lockdown 0.5.22 → 0.6.0

data/Manifest.txt

@@ -2,7 +2,6 @@ History.txt
 License.txt
 Manifest.txt
 PostInstall.txt
-README
 README.txt
 Rakefile
 app_generators/lockdown/USAGE
@@ -10,17 +9,23 @@ app_generators/lockdown/lockdown_generator.rb
 app_generators/lockdown/templates/init.rb
 app_generators/lockdown/templates/session.rb
 bin/lockdown
-config/hoe.rb
-config/requirements.rb
 lib/lockdown.rb
 lib/lockdown/classy-inheritance.rb
 lib/lockdown/controller.rb
-lib/lockdown/controller_inspector.rb
+lib/lockdown/database.rb
+lib/lockdown/frameworks/merb.rb
+lib/lockdown/frameworks/merb/controller.rb
+lib/lockdown/frameworks/merb/view.rb
+lib/lockdown/frameworks/rails.rb
+lib/lockdown/frameworks/rails/controller.rb
+lib/lockdown/frameworks/rails/view.rb
 lib/lockdown/helper.rb
-lib/lockdown/model.rb
+lib/lockdown/orms/active_record.rb
+lib/lockdown/orms/data_mapper.rb
+lib/lockdown/rights.rb
+lib/lockdown/session.rb
 lib/lockdown/system.rb
 lib/lockdown/version.rb
-lib/lockdown/view.rb
 rails_generators/lockdown/USAGE
 rails_generators/lockdown/lockdown_generator.rb
 rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
@@ -60,9 +65,6 @@ script/destroy
 script/generate
 script/txt2html
 setup.rb
-tasks/deployment.rake
-tasks/environment.rake
-tasks/website.rake
 test/test_generator_helper.rb
 test/test_helper.rb
 test/test_lockdown.rb

data/Rakefile

@@ -1,4 +1,28 @@
-require 'config/requirements'
-require 'config/hoe' # setup Hoe + all gem configuration
+%w[rubygems rake rake/clean fileutils newgem rubigen].each { |f| require f }
+require File.dirname(__FILE__) + '/lib/lockdown/version'
 
-Dir['tasks/**/*.rake'].each { |rake| load rake }
+# Generate all the Rake tasks
+# Run 'rake -T' to see list of generated tasks (from gem root directory)
+$hoe = Hoe.new('lockdown', Lockdown::VERSION::STRING) do |p|
+  p.developer('Andrew Stone', 'andy@stonean.com')
+  
+  p.changes                 = p.paragraphs_of("History.txt", 0..1).join("\n\n")
+  p.post_install_message    = 'PostInstall.txt'
+  p.rubyforge_name          = p.name
+  p.extra_deps              = [ ['classy-inheritance', '>=0.6.2'] ]
+  p.extra_dev_deps          = [ ['newgem', ">= #{::Newgem::VERSION}"] ]
+  
+  p.clean_globs |= %w[**/.DS_Store tmp *.log]
+  
+  path = (p.rubyforge_name == p.name) ? p.rubyforge_name : "\#{p.rubyforge_name}/\#{p.name}"
+  
+  p.remote_rdoc_dir = File.join(path.gsub(/^#{p.rubyforge_name}\/?/,''), 'rdoc')
+  
+  p.rsync_args = '-av --delete --ignore-errors'
+end
+
+require 'newgem/tasks' # load /tasks/*.rake
+Dir['tasks/**/*.rake'].each { |t| load t }
+
+# TODO - want other tests/tasks run by default? Add them to the list
+# task :default => [:spec, :features]

data/app_generators/lockdown/templates/init.rb

@@ -23,9 +23,10 @@ Lockdown::System.configure do
   # Set redirect to path on successful login:
   #       options[:successful_login_path] = "/"
   #
-  # Set the system to sync the Permissions and UserGroups defined here
-  # with the database. 
-  #       options[:sync_init_rb_with_db] = true
+  # If deploying to a subdirectory, set that here. Defaults to nil
+  #       options[:subdirectory] = "blog"
+  #       *Notice: Do not add leading or trailing slashes,
+  #                Lockdown will handle this
   #
   #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   # Define permissions

data/bin/lockdown

@@ -95,10 +95,8 @@ begin
   RubiGen::Scripts::Generate.new.run(ARGV, :generator => 'lockdown', :framework => @framework)
 
