lockdown 0.5.22 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest.txt +11 -9
- data/Rakefile +27 -3
- data/app_generators/lockdown/templates/init.rb +4 -3
- data/bin/lockdown +0 -2
- data/lib/lockdown/classy-inheritance.rb +11 -190
- data/lib/lockdown/controller.rb +49 -221
- data/lib/lockdown/database.rb +108 -0
- data/lib/lockdown/frameworks/merb/controller.rb +59 -0
- data/lib/lockdown/frameworks/merb/view.rb +30 -0
- data/lib/lockdown/frameworks/merb.rb +74 -0
- data/lib/lockdown/frameworks/rails/controller.rb +110 -0
- data/lib/lockdown/frameworks/rails/view.rb +54 -0
- data/lib/lockdown/frameworks/rails.rb +93 -0
- data/lib/lockdown/helper.rb +27 -20
- data/lib/lockdown/orms/active_record.rb +66 -0
- data/lib/lockdown/orms/data_mapper.rb +68 -0
- data/lib/lockdown/rights.rb +208 -0
- data/lib/lockdown/session.rb +39 -0
- data/lib/lockdown/system.rb +54 -352
- data/lib/lockdown/version.rb +2 -2
- data/lib/lockdown.rb +24 -135
- metadata +30 -21
- data/README +0 -0
- data/config/hoe.rb +0 -74
- data/config/requirements.rb +0 -15
- data/lib/lockdown/controller_inspector.rb +0 -98
- data/lib/lockdown/model.rb +0 -37
- data/lib/lockdown/view.rb +0 -84
- data/tasks/deployment.rake +0 -34
- data/tasks/environment.rake +0 -7
- data/tasks/website.rake +0 -17
data/lib/lockdown/system.rb
CHANGED
@@ -1,22 +1,12 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "rights")
|
2
|
+
require File.join(File.dirname(__FILE__), "database")
|
3
|
+
|
1
4
|
module Lockdown
|
2
5
|
class System
|
3
6
|
class << self
|
4
|
-
include Lockdown::
|
7
|
+
include Lockdown::Rights
|
5
8
|
|
6
9
|
attr_accessor :options #:nodoc:
|
7
|
-
|
8
|
-
attr_accessor :permissions #:nodoc:
|
9
|
-
attr_accessor :user_groups #:nodoc:
|
10
|
-
|
11
|
-
# :public_access allows access to all
|
12
|
-
attr_accessor :public_access #:nodoc:
|
13
|
-
# :protected_access will restrict access to authenticated users.
|
14
|
-
attr_accessor :protected_access #:nodoc:
|
15
|
-
|
16
|
-
# Future functionality:
|
17
|
-
# :private_access will restrict access to model data to their creators.
|
18
|
-
# attr_accessor :private_access
|
19
|
-
|
20
10
|
attr_accessor :controller_classes #:nodoc:
|
21
11
|
|
22
12
|
def configure(&block)
|
@@ -24,382 +14,94 @@ module Lockdown
|
|
24
14
|
|
25
15
|
instance_eval(&block)
|
26
16
|
|
27
|
-
|
28
|
-
sync_with_db
|
17
|
+
unless Lockdown::System.fetch(:skip_db_sync_in).include?(ENV['RAILS_ENV'])
|
18
|
+
Lockdown::Database.sync_with_db
|
29
19
|
end
|
30
20
|
end
|
31
21
|
|
22
|
+
# Return option value for key
|
32
23
|
def fetch(key)
|
33
24
|
(@options||={})[key]
|
34
25
|
end
|
35
|
-
|
36
|
-
def set_permission(name, *method_arrays)
|
37
|
-
@permissions[name] ||= []
|
38
|
-
method_arrays.each{|ary| @permissions[name] += ary}
|
39
|
-
end
|
40
|
-
|
41
|
-
def get_permissions
|
42
|
-
@permissions.keys
|
43
|
-
end
|
44
|
-
|
45
|
-
