RubyGems - lockdown - Versions diffs - 0.4.6 → 0.5.0 - Mend

lockdown 0.4.6 → 0.5.0

Files changed (48) hide show

data/Manifest.txt CHANGED Viewed

@@ -21,6 +21,41 @@ lib/lockdown/model.rb
 lib/lockdown/system.rb
 lib/lockdown/version.rb
 lib/lockdown/view.rb
+rails_generators/lockdown/USAGE
+rails_generators/lockdown/lockdown_generator.rb
+rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
+rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
+rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
+rails_generators/lockdown/templates/app/controllers/users_controller.rb
+rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
+rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
+rails_generators/lockdown/templates/app/helpers/users_helper.rb
+rails_generators/lockdown/templates/app/models/permission.rb
+rails_generators/lockdown/templates/app/models/profile.rb
+rails_generators/lockdown/templates/app/models/user.rb
+rails_generators/lockdown/templates/app/models/user_group.rb
+rails_generators/lockdown/templates/app/views/permissions/_data.html.erb
+rails_generators/lockdown/templates/app/views/permissions/index.html.erb
+rails_generators/lockdown/templates/app/views/permissions/show.html.erb
+rails_generators/lockdown/templates/app/views/sessions/new.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/_data.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/_form.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
+rails_generators/lockdown/templates/app/views/users/_data.html.erb
+rails_generators/lockdown/templates/app/views/users/_form.html.erb
+rails_generators/lockdown/templates/app/views/users/_password.html.erb
+rails_generators/lockdown/templates/app/views/users/edit.html.erb
+rails_generators/lockdown/templates/app/views/users/index.html.erb
+rails_generators/lockdown/templates/app/views/users/new.html.erb
+rails_generators/lockdown/templates/app/views/users/show.html.erb
+rails_generators/lockdown/templates/db/migrate/create_admin_user_and_user_group.rb
+rails_generators/lockdown/templates/db/migrate/create_permissions.rb
+rails_generators/lockdown/templates/db/migrate/create_profiles.rb
+rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
+rails_generators/lockdown/templates/db/migrate/create_users.rb
 rails_generators/lockdown_all/USAGE
 rails_generators/lockdown_all/lockdown_all_generator.rb
 rails_generators/lockdown_all/templates/app/controllers/permissions_controller.rb
@@ -70,7 +105,11 @@ test/test_lockdown.rb
 test/test_lockdown_all_generator.rb
 test/test_lockdown_generator.rb
 test/test_lockdown_models_generator.rb
+website/generator.html
+website/generator.txt
+website/index.html
 website/index.txt
 website/javascripts/rounded_corners_lite.inc.js
+website/model.jpg
 website/stylesheets/screen.css
 website/template.html.erb

data/lib/lockdown/controller.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module Lockdown
           if session[:expiry_time] && session[:expiry_time] < Time.now
             nil_lockdown_values
           end
-          session[:expiry_time] = Time.now + Lockdown::System[:session_timeout]
+          session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
         end
         def store_location
@@ -189,13 +189,13 @@ module Lockdown
         end
         def access_denied(e)
-					if Lockdown::System[:logout_on_access_violation]
+					if Lockdown::System.fetch(:logout_on_access_violation)
 						reset_session
 					end
           respond_to do |accepts|
             accepts.html do
               store_location
-              send_to Lockdown::System[:access_denied_path]
+              send_to Lockdown::System.fetch(:access_denied_path)
             end
             accepts.xml do
               headers["Status"] = "Unauthorized"

data/lib/lockdown/system.rb CHANGED Viewed

@@ -27,14 +27,10 @@ module Lockdown
         end
       end
-      def [](key)
+      def fetch(key)
         (@options||={})[key]
       end
-			def []=(key,val)
-        @options[key] = val
-      end
       def set_permission(name, *method_arrays)
         @permissions[name] ||= []
         method_arrays.each{|ary| @permissions[name] += ary}

data/lib/lockdown/version.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 module Lockdown #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 0
-    MINOR = 4
-    TINY  = 6
+    MINOR = 5
+    TINY  = 0
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/rails_generators/lockdown/USAGE ADDED Viewed