   File.open(config_file, "a") do |f|
-    require_classy = %Q(require "lockdown/classy-inheritance")
     require_lockdown =  %Q(require "lockdown/init")
 
-    f << %Q(\n#{require_classy}\n) unless configuration_file_has?(require_classy)
     f << %Q(\n#{require_lockdown}\n) unless configuration_file_has?(require_lockdown)
   end
 rescue Exception => e

data/lib/lockdown/classy-inheritance.rb

@@ -1,192 +1,13 @@
-$:.unshift(File.dirname(__FILE__)) unless
-  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
-
-=begin
-module ActiveRecord::Validations::ClassMethods
-  def validates_associated(association, options = {})
-    class_eval do
-      validates_each(association) do |record, associate_name, value|
-        associate = record.send(associate_name)
-        if associate && !associate.valid?
-          associate.errors.each do |key, value|
-            record.errors.add(key, value)
-          end
-        end
-      end
+if Object.const_defined?("ActiveRecord")
+  unless  Object.const_defined?("Stonean") && Stonean.const_defined?("ClassyInheritance")
+    begin
+      require "classy-inheritance"
+    rescue LoadError
+      puts <<-MSG 
+        You need to install classy-inheritance to use the provided models.
+        With gems, use `gem install classy-inheritance'
+      MSG
+      exit
     end
   end
-end
-=end
-
-module Stonean
-  module ClassyInheritance
-    def self.included(base)
-      base.extend Stonean::ClassyInheritance::ClassMethods
-    end
-
-    module ClassMethods
-      def depends_on(model_sym, options = {}) 
-        define_relationship(model_sym,options)
-
-        # Optional presence of handling
-        if options.has_key?(:validates_presence_if) && options[:validates_presence_if] != true
-          if [Symbol, String, Proc].include?(options[:validates_presence_if].class)
-            validates_presence_of model_sym, :if => options[:validates_presence_if]
-          end
-        else
-          validates_presence_of model_sym
-        end
-
-        if options.has_key?(:validates_associated_if) && options[:validates_associated_if] != true
-          if [Symbol, String, Proc].include?(options[:validates_assoicated_if].class)
-            validates_associated model_sym, :if => options[:validates_associated_if]
-          end
-        else
-          validates_associated model_sym
-        end
-
-        # Before save functionality to create/update the requisite object
-        define_save_method(model_sym, options[:as])
-
-        # Adds a find_with_<model_sym> class method
-        define_find_with_method(model_sym)
-
-        if options[:as]
-          define_can_be_method_on_requisite_class(options[:class_name] || model_sym, options[:as])
-        end
-
-        options[:attrs].each{|attr| define_accessors(model_sym, attr, options)}
-      end
-
-
-      def can_be(model_sym, options = {})
-        unless options[:as]
-          raise ArgumentError, ":as attribute required when calling can_be"
-        end
-
-        klass = model_sym.to_s.classify
-
-        define_method "is_a_#{model_sym}?" do
-          eval("self.#{options[:as]}_type == '#{klass}'")
-        end
-
-        find_with_method = "find_with_#{self.name.underscore}"
-
-        define_method "as_a_#{model_sym}" do
-          eval("#{klass}.send(:#{find_with_method},self.#{options[:as]}_id)")
-        end
-      end
-
-      private
-
-      def classy_options
-        [:as, :attrs, :prefix, :postfix, :validates_presence_if, :validates_associated_if]
-      end
-
-      def delete_classy_options(options, *keepers)
-        options.delete_if do |key,value|
-          classy_options.include?(key) && !keepers.include?(key)
-        end
-        options
-      end
-
-      def define_relationship(model_sym, options)
-        opts = delete_classy_options(options.dup, :as)
-        if opts[:as]
-          as_opt = opts.delete(:as)
-          opts = polymorphic_constraints(as_opt).merge(opts)