def permission_exists?(perm)
|
46
|
-
get_permissions.include?(perm)
|
47
|
-
end
|
48
|
-
|
49
|
-
def set_user_group(name, *perms)
|
50
|
-
@user_groups[name] ||= []
|
51
|
-
perms.each do |perm|
|
52
|
-
unless permission_exists?(perm)
|
53
|
-
raise SecurityError, "For UserGroup (#{name}), permission is invalid: #{perm}"
|
54
|
-
end
|
55
|
-
@user_groups[name].push(perm)
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
def get_user_groups
|
60
|
-
@user_groups.keys
|
61
|
-
end
|
62
|
-
|
63
|
-
def permissions_for_user_group(ug)
|
64
|
-
sym = lockdown_symbol(ug)
|
65
|
-
|
66
|
-
if has_user_group?(sym)
|
67
|
-
@user_groups[sym].each do |perm|
|
68
|
-
unless permission_exists?(perm)
|
69
|
-
raise SecurityError, "Permission associated to User Group is invalid: #{perm}"
|
70
|
-
end
|
71
|
-
yield perm
|
72
|
-
end
|
73
|
-
elsif ug.respond_to?(:name)
|
74
|
-
# This user group was defined in the database
|
75
|
-
ug.permissions.each do |perm|
|
76
|
-
perm_sym = lockdown_symbol(perm.name)
|
77
|
-
unless permission_exists?(perm_sym)
|
78
|
-
raise SecurityError, "Permission associated to User Group is invalid: #{perm_sym}"
|
79
|
-
end
|
80
|
-
yield perm_sym
|
81
|
-
end
|
82
|
-
else
|
83
|
-
raise SecurityError, "UserGroup is not known: #{ug.inspect}"
|
84
|
-
end
|
85
|
-
end
|
86
|
-
|
87
|
-
def access_rights_for_permission(perm)
|
88
|
-
sym = lockdown_symbol(perm)
|
89
|
-
|
90
|
-
unless permission_exists?(sym)
|
91
|
-
raise SecurityError, "Permission requested is not defined: #{sym}"
|
92
|
-
end
|
93
|
-
@permissions[sym]
|
94
|
-
end
|
95
|
-
|
96
|
-
def public_access?(perm)
|
97
|
-
@public_access.include?(perm)
|
98
|
-
end
|
99
26
|
|
100
|
-
|
101
|
-
|
27
|
+
# *syms is a splat of controller symbols,
|
28
|
+
# e.g all_methods(:users, :authors, :books)
|
29
|
+
def all_methods(*syms)
|
30
|
+
syms.collect{ |sym| paths_for(sym) }.flatten
|
102
31
|
end
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
end
|
107
|
-
|
108
|
-
def set_protected_access(*perms)
|
109
|
-
perms.each{|perm| @protected_access += @permissions[perm]}
|
110
|
-
end
|
111
|
-
|
112
|
-
def permission_assigned_automatically?(perm)
|
113
|
-
public_access?(perm) || protected_access?(perm)
|
114
|
-
end
|
115
|
-
|
116
|
-
def standard_authorized_user_rights
|
117
|
-
Lockdown::System.public_access + Lockdown::System.protected_access
|
118
|
-
end
|
119
|
-
|
120
|
-
#
|
121
|
-
# Determine if the user group is defined in init.rb
|
32
|
+
|
33
|
+
# controller name (sym) and a splat of methods to
|
34
|
+
# exclude from result
|
122
35
|
#
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
end
|
132
|
-
|
133
|
-
#
|
134
|
-
# Delete a user group record from the database
|
135
|
-
#
|
136
|
-
def delete_user_group(str_sym)
|
137
|
-
ug = UserGroup.find(:first, :conditions => ["name = ?",lockdown_string(str_sym)])
|
138
|
-
ug.destroy unless ug.nil?
