RubyGems - lockdown - Versions diffs - 0.5.0 → 0.5.1 - Mend

lockdown 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

data/rails_generators/lockdown_all/templates/app/controllers/sessions_controller.rb DELETED Viewed

@@ -1,38 +0,0 @@
-# This controller handles the login/logout function of the site.
-class SessionsController < ApplicationController
-  def new
-    #Stub required for Lockdown to grant access
-  end
-  def create
-    password_authentication(params[:login], params[:password])
-  end
-  def destroy
-		logger.info "resetting session in sessions controller"
-    reset_session
-    flash[:notice] = "You have been logged out."
-    redirect_back_or_default('/')
-  end
-  protected
-  def password_authentication(login, password)
-    set_session_user(User.authenticate(login, password))
-    if logged_in?
-      successful_login
-    else
-      failed_login
-    end
-  end
-  def failed_login(message = 'Authentication failed.')
-    flash[:error] = message
-    redirect_back_or_default login_url
-  end
-  def successful_login
-    flash[:notice] = "Logged in successfully"
-    redirect_back_or_default "/"
-  end
-end

data/rails_generators/lockdown_all/templates/app/controllers/user_groups_controller.rb DELETED Viewed

@@ -1,113 +0,0 @@
-class UserGroupsController < ApplicationController
-	before_filter :find_user_group, :only => [:show, :edit, :update, :destroy]
-	after_filter :update_permissions, :only => [:create, :update]
-  # GET /user_groups
-  # GET /user_groups.xml
-  def index
-    @user_groups = UserGroup.find(:all)
-    respond_to do |format|
-      format.html # index.html.erb
-      format.xml  { render :xml => @user_groups }
-    end
-  end
-  # GET /user_groups/1
-  # GET /user_groups/1.xml
-  def show
-    respond_to do |format|
-      format.html # show.html.erb
-      format.xml  { render :xml => @user_group }
-    end
-  end
-  # GET /user_groups/new
-  # GET /user_groups/new.xml
-  def new
-    @user_group = UserGroup.new
-		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
-    respond_to do |format|
-      format.html # new.html.erb
-      format.xml  { render :xml => @user_group }
-    end
-  end
-  # GET /user_groups/1/edit
-  def edit
-		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
-  end
-  # POST /user_groups
-  # POST /user_groups.xml
-  def create
-    @user_group = UserGroup.new(params[:user_group])
-    respond_to do |format|
-      if @user_group.save
-        flash[:notice] = 'UserGroup was successfully created.'
-        format.html { redirect_to(@user_group) }
-        format.xml  { render :xml => @user_group, :status => :created, :location => @user_group }
-      else
-				@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
-        format.html { render :action => "new" }
-        format.xml  { render :xml => @user_group.errors, :status => :unprocessable_entity }
-      end
-    end
-  end
-  # PUT /user_groups/1
-  # PUT /user_groups/1.xml
-  def update
-    respond_to do |format|
-      if @user_group.update_attributes(params[:user_group])
-        flash[:notice] = 'UserGroup was successfully updated.'
-        format.html { redirect_to(@user_group) }
-        format.xml  { head :ok }
-      else
-				@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
-        format.html { render :action => "edit" }
-        format.xml  { render :xml => @user_group.errors, :status => :unprocessable_entity }
-      end
-    end
-  end
-  # DELETE /user_groups/1
-  # DELETE /user_groups/1.xml
-  def destroy
-    @user_group.destroy
-    respond_to do |format|
-      format.html { redirect_to(user_groups_url) }
-      format.xml  { head :ok }
-    end
-  end
-	private
-	def find_user_group
-    @user_group = UserGroup.find(params[:id])
-    if @action_name != "show" && Lockdown::System.has_user_group?(@user_group)
-      raise SecurityError,"Invalid attempt to modify user group."
-    end
-  end
-	def update_permissions
-		new_perm_ids = params.collect{|p| p[0].split("_")[1].to_i if p[0] =~ /^perm_/}.compact
-		#
-		# Removed previously associated permissions if not checked this time.
-		#
-		@user_group.permissions.dup.each do |p|
-			@user_group.permissions.delete(p) unless new_perm_ids.include?(p.id)
-    end
-		#
-		# Add in the new permissions
-		#
-		new_perm_ids.each do |id|
-			next if @user_group.permission_ids.include?(id)
-			@user_group.permissions << Permission.find(id)
-    end
-  end
-end

data/rails_generators/lockdown_all/templates/app/controllers/users_controller.rb DELETED Viewed