-          has_one model_sym, opts
-        else
-          belongs_to model_sym, opts
-        end
-      end
-
-      def define_save_method(model_sym, polymorphic_name = nil)
-        define_method "save_requisite_#{model_sym}" do
-          # Return unless the association exists
-          eval("return unless self.#{model_sym}")
-
-          # Set the polymorphic type and id before saving
-          if polymorphic_name
-            eval("self.#{model_sym}.#{polymorphic_name}_type = self.class.name")
-            eval("self.#{model_sym}.#{polymorphic_name}_id = self.id")
-          end
-
-          if polymorphic_name
-            # Save only if it's an update, has_one creates automatically
-            eval <<-SAVEIT
-              unless self.#{model_sym}.new_record?
-                self.#{model_sym}.save
-              end
-            SAVEIT
-          else
-            eval("self.#{model_sym}.save")
-          end
-        end
-
-        before_save "save_requisite_#{model_sym}".to_sym
-      end
-
-      def define_find_with_method(model_sym)
-        self.class.send :define_method, "find_with_#{model_sym}" do |*args|
-          eval <<-CODE
-            if args[1] && args[1].is_a?(Hash)
-              if args[1].has_key?(:include)
-                inc_val = args[1][:include]
-                new_val = inc_val.is_a?(Array) ? inc_val.push(:#{:model_sym}) : [inc_val, :#{model_sym}] 
-                args[1][:include] = new_val
-              else
-                args[1].merge!({:include => :#{model_sym}})
-              end
-            else
-              args << {:include => :#{model_sym}}
-            end
-            find(*args)
-          CODE
-        end
-      end
-
-      def define_accessors(model_sym, attr, options)
-        accessor_method_name = attr
-
-        if options[:prefix]
-          accessor_method_name = (options[:prefix] == true) ? "#{model_sym}_#{accessor_method_name}" : "#{options[:prefix]}_#{accessor_method_name}"
-        end
-
-        if options[:postfix]
-          accessor_method_name = (options[:postfix] == true) ? "#{accessor_method_name}_#{model_sym}" : "#{accessor_method_name}_#{options[:postfix]}"
-        end
-
-        define_method accessor_method_name do
-          eval("self.#{model_sym} ? self.#{model_sym}.#{attr} : nil")
-        end
-
-        define_method "#{accessor_method_name}=" do |val|
-          model_defined = eval("self.#{model_sym}")
-
-          unless model_defined
-            klass = options[:class_name] || model_sym.to_s.classify
-            eval("self.#{model_sym} = #{klass}.new")
-          end
-
-          eval("self.#{model_sym}.#{attr}= val")
-        end
-      end
-
-      def define_can_be_method_on_requisite_class(model_sym, polymorphic_name)
-        klass = model_sym.to_s.classify
-        requisite_klass = eval(klass)
-        unless requisite_klass.respond_to?(self.name.underscore.to_sym)
-          requisite_klass.send :can_be, self.name.underscore, 
-                                      :as => polymorphic_name 
-        end
-      end
-
-      def polymorphic_constraints(polymorphic_name)
-        { :foreign_key => "#{polymorphic_name}_id",
-          :conditions => "#{polymorphic_name}_type = '#{self.name}'"}
-      end
-    end # ClassMethods
-  end # ClassyInheritance module
-end # Stonean module
-ActiveRecord::Base.send :include, Stonean::ClassyInheritance
+end           

data/lib/lockdown/controller.rb

@@ -1,239 +1,67 @@
 module Lockdown
-  module Controller#:nodoc:
-    #
-    # Core Controller locking methods
-    #
+  module Controller
     module Core
-      def self.included(base)
-        base.send :include, Lockdown::Controller::Core::InstanceMethods
+      def configure_lockdown
+        check_session_expiry
+        store_location
       end
-      
-      module InstanceMethods
-        def configure_lock_down
-          check_session_expiry
-          store_location
-        end
 