|
139
|
-
end
|
140
|
-
|
141
|
-
def access_rights_for_user(usr)
|
142
|
-
return unless usr
|
143
|
-
return :all if administrator?(usr)
|
144
|
-
|
145
|
-
rights = standard_authorized_user_rights
|
146
|
-
|
147
|
-
if @options[:use_db_models]
|
148
|
-
usr.user_groups.each do |grp|
|
149
|
-
permissions_for_user_group(grp) do |perm|
|
150
|
-
rights += access_rights_for_permission(perm)
|
151
|
-
end
|
152
|
-
end
|
153
|
-
end
|
154
|
-
rights
|
155
|
-
end
|
156
|
-
|
157
|
-
#
|
158
|
-
# Use this for the management screen to restrict user group list to the
|
159
|
-
# user. This will prevent a user from creating a user with more power than
|
160
|
-
# him/her self.
|
36
|
+
# All user methods except destroy:
|
37
|
+
# e.g all_except_methods(:users, :destroy)
|
38
|
+
def all_except_methods(sym, *methods)
|
39
|
+
paths_for(sym) - paths_for(sym, *methods)
|
40
|
+
end
|
41
|
+
|
42
|
+
# controller name (sym) and a splat of methods to
|
43
|
+
# to build the result
|
161
44
|
#
|
162
|
-
#
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
if administrator?(usr)
|
167
|
-
UserGroup.find(:all, :order => :name)
|
168
|
-
else
|
169
|
-
UserGroup.find_by_sql <<-SQL
|
170
|
-
select user_groups.* from user_groups, user_groups_users
|
171
|
-
where user_groups.id = user_groups_users.user_group_id
|
172
|
-
and user_groups_users.user_id = #{usr.id}
|
173
|
-
order by user_groups.name
|
174
|
-
SQL
|
175
|
-
end
|
45
|
+
# Only user methods index (list), show (good for readonly access):
|
46
|
+
# e.g only_methods(:users, :index, :show)
|
47
|
+
def only_methods(sym, *methods)
|
48
|
+
paths_for(sym, *methods)
|
176
49
|
end
|
177
50
|
|
51
|
+
# all controllers, all actions
|
178
52
|
#
|
179
|
-
#
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
if administrator?(usr)
|
186
|
-
@permissions.keys.collect{|k| Permission.find_by_name(lockdown_string(k)) }.compact
|
187
|
-
else
|
188
|
-
groups = user_groups_assignable_for_user(usr)
|
189
|
-
groups.collect{|g| g.permissions}.flatten.compact
|
190
|
-
end
|
53
|
+
# This is admin access
|
54
|
+
def all_controllers_all_methods
|
55
|
+
controllers = controller_classes
|
56
|
+
controllers.collect do |str, klass|
|
57
|
+
paths_for( controller_name(klass), available_actions(klass) )
|
58
|
+
end.flatten!
|
191
59
|
end
|
192
60
|
|
193
|
-
def make_user_administrator(usr)
|
194
|
-
unless Lockdown.database_table_exists?(UserGroup)
|
195
|
-
create_administrator_user_group
|
196
|
-
end
|
197
|
-
|
198
|
-
usr.user_groups << UserGroup.find_or_create_by_name(administrator_group_string)
|
199
|
-
end
|
200
|
-
|
201
|
-
def administrator?(usr)
|
202
|
-
user_has_user_group?(usr, administrator_group_symbol)
|
203
|
-
end
|
204
|
-
|
205
|
-
def administrator_rights
|
206
|
-
all_controllers
|
207
|
-
end
|
208
|
-
|
209
61
|
def fetch_controller_class(str)
|
210
|
-
|
62
|
+
controller_classes[Lockdown.controller_class_name(str)]