@@ -0,0 +1,5 @@
+Description:
+Usage:

data/rails_generators/lockdown/lockdown_generator.rb ADDED Viewed

@@ -0,0 +1,221 @@
+class LockdownGenerator < Rails::Generator::Base
+  attr_accessor :file_name
+  def manifest
+    record do |m|
+      # Ensure appropriate folder(s) exists
+      m.directory 'app/helpers'
+      m.directory 'app/views'
+      m.directory 'app/controllers'
+      if options[:all]
+        options[:management] = true
+        options[:login] = true
+      end
+      add_management(m) if options[:management]
+      add_login(m) if options[:login]
+      add_models(m)
+    end #record do |m|
+  end
+  protected
+  def add_management(m)
+      m.directory 'app/views/users'
+      m.directory 'app/views/user_groups'
+      m.directory 'app/views/permissions'
+      m.file "app/controllers/permissions_controller.rb",
+							"app/controllers/permissions_controller.rb"
+      m.file "app/controllers/users_controller.rb",
+							"app/controllers/users_controller.rb"
+      m.file "app/controllers/user_groups_controller.rb",
+							"app/controllers/user_groups_controller.rb"
+      m.file "app/helpers/permissions_helper.rb",
+							"app/helpers/permissions_helper.rb"
+      m.file "app/helpers/users_helper.rb",
+							"app/helpers/users_helper.rb"
+      m.file "app/helpers/user_groups_helper.rb",
+							"app/helpers/user_groups_helper.rb"
+      copy_views(m, "users")
+      m.file "app/views/users/_password.html.erb",
+							"app/views/users/_password.html.erb"
+      copy_views(m, "user_groups")
+      m.file "app/views/permissions/_data.html.erb",
+							"app/views/permissions/_data.html.erb"
+      m.file "app/views/permissions/index.html.erb",
+							"app/views/permissions/index.html.erb"
+      m.file "app/views/permissions/show.html.erb",
+							"app/views/permissions/show.html.erb"
+      m.route_resources "permissions"
+      m.route_resources "user_groups"
+      m.route_resources "users"
+    add_management_permissions(m)
+  end
+  def add_login(m)
+    m.directory 'app/views/sessions'
+    m.file "app/controllers/sessions_controller.rb",
+      "app/controllers/sessions_controller.rb"
+    m.file "app/views/sessions/new.html.erb",
+      "app/views/sessions/new.html.erb"
+    m.route_resources "sessions"
+    add_login_permissions(m)
+    add_login_routes(m)
+  end
+  def add_models(m)
+    m.directory 'app/models'
+    m.file "app/models/permission.rb",
+      "app/models/permission.rb"
+    m.file "app/models/user.rb",
+      "app/models/user.rb"
+    m.file "app/models/user_group.rb",
+      "app/models/user_group.rb"
+    m.file "app/models/profile.rb",
+      "app/models/profile.rb"
+    add_migrations(m) unless options[:no_migrations]
+  end
+  def add_migrations(m)
+    begin
+      m.migration_template "db/migrate/create_profiles.rb", "db/migrate",
+        :migration_file_name => "create_profiles"
+    rescue
+      puts "Profiles migration exists"
+    end
+    begin
+      m.migration_template "db/migrate/create_users.rb", "db/migrate",
+        :migration_file_name => "create_users"
+    rescue
+      puts "Users migration exists"
+    end
+    begin
+      m.migration_template "db/migrate/create_user_groups.rb", "db/migrate",
+        :migration_file_name => "create_user_groups"
+    rescue
+      puts "User Groups migration exists"
+    end
+    begin
+      m.migration_template "db/migrate/create_permissions.rb", "db/migrate",