@@ -1,124 +0,0 @@
-class UsersController < ApplicationController
-	before_filter :find_user, :only => [:show, :edit, :update, :destroy]
-	after_filter :update_user_groups, :only => [:create, :update]
-  # GET /users
-  # GET /users.xml
-  def index
-    @users = User.find :all, :include => [:profile, :user_groups]
-    respond_to do |format|
-      format.html # index.html.erb
-      format.xml  { render :xml => @users }
-    end
-  end
-  # GET /users/1
-  # GET /users/1.xml
-  def show
-    respond_to do |format|
-      format.html # show.html.erb
-      format.xml  { render :xml => @user }
-    end
-  end
-  # GET /users/new
-  # GET /users/new.xml
-  def new
-		@user = User.new
-		@profile = Profile.new
-    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
-		respond_to do |format|
-     format.html # new.html.erb
-     format.xml  { render :xml => @user }
-		end
-  end
-  # GET /users/1/edit
-  def edit
-    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
-  end
-  # POST /users
-  # POST /users.xml
-  def create
-    @user = User.new(params[:user])
-    @profile = Profile.new(params[:profile])
-    @user.profile = @profile
-		if @user.save
-			flash[:notice] = "Thanks for signing up!"
-			redirect_to(users_path)
-		else
-			@user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
-			flash[:error] = "Please correct the following issues"
-			render :action => "new"
-    end
-  end
-  # PUT /users/1
-  # PUT /users/1.xml
-  def update
-		@user.profile.attributes = params[:profile]
-		@user.attributes = params[:user]
-    respond_to do |format|
-      if @user.save
-        flash[:notice] = 'User was successfully updated.'
-        format.html { redirect_to(@user) }
-        format.xml  { head :ok }
-      else
-        @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
-        format.html { render :action => "edit" }
-        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
-      end
-    end
-  end
-  # DELETE /users/1
-  # DELETE /users/1.xml
-  def destroy
-    @user.destroy
-    respond_to do |format|
-      format.html { redirect_to(users_url) }
-      format.xml  { head :ok }
-    end
-  end
-	def change_password
-		render :update do |page|
-			page.replace_html 'password', :partial => 'password'
-		end
-	end
-	private
-	def find_user
-		# Skip test if current user is an administrator
-		unless current_user_is_admin?
-			# Raise error if id not = current logged in user
-			raise SecurityError.new if (current_user_id != params[:id].to_i)
-		end
-		@user = User.find(params[:id])
-		raise SecurityError.new if @user.nil?
-		@profile = @user.profile
-	end
-	def update_user_groups
-		new_ug_ids = params.collect{|p| p[0].split("_")[1].to_i if p[0] =~ /^ug_/}.compact
-		#
-		# Removed previously associated user_groups if not checked this time.
-		#
-		@user.user_groups.dup.each do |g|
-			#Don't remove the automatically assigned user groups
-			next if Lockdown::System.has_user_group?(g)
-			@user.user_groups.delete(g) unless new_ug_ids.include?(g.id)
-    end
-		#
-		# Add in the new permissions
-		#
-		new_ug_ids.each do |id|
-			next if @user.user_group_ids.include?(id)
-			@user.user_groups << UserGroup.find(id)
-    end
-  end
-end

data/rails_generators/lockdown_all/templates/app/helpers/permissions_helper.rb DELETED Viewed

@@ -1,13 +0,0 @@
-module PermissionsHelper
-  def permission_name_value
-		h @permission.name
-  end
-  def permission_access_rights_value
-    Lockdown::System.access_rights_for_permission(@permission).collect{|r| r}.join("<br/>")
-  end
-	def permission_users_value
-		@permission.all_users.collect{|u| link_to_or_show(u.full_name, u)}.join("<br/>")
-  end
-end

data/rails_generators/lockdown_all/templates/app/helpers/user_groups_helper.rb DELETED Viewed