|
211
63
|
end
|
212
|
-
|
64
|
+
|
213
65
|
protected
|
214
66
|
|
215
67
|
def set_defaults
|
216
68
|
load_controller_classes
|
217
69
|
|
218
|
-
|
219
|
-
@user_groups = {}
|
220
|
-
|
221
|
-
@public_access = []
|
222
|
-
@protected_access = []
|
223
|
-
@private_access = []
|
70
|
+
initialize_rights
|
224
71
|
|
225
72
|
@options = {
|
226
|
-
:use_db_models => true,
|
227
|
-
:sync_init_rb_with_db => true,
|
228
73
|
:session_timeout => (60 * 60),
|
229
74
|
:logout_on_access_violation => false,
|
230
75
|
:access_denied_path => "/",
|
231
|
-
:successful_login_path => "/"
|
76
|
+
:successful_login_path => "/",
|
77
|
+
:subdirectory => nil,
|
78
|
+
:skip_db_sync_in => ["test"]
|
232
79
|
}
|
233
80
|
end
|
234
81
|
|
235
|
-
private
|
236
|
-
|
237
|
-
def create_administrator_user_group
|
238
|
-
return unless @options[:use_db_models]
|
239
|
-
UserGroup.create :name => administrator_group_name
|
240
|
-
end
|
241
|
-
|
242
|
-
def user_has_user_group?(usr, sym)
|
243
|
-
usr.user_groups.each do |ug|
|
244
|
-
return true if convert_reference_name(ug.name) == sym
|
245
|
-
end
|
246
|
-
false
|
247
|
-
end
|
248
|
-
|
249
|
-
def load_controller_classes
|
250
|
-
@controller_classes = {}
|
251
|
-
|
252
|
-
maybe_load_framework_controller_parent
|
253
|
-
|
254
|
-
Dir.chdir("#{Lockdown.project_root}/app/controllers") do
|
255
|
-
Dir["**/*.rb"].sort.each do |c|
|
256
|
-
next if c == "application.rb"
|
257
|
-
lockdown_load(c)
|
258
|
-
end
|
259
|
-
end
|
260
|
-
|
261
|
-
if Lockdown.rails_app? && ENV['RAILS_ENV'] != 'production'
|
262
|
-
if ActiveSupport.const_defined?("Dependencies")
|
263
|
-
ActiveSupport::Dependencies.clear
|
264
|
-
else
|
265
|
-
Dependencies.clear
|
266
|
-
end
|
267
|
-
end
|
268
|
-
end
|
269
|
-
|
270
|
-
def lockdown_class_name_from_file(str)
|
271
|
-
str.split(".")[0].split("/").collect{|s| camelize(s) }.join("::")
|
272
|
-
end
|
82
|
+
private
|
273
83
|
|
274
|
-
def
|
275
|
-
if
|
276
|
-
|
277
|
-
|
278
|
-
|
84
|
+
def paths_for(str_sym, *methods)
|
85
|
+
str_sym = str_sym.to_s if str_sym.is_a?(Symbol)
|
86
|
+
if methods.empty?
|
87
|
+
klass = fetch_controller_class(str_sym)
|
88
|
+
methods = available_actions(klass)
|
279
89
|
end
|
280
|
-
|
90
|
+
path_str = str_sym.gsub("__","\/")
|
91
|
+
|
92
|
+
subdir = Lockdown::System.fetch(:subdirectory)
|
93
|
+
path_str = "#{subdir}/#{path_str}" if subdir
|
281
94
|
|
282
|
-
|
283
|
-
|
284
|
-
if ActiveSupport.const_defined?("Dependencies")
|
285
|
-
ActiveSupport::Dependencies.require_or_load("application.rb")
|
286
|
-
else
|
287
|
-
Dependencies.require_or_load("application.rb")
|
288
|
-
end
|
289
|
-
else
|
290
|
-
load("application.rb") unless const_defined?("Application")
|
291
|
-
end
|
292
|
-
end
|
293
|
-
|
294
|
-
def lockdown_load(file)
|
295
|
-
klass = lockdown_class_name_from_file(file)
|
296
|
-
if Lockdown.rails_app?
