
|
end # Lockdown
|
data/lib/lockdown/version.rb
CHANGED
data/lib/lockdown/view.rb
CHANGED
@@ -21,17 +21,17 @@ module Lockdown
|
|
21
21
|
return ""
|
22
22
|
end
|
23
23
|
|
24
|
-
|
25
|
-
|
26
|
-
|
24
|
+
def link_to_or_show(name, url = '', options = {})
|
25
|
+
lnk = link_to(name, options, html_options)
|
26
|
+
lnk.length == 0 ? name : lnk
|
27
27
|
end
|
28
28
|
end # Merb
|
29
29
|
|
30
30
|
module Rails
|
31
31
|
include Lockdown::View::Core
|
32
32
|
def self.included(base)
|
33
|
-
|
34
|
-
|
33
|
+
base.send :alias_method, :rails_link_to, :link_to
|
34
|
+
base.send :alias_method, :rails_button_to, :button_to
|
35
35
|
end
|
36
36
|
|
37
37
|
def ld_link_to(name, options = {}, html_options = nil)
|
@@ -42,11 +42,10 @@ module Lockdown
|
|
42
42
|
return ""
|
43
43
|
end
|
44
44
|
|
45
|
-
|
46
|
-
|
47
|
-
|
45
|
+
def link_to_or_show(name, options = {}, html_options = nil)
|
46
|
+
lnk = link_to(name, options, html_options)
|
47
|
+
lnk.length == 0 ? name : lnk
|
48
48
|
end
|
49
|
-
|
50
49
|
|
51
50
|
def button_to(name, options = {}, html_options = nil)
|
52
51
|
url = lock_down_url(options, html_options)
|
@@ -55,19 +54,19 @@ module Lockdown
|
|
55
54
|
end
|
56
55
|
return ""
|
57
56
|
end
|
58
|
-
|
59
57
|
|
60
58
|
private
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
return p
|
59
|
+
|
60
|
+
def lock_down_url(options, html_options = {})
|
61
|
+
return options unless options.respond_to?(:new_record?)
|
62
|
+
p = polymorphic_path(options)
|
63
|
+
if html_options.is_a?(Hash) && html_options[:method] == :delete
|
64
|
+
p += "/destroy"
|
65
|
+
elsif p.split("/").last.to_i > 0
|
66
|
+
p += "/show"
|
70
67
|
end
|
68
|
+
return p
|
69
|
+
end
|
71
70
|
end # Rails
|
72
71
|
end # View
|
73
72
|
end # Lockdown
|
@@ -16,22 +16,23 @@ class SessionsController < ApplicationController
|
|
16
16
|
end
|
17
17
|
|
18
18
|
protected
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
19
|
+
|
20
|
+
def password_authentication(login, password)
|
21
|
+
set_session_user(User.authenticate(login, password))
|
22
|
+
if logged_in?
|
23
|
+
successful_login
|
24
|
+
else
|
25
|
+
failed_login
|
26
|
+
end
|
27
|
+
end
|
27
28
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
29
|
+
def failed_login(message = 'Authentication failed.')
|
30
|
+
flash[:error] = message
|
31
|
+
redirect_back_or_default login_url
|
32
|
+
end
|
32
33
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
34
|
+
def successful_login
|
35
|
+
flash[:notice] = "Logged in successfully"
|
36
|
+
redirect_back_or_default "/"
|
37
|
+
end
|
37
38
|
end
|
@@ -1,6 +1,5 @@
|
|
1
1
|
require 'digest/sha1'
|
2
2
|
class User < ActiveRecord::Base
|
3
|
-
include Lockdown::Helper
|
4
3
|
has_and_belongs_to_many :user_groups
|
5
4
|
belongs_to :profile
|
6
5
|
|
@@ -43,7 +42,7 @@ class User < ActiveRecord::Base
|
|
43
42
|
crypted_password == encrypt(password)
|
44
43
|
end
|
45
44
|
|
46
|
-
|
45
|
+
def email
|
47
46
|
self.profile.email
|
48
47
|
end
|
49
48
|
|
@@ -53,21 +52,21 @@ class User < ActiveRecord::Base
|
|
53
52
|
|
54
53
|
protected
|
55
54
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
55
|
+
def prepare_for_save
|
56
|
+
encrypt_password
|
57
|
+
self.profile.save
|
58
|
+
end
|
60
59
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
60
|
+
def encrypt_password
|
61
|
+
return if password.blank?
|
62
|
+
if new_record?
|
63
|
+
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--")
|
64
|
+
end
|
65
|
+
self.crypted_password = encrypt(password)
|
66
|
+
end
|
68
67
|
|
69
|
-
|
70
|
-
|
71
|
-
|
68
|
+
def password_required?
|
69
|
+
(crypted_password.blank? || !password.blank?)
|
70
|
+
end
|
72
71
|
|
73
72
|
end
|
data/website/index.txt
CHANGED
@@ -1,7 +1,5 @@
|
|
1
1
|
h1. <a href="http://lockdown.rubyforge.org">Lockdown</a>
|
2
2
|
|
3
|
-
h3. Lockdown has not been officially released! This page is a Work-In-Progress.
|
4
|
-
|
5
3
|
h2. What
|
6
4
|
|
7
5
|
Lockdown is a authentication/authorization system for RubyOnRails (ver 2.x). While Merb functionality is in place, it is not complete. There will be a release solely focused on getting the Merb functionality up to par with Rails.
|
@@ -18,6 +16,14 @@ $ lockdown .
|
|
18
16
|
|
19
17
|
This will create a "lockdown" directory in the lib dir add two files: init.rb and session.rb. Modify init.rb to set defaults and define the rules that apply to your system.
|
20
18
|
|
19
|
+
<strong> Some noteworthy points:</strong>
|
20
|
+
<ul>
|
21
|
+
<li><strong>All Permissions are defined in init.rb, they cannot be defined via the administration screens.</strong></li>
|
22
|
+
<li><strong>All User Groups should be defined in init.rb. The administration screens can be used to create user groups, but doing so should be reserved for the unexpected.</strong></li>
|
23
|
+
<li><strong>Lockdown will sync up the rules (Permissions and User Groups) defined in init.rb with your database.</strong></li>
|
24
|
+
</ul>
|
25
|
+
|
26
|
+
|
21
27
|
To help you with your new application, Lockdown comes with a generator called lockdown_all.
|
22
28
|
|
23
29
|
<pre>
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lockdown
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Stone
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-05-
|
12
|
+
date: 2008-05-06 00:00:00 -04:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|