+        :migration_file_name => "create_permissions"
+    rescue
+      puts "Permissions migration exists"
+    end
+    begin
+      m.migration_template "db/migrate/create_admin_user_and_user_group.rb",
+        "db/migrate",
+        :migration_file_name => "create_admin_user_and_user_group"
+    rescue
+      puts "Admin User Group... migration exists"
+    end
+  end # add_migrations
+	def copy_views(m, vw)
+		m.file "app/views/#{vw}/_data.html.erb", "app/views/#{vw}/_data.html.erb"
+		m.file "app/views/#{vw}/_form.html.erb", "app/views/#{vw}/_form.html.erb"
+		m.file "app/views/#{vw}/index.html.erb", "app/views/#{vw}/index.html.erb"
+		m.file "app/views/#{vw}/show.html.erb", "app/views/#{vw}/show.html.erb"
+		m.file "app/views/#{vw}/edit.html.erb", "app/views/#{vw}/edit.html.erb"
+		m.file "app/views/#{vw}/new.html.erb", "app/views/#{vw}/new.html.erb"
+	end
+	def add_login_permissions(m)
+    add_permissions m, "set_permission :sessions_management, all_methods(:sessions)"
+    add_predefined_user_group m, "set_public_access :sessions_management"
+  end
+	def add_management_permissions(m)
+    perms = []
+    perms << "set_permission :users_management, all_methods(:users)"
+    perms << "set_permission :user_groups_management, all_methods(:user_groups)"
+    perms << "set_permission :permissions_management, all_methods(:permissions)"
+    perms << "set_permission :my_account, only_methods(:users, :edit, :update, :show)"
+    add_permissions m, perms.join("\n  ")
+    add_predefined_user_group m, "set_protected_access :my_account"
+	end
+  def add_permissions(m, str)
+		sentinel = '# Define your permissions here:'
+		m.gsub_file 'lib/lockdown/init.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+				"#{match}\n  #{str}"
+		end
+  end
+  def add_predefined_user_group(m, str)
+		sentinel = '# Define the built-in user groups here:'
+		m.gsub_file 'lib/lockdown/init.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+				"#{match}\n  #{str}"
+    end
+  end
+	def add_login_routes(m)
+		home = %Q(map.home '', :controller => 'sessions', :action => 'new')
+		login = %Q(map.login '/login', :controller => 'sessions', :action => 'new')
+		logout =%Q(map.logout '/logout', :controller => 'sessions', :action => 'destroy')
+		sentinel = 'ActionController::Routing::Routes.draw do |map|'
+		m.gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+				"#{match}\n  #{home}\n\n  #{login}\n\n  #{logout}\n"
+		end
+  end
+  def banner
+<<-EOS
+Installs the lockdown framework to managing users user_groups
+and viewing permissions. Also includes a login screen.
+USAGE: #{$0} #{spec.name}
+EOS
+  end
+  def add_options!(opt)
+    opt.separator ''
+    opt.separator 'Options:'
+    opt.on("--all",
+      "Install all Lockdown templates") { |v| options[:all] = v }
+    opt.on("--models",
+      "Install only models and migrations (skip migrations by --no_migrations).") { |v| options[:models] = v }
+    opt.on("--management",
+      "Install  management functionality.  Which is --all minus --login. All models (migrations) included. ") { |v| options[:management] = v }
+    opt.on("--login",
+      "Install login functionality.  Which is --all minus --management. All models (migrations) included. ") { |v| options[:login] = v }
+    opt.on("--no_migrations",
+      "Skip migrations installation") { |v| options[:no_migrations] = v }
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb ADDED Viewed