|
297
|
-
if ActiveSupport.const_defined?("Dependencies")
|
298
|
-
ActiveSupport::Dependencies.require_or_load(file)
|
299
|
-
else
|
300
|
-
Dependencies.require_or_load(file)
|
301
|
-
end
|
302
|
-
else
|
303
|
-
load(file) unless qualified_const_defined?(klass)
|
304
|
-
end
|
305
|
-
@controller_classes[klass] = qualified_const_get(klass)
|
306
|
-
end
|
95
|
+
controller_actions = methods.flatten
|
96
|
+
returning = controller_actions.collect{|meth| "#{path_str}/#{meth.to_s}" }
|
307
97
|
|
308
|
-
|
309
|
-
|
310
|
-
namespace, klass = klass.split("::")
|
311
|
-
eval("#{namespace}.const_defined?(#{klass})") if const_defined?(namespace)
|
312
|
-
else
|
313
|
-
const_defined?(klass)
|
98
|
+
if controller_actions.include?("index")
|
99
|
+
returning += [path_str]
|
314
100
|
end
|
315
|
-
end
|
316
101
|
|
317
|
-
|
318
|
-
if klass =~ /::/
|
319
|
-
namespace, klass = klass.split("::")
|
320
|
-
eval(namespace).const_get(klass)
|
321
|
-
else
|
322
|
-
const_get(klass)
|
323
|
-
end
|
102
|
+
returning
|
324
103
|
end
|
325
104
|
|
326
|
-
#
|
327
|
-
# This is very basic and could be handled better using orm specific
|
328
|
-
# functionality, but I wanted to keep it generic to avoid creating
|
329
|
-
# an interface for each the different orm implementations.
|
330
|
-
# We'll see how it works...
|
331
|
-
#
|
332
|
-
def sync_with_db
|
333
|
-
# Create permissions not found in the database
|
334
|
-
get_permissions.each do |key|
|
335
|
-
next if permission_assigned_automatically?(key)
|
336
|
-
str = lockdown_string(key)
|
337
|
-
p = Permission.find(:first, :conditions => ["name = ?", str])
|
338
|
-
unless p
|
339
|
-
puts ">> Lockdown: Permission not found in db: #{str}, creating."
|
340
|
-
Permission.create(:name => str)
|
341
|
-
end
|
342
|
-
end
|
343
|
-
|
344
|
-
#
|
345
|
-
# Delete the permissions not found in init.rb
|
346
|
-
#
|
347
|
-
db_perms = Permission.find(:all).dup
|
348
|
-
perm_keys = get_permissions
|
349
|
-
db_perms.each do |dbp|
|
350
|
-
unless perm_keys.include?(lockdown_symbol(dbp.name))
|
351
|
-
puts ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
|
352
|
-
Lockdown.database_execute("delete from permissions_user_groups where permission_id = #{dbp.id}")
|
353
|
-
dbp.destroy
|
354
|
-
end
|
355
|
-
end
|
356
|
-
|
357
|
-
# Create user groups not found in the database
|
358
|
-
get_user_groups.each do |key|
|
359
|
-
str = lockdown_string(key)
|
360
|
-
ug = UserGroup.find(:first, :conditions => ["name = ?", str])
|
361
|
-
unless ug
|
362
|
-
puts ">> Lockdown: UserGroup not in the db: #{str}, creating."
|
363
|
-
ug = UserGroup.create(:name => str)
|
364
|
-
#Inefficient, definitely, but shouldn't have any issues across orms.
|
365
|
-
permissions_for_user_group(key) do |perm|
|
366
|
-
p = Permission.find(:first, :conditions => ["name = ?", lockdown_string(perm)])
|
367
|
-
Lockdown.database_execute <<-SQL
|
368
|
-
insert into permissions_user_groups(permission_id, user_group_id)
|
369
|
-
values(#{p.id}, #{ug.id})
|
370
|
-
SQL
|
371
|
-
end
|
372
|
-
else
|
373
|
-
# Remove permissions from user group not found in init.rb
|
374
|
-
ug.permissions.each do |perm|
|
375
|
-
perm_sym = lockdown_symbol(perm)
|
376
|
-
perm_string = lockdown_string(perm)
|
377
|
-
unless @user_groups[key].include?(perm_sym)
|
378
|
-
puts ">> Lockdown: Permission: #{perm_string} no longer associated to User Group: #{ug.name}, deleting."
|
379
|
-
ug.permissions.delete(perm)
|
380
|
-
end
|
381
|
-
end
|
382
|
-
|
383
|
-
# Add in permissions from init.rb not found in database
|
384
|
-
@user_groups[key].each do |perm|
|
385
|
-
perm_string = lockdown_string(perm)
|
386
|
-
found = false
|
387
|
-
# see if permission exists
|
388
|
-
ug.permissions.each do |p|
|
389
|
-
found = true if lockdown_string(p) == perm_string
|
390
|
-
end
|
391
|
-
# if not found, add it
|
392
|
-
unless found
|
393
|
-
puts ">> Lockdown: Permission: #{perm_string} not found for User Group: #{ug.name}, adding it."