@@ -1,35 +0,0 @@
-module UserGroupsHelper
-  def user_group_name_value
-    if @action_name == "show"
-       h @user_group.name
-    else
-       text_field_tag "user_group[name]", @user_group.name
-    end
-  end
-  def user_group_permissions_value
-    if @action_name == "show"
-       @user_group.permissions.collect{|p| p.name + "<br/>"}
-    else
-			rvalue = %{<ul id="all_permissions" class="checklist">}
-			@all_permissions.each_with_index do |perm,i|
-				bg = ( i % 2 == 0 ) ? "even" : "odd"
-				input_id = "perm_#{perm.id}"
-				checked = (@user_group.permission_ids.include?(perm.id) ? "checked" : "")
-				bg << "_" << checked if checked.length > 0
-				rvalue << <<-HTML
-					<li class="#{bg}">
-						<label id="lbl_#{input_id}" for="#{input_id}" onclick="do_highlight('#{input_id}')">
-							<input id="#{input_id}" name="#{input_id}" type="checkbox" #{checked}/>&nbsp;&nbsp;#{perm.name}
-						</label>
-					</li>
-				HTML
-       end
-			 rvalue << "</ul>"
-    end
-  end
-	def user_group_users_value
-		@user_group.all_users.collect{|u| link_to_or_show(u.full_name, u)}.join("<br/>")
-  end
-end

data/rails_generators/lockdown_all/templates/app/helpers/users_helper.rb DELETED Viewed

@@ -1,78 +0,0 @@
-module UsersHelper
-  def profile_first_name_value
-    if @action_name == "show"
-      h @profile.first_name
-    else
-      text_field_tag "profile[first_name]", @profile.first_name
-    end
-  end
-  def profile_last_name_value
-    if @action_name == "show"
-      h @profile.last_name
-    else
-      text_field_tag "profile[last_name]", @profile.last_name
-    end
-  end
-  def profile_email_value
-    if @action_name == "show"
-      h @profile.email
-    else
-      text_field_tag "profile[email]", @profile.email
-    end
-  end
-  def user_login_value
-    if @action_name == "show"
-      h @user.login
-    else
-      text_field_tag "user[login]", @user.login
-    end
-  end
-  def user_password_value
-    if @action_name == "show"
-      h "Hidden for security..."
-    else
-      %{<input autocomplete="off" type="password" name="user[password]" id="user_password"/>}
-    end
-  end
-  def user_password_confirmation_value
-    if @action_name == "show"
-      h "Hidden for security..."
-    else
-      %{<input autocomplete="off" type="password" name="user[password_confirmation]" id="user_password_confirmation"/>}
-    end
-  end
-  def user_user_groups_value
-    if @action_name == "show"
-      @user.user_groups.collect{|ug| ug.name + "<br/>"}
-    else
-      rvalue = %{<ul id="all_user_groups" class="checklist">}
-      #
-      # Restrict user group list to the list of the current user.
-      # This prevents a user from creating someone with more access than
-      # him/herself.
-      #
-      @user_groups_for_user.each_with_index do |ug,i|
-        bg =  ( i % 2 == 0 ) ? "even" : "odd"
-        input_id = "ug_#{ug.id}"
-        checked = (@user.user_group_ids.include?(ug.id) ? "checked" : "")
-        bg << "_" << checked if checked.length > 0
-        rvalue << <<-HTML
-          <li class="#{bg}">
-            <label id="lbl_#{input_id}" for="#{input_id}" onclick="do_highlight('#{input_id}')">
-            <input id="#{input_id}" name="#{input_id}" type="checkbox" #{checked}/>&nbsp;&nbsp;#{ug.name}
-            </label>
-          </li>
-        HTML
-      end
-      rvalue << "</ul>"
-    end
-  end
-end

data/rails_generators/lockdown_all/templates/app/models/permission.rb DELETED Viewed