@@ -0,0 +1,22 @@
+class PermissionsController < ApplicationController
+  # GET /permissions
+  # GET /permissions.xml
+  def index
+    @permissions = Permission.find(:all)
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @permissions }
+    end
+  end
+  # GET /permissions/1
+  # GET /permissions/1.xml
+  def show
+    @permission = Permission.find(params[:id])
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @permission }
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# This controller handles the login/logout function of the site.
+class SessionsController < ApplicationController
+  def new
+    #Stub required for Lockdown to grant access
+  end
+  def create
+    password_authentication(params[:login], params[:password])
+  end
+  def destroy
+		logger.info "resetting session in sessions controller"
+    reset_session
+    flash[:notice] = "You have been logged out."
+    redirect_back_or_default('/')
+  end
+  protected
+  def password_authentication(login, password)
+    set_session_user(User.authenticate(login, password))
+    if logged_in?
+      successful_login
+    else
+      failed_login
+    end
+  end
+  def failed_login(message = 'Authentication failed.')
+    flash[:error] = message
+    redirect_back_or_default login_url
+  end
+  def successful_login
+    flash[:notice] = "Logged in successfully"
+    redirect_back_or_default Lockdown::System.fetch(:successful_login_path)
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb ADDED Viewed

@@ -0,0 +1,113 @@
+class UserGroupsController < ApplicationController
+	before_filter :find_user_group, :only => [:show, :edit, :update, :destroy]
+	after_filter :update_permissions, :only => [:create, :update]
+  # GET /user_groups
+  # GET /user_groups.xml
+  def index
+    @user_groups = UserGroup.find(:all)
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @user_groups }
+    end
+  end
+  # GET /user_groups/1
+  # GET /user_groups/1.xml
+  def show
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @user_group }
+    end
+  end
+  # GET /user_groups/new
+  # GET /user_groups/new.xml
+  def new
+    @user_group = UserGroup.new
+		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @user_group }
+    end
+  end
+  # GET /user_groups/1/edit
+  def edit
+		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+  end
+  # POST /user_groups
+  # POST /user_groups.xml
+  def create
+    @user_group = UserGroup.new(params[:user_group])
+    respond_to do |format|
+      if @user_group.save
+        flash[:notice] = 'UserGroup was successfully created.'
+        format.html { redirect_to(@user_group) }
+        format.xml  { render :xml => @user_group, :status => :created, :location => @user_group }
+      else
+				@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @user_group.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+  # PUT /user_groups/1
+  # PUT /user_groups/1.xml
+  def update
+    respond_to do |format|
+      if @user_group.update_attributes(params[:user_group])
+        flash[:notice] = 'UserGroup was successfully updated.'
+        format.html { redirect_to(@user_group) }
+        format.xml  { head :ok }
+      else
+				@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @user_group.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+  # DELETE /user_groups/1
+  # DELETE /user_groups/1.xml
+  def destroy
+    @user_group.destroy
+    respond_to do |format|
+      format.html { redirect_to(user_groups_url) }
+      format.xml  { head :ok }
+    end
+  end
+	private
+	def find_user_group
+    @user_group = UserGroup.find(params[:id])
+    if @action_name != "show" && Lockdown::System.has_user_group?(@user_group)
+      raise SecurityError,"Invalid attempt to modify user group."
+    end
+  end
+	def update_permissions
+		new_perm_ids = params.collect{|p| p[0].split("_")[1].to_i if p[0] =~ /^perm_/}.compact
+		#
+		# Removed previously associated permissions if not checked this time.
+		#
+		@user_group.permissions.dup.each do |p|
+			@user_group.permissions.delete(p) unless new_perm_ids.include?(p.id)
+    end
+		#
+		# Add in the new permissions
+		#
+		new_perm_ids.each do |id|
+			next if @user_group.permission_ids.include?(id)
+			@user_group.permissions << Permission.find(id)
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/users_controller.rb ADDED Viewed