|
394
|
-
p = Permission.find(:first, :conditions => ["name = ?", perm_string])
|
395
|
-
ug.permissions << p
|
396
|
-
end
|
397
|
-
end
|
398
|
-
end
|
399
|
-
end
|
400
|
-
rescue Exception => e
|
401
|
-
puts ">> Lockdown sync failed: #{e}"
|
402
|
-
end
|
403
105
|
end # class block
|
404
106
|
end # System class
|
405
107
|
end # Lockdown
|
data/lib/lockdown/version.rb
CHANGED
data/lib/lockdown.rb
CHANGED
@@ -1,151 +1,40 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
require File.join(File.dirname(__FILE__), "lockdown", "classy-inheritance")
|
2
|
+
require File.join(File.dirname(__FILE__), "lockdown", "helper")
|
3
3
|
|
4
4
|
module Lockdown
|
5
5
|
class << self
|
6
|
-
|
7
|
-
new_url = url.split("/").delete_if{|p| p.to_i > 0 || p.length == 0}.join("/")
|
8
|
-
new_url += "/index" unless new_url =~ /\//
|
9
|
-
new_url
|
10
|
-
end
|
11
|
-
|
12
|
-
def format_controller(ctr)
|
13
|
-
ctr.split("/").delete_if{|p| p.length == 0}.join("/")
|
14
|
-
end
|
15
|
-
|
16
|
-
def project_root
|
17
|
-
project_related_value("Merb.root", "RAILS_ROOT")
|
18
|
-
end
|
19
|
-
|
20
|
-
def merb_app?
|
21
|
-
Object.const_defined?("Merb") && Merb.const_defined?("AbstractController")
|
22
|
-
end
|
23
|
-
|
24
|
-
def rails_app?
|
25
|
-
Object.const_defined?("ActionController") && ActionController.const_defined?("Base")
|
26
|
-
end
|
27
|
-
|
28
|
-
def controller_parent
|
29
|
-
project_related_value("Merb::Controller", "ActionController::Base")
|
30
|
-
end
|
31
|
-
|
32
|
-
def datamapper_orm?
|
33
|
-
Object.const_defined?("DataMapper") && DataMapper.const_defined?("Base")
|
34
|
-
end
|
35
|
-
|
36
|
-
def active_record_orm?
|
37
|
-
Object.const_defined?("ActiveRecord") && ActiveRecord.const_defined?("Base")
|
38
|
-
end
|
39
|
-
|
40
|
-
def orm_parent
|
41
|
-
if datamapper_orm?
|
42
|
-
DataMapper::Base
|
43
|
-
elsif active_record_orm?
|
44
|
-
ActiveRecord::Base
|
45
|
-
else
|
46
|
-
raise NotImplementedError, "ORM unknown to Lockdown! Lockdown recognizes DataMapper and ActiveRecord"
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def database_execute(query)
|
51
|
-
if active_record_orm?
|
52
|
-
ActiveRecord::Base.connection.execute(query)
|
53
|
-
elsif datamapper_orm?
|
54
|
-
DataMapper.database.execute(query)
|
55
|
-
else
|
56
|
-
raise NotImplementedError, "ORM unknown to Lockdown! Lockdown recognizes DataMapper and ActiveRecord"
|
57
|
-
end
|
58
|
-
end
|
6
|
+
include Lockdown::Helper
|
59
7
|
|
60
|
-
def
|
61
|
-
if
|
62
|
-
|
63
|
-
|
64
|
-
|
8
|
+
def mixin
|
9
|
+
if mixin_resource?("frameworks")
|
10
|
+
unless mixin_resource?("orms")
|
11
|
+
raise NotImplementedError, "ORM unknown to Lockdown!"