-        def set_current_user
-          login_from_basic_auth? unless logged_in?
-          if logged_in?
-            Thread.current[:profile_id] = current_profile_id
-            Thread.current[:client_id] = current_client_id if respond_to? :current_client_id
-          end
+      def set_current_user
+        login_from_basic_auth? unless logged_in?
+        if logged_in?
+          Thread.current[:profile_id] = current_profile_id
+          Thread.current[:client_id] = current_client_id if respond_to? :current_client_id
         end
+      end
   
-        def check_request_authorization
-          unless authorized?(path_from_hash(params))
-            raise SecurityError, "Authorization failed for params #{params.inspect}"
-          end
+      def check_request_authorization
+        unless authorized?(path_from_hash(params))
+          raise SecurityError, "Authorization failed for params #{params.inspect}"
         end
+      end
       
-        def redirect_back_or_default(default)
-          session[:prevpage] ? send_to(session[:prevpage]) : send_to(default)
-        end
-
-        private
-
-        def path_allowed?(url)
-          req = Lockdown.format_controller_action(url)
-          session[:access_rights] ||= Lockdown::System.public_access
-          session[:access_rights].each do |ar|
-            return true if req == ar
-          end
-          false
+      def path_allowed?(url)
+        session[:access_rights] ||= Lockdown::System.public_access
+        session[:access_rights].each do |ar|
+          return true if url == ar
         end
+        false
+      end
         
-        def check_session_expiry
-          if session[:expiry_time] && session[:expiry_time] < Time.now
-            nil_lockdown_values
-            timeout_method = Lockdown::System.fetch(:session_timeout_method)
-            if timeout_method.is_a?(Symbol) && self.respond_to?(timeout_method)
-              send(timeout_method) 
-            end
+      def check_session_expiry
+        if session[:expiry_time] && session[:expiry_time] < Time.now
+          nil_lockdown_values
+          timeout_method = Lockdown::System.fetch(:session_timeout_method)
+          if timeout_method.is_a?(Symbol) && self.respond_to?(timeout_method)
+            send(timeout_method) 
           end
-          session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
         end
+        session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
+      end
               
-        def store_location
-          if (request.method == :get) && (session[:thispage] != sent_from_uri)
-            session[:prevpage] = session[:thispage] || ''
-            session[:thispage] = sent_from_uri
-          end
-        end
-      
-        # Called from current_user.  Now, attempt to login by
-        # basic authentication information.
-        def login_from_basic_auth?
-          username, passwd = get_auth_data
-          if username && passwd
-            set_session_user User.authenticate(username, passwd)
-          end
-        end
-    
-        @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-        # gets BASIC auth info
-        def get_auth_data
-          auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-          auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-          return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+      def store_location
+        if (request.method == :get) && (session[:thispage] != sent_from_uri)
+          session[:prevpage] = session[:thispage] || ''
+          session[:thispage] = sent_from_uri
         end
-      end # InstanceMethods
-    end # Core
-
-    #
-    # Merb Controller locking methods
-    #
-    module Merb
-      def self.included(base)
-        base.send :include, Lockdown::Controller::Merb::InstanceMethods
-
-        base.before :set_current_user
-        base.before :configure_lock_down
-        base.before :check_request_authorization
       end
-
-      module InstanceMethods
-        def self.included(base)
-          base.class_eval do
-            alias :send_to  :redirect
-          end
-          base.send :include, Lockdown::Controller::Core
-        end
-
-        def sent_from_uri
-          request.uri
-        end
-
-        def authorized?(path)
-          return true if current_user_is_admin?
-
-          # See if path is known
-          if path_allowed?(path)
-            true 
-          else
-            false
-          end
-        end
       