@@ -0,0 +1,124 @@
+class UsersController < ApplicationController
+	before_filter :find_user, :only => [:show, :edit, :update, :destroy]
+	after_filter :update_user_groups, :only => [:create, :update]
+  # GET /users
+  # GET /users.xml
+  def index
+    @users = User.find :all, :include => [:profile, :user_groups]
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @users }
+    end
+  end
+  # GET /users/1
+  # GET /users/1.xml
+  def show
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @user }
+    end
+  end
+  # GET /users/new
+  # GET /users/new.xml
+  def new
+		@user = User.new
+		@profile = Profile.new
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+		respond_to do |format|
+     format.html # new.html.erb
+     format.xml  { render :xml => @user }
+		end
+  end
+  # GET /users/1/edit
+  def edit
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+  end
+  # POST /users
+  # POST /users.xml
+  def create
+    @user = User.new(params[:user])
+    @profile = Profile.new(params[:profile])
+    @user.profile = @profile
+		if @user.save
+			flash[:notice] = "Thanks for signing up!"
+			redirect_to(users_path)
+		else
+			@user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+			flash[:error] = "Please correct the following issues"
+			render :action => "new"
+    end
+  end
+  # PUT /users/1
+  # PUT /users/1.xml
+  def update
+		@user.profile.attributes = params[:profile]
+		@user.attributes = params[:user]
+    respond_to do |format|
+      if @user.save
+        flash[:notice] = 'User was successfully updated.'
+        format.html { redirect_to(@user) }
+        format.xml  { head :ok }
+      else
+        @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+  # DELETE /users/1
+  # DELETE /users/1.xml
+  def destroy
+    @user.destroy
+    respond_to do |format|
+      format.html { redirect_to(users_url) }
+      format.xml  { head :ok }
+    end
+  end
+	def change_password
+		render :update do |page|
+			page.replace_html 'password', :partial => 'password'
+		end
+	end
+	private
+	def find_user
+		# Skip test if current user is an administrator
+		unless current_user_is_admin?
+			# Raise error if id not = current logged in user
+			raise SecurityError.new if (current_user_id != params[:id].to_i)
+		end
+		@user = User.find(params[:id])
+		raise SecurityError.new if @user.nil?
+		@profile = @user.profile
+	end
+	def update_user_groups
+		new_ug_ids = params.collect{|p| p[0].split("_")[1].to_i if p[0] =~ /^ug_/}.compact
+		#
+		# Removed previously associated user_groups if not checked this time.
+		#
+		@user.user_groups.dup.each do |g|
+			#Don't remove the automatically assigned user groups
+			next if Lockdown::System.has_user_group?(g)
+			@user.user_groups.delete(g) unless new_ug_ids.include?(g.id)
+    end
+		#
+		# Add in the new permissions
+		#
+		new_ug_ids.each do |id|
+			next if @user.user_group_ids.include?(id)
+			@user.user_groups << UserGroup.find(id)
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module PermissionsHelper
+  def permission_name_value
+		h @permission.name
+  end
+  def permission_access_rights_value
+    Lockdown::System.access_rights_for_permission(@permission).collect{|r| r}.join("<br/>")
+  end
+	def permission_users_value
+		@permission.all_users.collect{|u| link_to_or_show(u.full_name, u)}.join("<br/>")
+  end
+end

data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module UserGroupsHelper
+  def user_group_name_value
+    if @action_name == "show"
+       h @user_group.name
+    else
+       text_field_tag "user_group[name]", @user_group.name
+    end
+  end
+  def user_group_permissions_value
+    if @action_name == "show"
+       @user_group.permissions.collect{|p| p.name + "<br/>"}
+    else
+			rvalue = %{<ul id="all_permissions" class="checklist">}
+			@all_permissions.each_with_index do |perm,i|
+				bg = ( i % 2 == 0 ) ? "even" : "odd"
+				input_id = "perm_#{perm.id}"
+				checked = (@user_group.permission_ids.include?(perm.id) ? "checked" : "")
+				bg << "_" << checked if checked.length > 0
+				rvalue << <<-HTML
+					<li class="#{bg}">
+						<label id="lbl_#{input_id}" for="#{input_id}" onclick="do_highlight('#{input_id}')">
+							<input id="#{input_id}" name="#{input_id}" type="checkbox" #{checked}/>&nbsp;&nbsp;#{perm.name}
+						</label>
+					</li>
+				HTML
+       end
+			 rvalue << "</ul>"
+    end
+  end
+	def user_group_users_value
+		@user_group.all_users.collect{|u| link_to_or_show(u.full_name, u)}.join("<br/>")
+  end
+end