|
12
|
+
end
|
65
13
|
else
|
66
|
-
raise NotImplementedError, "
|
14
|
+
raise NotImplementedError, "Framework unknown to Lockdown!"
|
67
15
|
end
|
68
16
|
end
|
69
17
|
|
70
|
-
def database_table_exists?(klass)
|
71
|
-
if active_record_orm?
|
72
|
-
klass.table_exists?
|
73
|
-
elsif datamapper_orm?
|
74
|
-
DataMapper.database.table_exists?(klass)
|
75
|
-
else
|
76
|
-
raise NotImplementedError, "ORM unknown to Lockdown! Lockdown recognizes DataMapper and ActiveRecord"
|
77
|
-
end
|
78
|
-
end
|
79
18
|
private
|
80
19
|
|
81
|
-
def
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
eval(
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
end
|
91
|
-
end # class block
|
92
|
-
|
93
|
-
require File.join("lockdown", "helper.rb")
|
94
|
-
require File.join("lockdown", "controller_inspector.rb")
|
95
|
-
require File.join("lockdown", "system.rb")
|
96
|
-
require File.join("lockdown", "controller.rb")
|
97
|
-
require File.join("lockdown", "model.rb")
|
98
|
-
require File.join("lockdown", "view.rb")
|
99
|
-
|
100
|
-
module Session
|
101
|
-
include Lockdown::Helper
|
102
|
-
|
103
|
-
def nil_lockdown_values
|
104
|
-
[:expiry_time, :user_id, :user_name, :user_profile_id, :access_rights].each do |val|
|
105
|
-
session[val] = nil if session[val]
|
106
|
-
end
|
107
|
-
end
|
108
|
-
|
109
|
-
#
|
110
|
-
# Does the current user have access to at least one permission
|
111
|
-
# in the user group?
|
112
|
-
#
|
113
|
-
def current_user_access_in_group?(grp)
|
114
|
-
return true if current_user_is_admin?
|
115
|
-
Lockdown::System.user_groups[grp].each do |perm|
|
116
|
-
return true if access_in_perm?(perm)
|
20
|
+
def mixin_resource?(str)
|
21
|
+
Dir["#{File.dirname(__FILE__)}/lockdown/#{str}/*.rb"].each do |f|
|
22
|
+
require "#{f}"
|
23
|
+
mod = File.basename(f).split(".")[0]
|
24
|
+
mklass = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(mod)}")
|
25
|
+
if mklass.use_me?
|
26
|
+
include mklass
|
27
|
+
return true
|
117
28
|
end
|
29
|
+
end
|
118
30
|
false
|
119
31
|
end
|
32
|
+
end # class block
|
33
|
+
end # Lockdown
|
120
34
|
|
121
|
-
def current_user_is_admin?
|
122
|
-
session[:access_rights] == :all
|
123
|
-
end
|
124
|
-
|
125
|
-
private
|
126
|
-
|
127
|
-
#
|
128
|
-
# session[:access_rights] are the keys to Lockdown.
|
129
|
-
#
|
130
|
-
# session[:access_rights] holds the array of "controller/action" strings
|
131
|
-
# allowed for the user.
|
132
|
-
#
|
133
|
-
#
|
134
|
-
def add_lockdown_session_values(user)
|
135
|
-
session[:access_rights] = Lockdown::System.access_rights_for_user(user)
|
136
|
-
end
|
137
|
-
|
138
|
-
def access_in_perm?(perm)
|
139
|
-
Lockdown::System.permissions[perm].each do |ar|
|
140
|
-
return true if session_access_rights_include?(ar)
|
141
|
-
end unless Lockdown::System.permissions[perm].nil?
|
142
|
-
false
|
143
|
-
end
|
144
35
|
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
end
|
149
|
-
end
|
150
|
-
end
|
36
|
+
require File.join(File.dirname(__FILE__), "lockdown", "system")
|
37
|
+
require File.join(File.dirname(__FILE__), "lockdown", "controller")
|
38
|
+
require File.join(File.dirname(__FILE__), "lockdown", "session")
|
151
39
|
|
40
|
+
Lockdown.mixin
|