-        # Can log Error => e if desired, I don't desire to now.
-        # For now, just send home, but will probably make this configurable
-        def access_denied(e)
-          send_to Lockdown::Session[:access_denied_path]
-        end
-
-        def path_from_hash(hsh)
-          return hsh if hsh.is_a?(String)
-          hsh = hsh.to_hash if hsh.is_a?(Mash)
-          hsh['controller'].to_s + "/" + hsh['action'].to_s
-        end
-        
-      end # InstanceMethods
-    end # Merb
-
-    #
-    # Rails Controller locking methods
-    #
-    module Rails
-      def self.included(base)
-        base.send :include, Lockdown::Controller::Rails::InstanceMethods
-
-        base.before_filter do |controller|
-          controller.set_current_user
-          controller.configure_lock_down
-          controller.check_request_authorization
+      # Called from current_user.  Now, attempt to login by
+      # basic authentication information.
+      def login_from_basic_auth?
+        username, passwd = get_auth_data
+        if username && passwd
+          set_session_user User.authenticate(username, passwd)
         end
-
-        base.send :helper_method, :authorized?
-
-        base.filter_parameter_logging :password, :password_confirmation
-      
-        base.rescue_from SecurityError,
-          :with => proc{|e| access_denied(e)}
       end
-
-      module InstanceMethods
-        def self.included(base)
-          base.class_eval do
-            alias :send_to  :redirect_to
-          end
-          base.send :include, Lockdown::Controller::Core
-        end
-
-        def sent_from_uri
-          request.request_uri
-        end
-
-        def authorized?(url)
-          return false unless url
-
-          return true if current_user_is_admin?
-
-          url.strip!
-
-          url_parts = URI::split(url)
-        
-          path = url_parts[5]
-
-          # See if path is known
-          return true if path_allowed?(path)
-
-          # Test to see if url contains id 
-          parts = path.split("/").collect{|p| p unless p =~ /\A\d+\z/}.compact
-          new_path = parts.join("/")
-
-          return true if path_allowed?(new_path)
-
-          # Test for a named routed
-          begin
-            hsh = ActionController::Routing::Routes.recognize_path(path)
-            unless hsh.nil? || hsh[:id]
-              return true if path_allowed?(path_from_hash(hsh)) 
-            end
-          rescue Exception 
-            # continue on
-          end
-
-          # Passing in different domain
-          return true if remote_url?(url_parts[2])
-
-          false
-        end
-      
-        def access_denied(e)
-          if Lockdown::System.fetch(:logout_on_access_violation)
-            reset_session
-          end
-
-          respond_to do |accepts|
-            accepts.html do
-              store_location
-              send_to Lockdown::System.fetch(:access_denied_path)
-            end
-            accepts.xml do
-              headers["Status"] = "Unauthorized"
-              headers["WWW-Authenticate"] = %(Basic realm="Web Password")
-              render :text => e.message, :status => "401 Unauthorized"
-            end
-          end
-          false
-        end
-
-        def path_from_hash(hsh)
-          hsh[:controller].to_s + "/" + hsh[:action].to_s
-        end
-
-        def remote_url?(domain = nil)
-          return false if domain.nil? || domain.strip.length == 0
-          request.host.downcase != domain.downcase
-        end
-      end # InstanceMethods
-    end # Rails
-  end # Controller
-end # Lockdown
-
-if Lockdown.merb_app?
-  Merb::Controller.send :include, Lockdown::Controller::Merb
-elsif Lockdown.rails_app?
-  ActionController::Base.send :include, Lockdown::Controller::Rails
-end
-
+    
+      @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+      # gets BASIC auth info
+      def get_auth_data
+        auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+        auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+        return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+      end
+    end # Core
+   end # Controller
+end # Lockdown