@@ -1,13 +0,0 @@
-class Permission < ActiveRecord::Base
-  has_and_belongs_to_many :user_groups
-	def all_users
-		User.find_by_sql <<-SQL
-			select users.*
-			from users, user_groups_users, permissions_user_groups
-			where users.id = user_groups_users.user_id
-			and user_groups_users.user_group_id = permissions_user_groups.user_group_id
-			and permissions_user_groups.permission_id = #{self.id}
-		SQL
-  end
-end

data/rails_generators/lockdown_all/templates/app/models/profile.rb DELETED Viewed

@@ -1,10 +0,0 @@
-class Profile < ActiveRecord::Base
-  SYSTEM = 1
-  validates_presence_of :email, :first_name, :last_name
-  validates_length_of :email, :within => 5..100
-  validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
-  validates_uniqueness_of :email, :case_sensitive => false
-end

data/rails_generators/lockdown_all/templates/app/models/user.rb DELETED Viewed

@@ -1,72 +0,0 @@
-require 'digest/sha1'
-class User < ActiveRecord::Base
-  has_and_belongs_to_many :user_groups
-  belongs_to :profile
-  # Virtual attributes
-  attr_accessor :password
-  validates_presence_of     :login
-  validates_presence_of     :password,                   :if => :password_required?
-  validates_presence_of     :password_confirmation,      :if => :password_required?
-  validates_length_of       :password, :within => 4..40, :if => :password_required?
-  validates_confirmation_of :password,                   :if => :password_required?
-  validates_length_of       :login,    :within => 3..40
-  validates_uniqueness_of   :login, :case_sensitive => false
-  validates_presence_of :profile
-	validates_associated	:profile
-	before_save :prepare_for_save
-  attr_accessible :login, :password, :password_confirmation
-  # Authenticates a user by their login name and unencrypted password.
-  # Returns the user or nil.
-  def self.authenticate(login, password)
-    u = find :first, :conditions => ['login = ?', login] # need to get the salt
-    u && u.authenticated?(password) ? u : nil
-  end
-  # Encrypts some data with the salt.
-  def self.encrypt(password, salt)
-    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
-  end
-  # Encrypts the password with the user salt
-  def encrypt(password)
-    self.class.encrypt(password, salt)
-  end
-  def authenticated?(password)
-    crypted_password == encrypt(password)
-  end
-  def email
-    self.profile.email
-  end
-  def full_name
-    self.profile.first_name + " " + self.profile.last_name
-  end
-  protected
-  def prepare_for_save
-    encrypt_password
-    self.profile.save
-  end
-  def encrypt_password
-    return if password.blank?
-    if new_record?
-      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--")
-    end
-    self.crypted_password = encrypt(password)
-  end
-  def password_required?
-    (crypted_password.blank? || !password.blank?)
-  end
-end

data/rails_generators/lockdown_all/templates/app/models/user_group.rb DELETED Viewed

@@ -1,15 +0,0 @@
-class UserGroup < ActiveRecord::Base
-  has_and_belongs_to_many :permissions
-  has_and_belongs_to_many :users
-  validates_presence_of :name
-	def all_users
-		User.find_by_sql <<-SQL
-			select users.*
-			from users, user_groups_users
-			where users.id = user_groups_users.user_id
-			and user_groups_users.user_group_id = #{self.id}
-    SQL
-	end
-end

data/rails_generators/lockdown_all/templates/app/views/permissions/_data.html.erb DELETED Viewed

@@ -1,13 +0,0 @@
-<p>
-  <b>Name</b><br />
-  <%= permission_name_value %>
-</p>
-<p>
-  <b>Access rights:</b><br />
-  <%= permission_access_rights_value %>
-</p>
-<p>
-  <b>Users with permission:</b><br />
-  <%= permission_users_value %>
-</p>

data/rails_generators/lockdown_all/templates/app/views/permissions/index.html.erb DELETED Viewed

@@ -1,16 +0,0 @@
-<h1>Listing Permissions</h1>
-<table>
-  <tr>
-    <th>Name</th>
-  </tr>
-<% for permission in @permissions %>
-  <tr>
-    <td><%=h permission.name %></td>
-    <td><%= link_to 'Show', permission %></td>
-  </tr>
-<% end %>
-</table>
-<br />

data/rails_generators/lockdown_all/templates/app/views/permissions/show.html.erb DELETED Viewed

@@ -1,3 +0,0 @@
-<%= render :partial => "data",  :locals => {:f => nil} %>
-<%= link_to 'Back', permissions_path %>

data/rails_generators/lockdown_all/templates/app/views/sessions/new.html.erb DELETED Viewed

@@ -1,12 +0,0 @@
-<%= flash[:notice] if flash[:notice] %>
-<%= flash[:error] if flash[:error] %>
-<% form_tag sessions_path do -%>
-	<p><label for="login">Login</label><br/>
-	<%= text_field_tag 'login' %></p>
-	<p><label for="password">Password</label><br/>
-	<%= password_field_tag 'password' %></p>
-	<p><%= submit_tag 'Log in' %></p>
-<% end -%>

data/rails_generators/lockdown_all/templates/app/views/user_groups/_data.html.erb DELETED Viewed

@@ -1,44 +0,0 @@
-<!--
-take the style block out.  this is duplicated in users/_data.html.erb
-without this, the user group selection is just no good
--->
-<style>
-.checklist{
-  overflow: auto;
-  border: 1px solid #ccc;
-  list-style: none;
-  height: 300px;
-  text-align: left;
-  list-style: none;
-  margin-left: 12px;
-}
-.checklist li{
-  padding-left: 6px;
-}
-li.even_checked,
-li.even{
-  background: #DFDFDF;
-}
-li.even_checked,
-li.odd_checked{
-  color: red;
-}
-</style>
-<p>
-  <b>Name</b><br />
-  <%= user_group_name_value %>
-</p>
-<p>
-  <b>Permissions</b><br />
-  <%= user_group_permissions_value %>
-</p>
-<% if @action_name == "show" %>
-	<p>
-		<b>Users in user group:</b><br />
-		<%= user_group_users_value  %>
-	</p>
-<% end%>

data/rails_generators/lockdown_all/templates/app/views/user_groups/_form.html.erb DELETED Viewed

@@ -1,11 +0,0 @@
-<%
-  submit_label = "Update"
-  submit_label = "Create" if @user_group.new_record?
--%>
-<%= error_messages_for :user_group %>
-<% form_for(@user_group) do |f| %>
-  <%= render :partial => "data", :locals => {:f => f} %>
-  <p> <%= f.submit submit_label %> </p>
-<% end %>

data/rails_generators/lockdown_all/templates/app/views/user_groups/edit.html.erb DELETED Viewed

@@ -1,6 +0,0 @@
-<h1>Editing Usergroup</h1>
-<%= render :partial => "form" %>
-<%= link_to 'Show', @user_group %> |
-<%= link_to 'Back', user_groups_path %>

data/rails_generators/lockdown_all/templates/app/views/user_groups/index.html.erb DELETED Viewed

@@ -1,20 +0,0 @@
-<h1>Listing User Groups</h1>
-<table>
-  <tr>
-    <th>Name</th>
-  </tr>
-<% for user_group in @user_groups %>
-  <tr>
-    <td><%=h user_group.name %></td>
-    <td><%= link_to 'Show', user_group %></td>
-    <td><%= link_to('Edit', edit_user_group_path(user_group)) unless Lockdown::System.has_user_group?(user_group) %></td>
-    <td><%= link_to('Destroy', user_group, :confirm => 'Are you sure?', :method => :delete) unless Lockdown::System.has_user_group?(user_group) %></td>
-  </tr>
-<% end %>
-</table>
-<br />
-<%= link_to 'New User Group', new_user_group_path %>

data/rails_generators/lockdown_all/templates/app/views/user_groups/new.html.erb DELETED Viewed

@@ -1,5 +0,0 @@
-<h1>New Usergroup</h1>
-<%= render :partial => "form" %>
-<%= link_to 'Back', user_groups_path %>

data/rails_generators/lockdown_all/templates/app/views/user_groups/show.html.erb DELETED Viewed

@@ -1,6 +0,0 @@
-<%= render :partial => "data",  :locals => {:f => nil} %>
-<% unless Lockdown::System.has_user_group?(@user_group) %>
-  <%= link_to 'Edit', edit_user_group_path(@user_group) %> |
-<% end %>
-<%= link_to 'Back', user_groups_path %>