lockdown 0.7.1 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. data/.DS_Store +0 -0
  2. data/History.txt +3 -0
  3. data/README.txt +1 -1
  4. data/Rakefile +16 -1
  5. data/lib/lockdown/context.rb +41 -0
  6. data/lib/lockdown/database.rb +11 -14
  7. data/lib/lockdown/frameworks/rails/controller.rb +57 -4
  8. data/lib/lockdown/frameworks/rails/view.rb +1 -1
  9. data/lib/lockdown/frameworks/rails.rb +21 -10
  10. data/lib/lockdown/helper.rb +1 -1
  11. data/lib/lockdown/permission.rb +204 -0
  12. data/lib/lockdown/rules.rb +287 -0
  13. data/lib/lockdown/session.rb +8 -6
  14. data/lib/lockdown/system.rb +35 -88
  15. data/lib/lockdown.rb +52 -49
  16. data/rails_generators/.DS_Store +0 -0
  17. data/rails_generators/lockdown/.DS_Store +0 -0
  18. data/rails_generators/lockdown/lockdown_generator.rb +5 -5
  19. data/rails_generators/lockdown/templates/.DS_Store +0 -0
  20. data/rails_generators/lockdown/templates/lib/.DS_Store +0 -0
  21. data/rails_generators/lockdown/templates/lib/lockdown/init.rb +27 -19
  22. data/rails_generators/lockdown/templates/lib/lockdown/session.rb +1 -3
  23. data/spec/lockdown/database_spec.rb +158 -0
  24. data/spec/lockdown/frameworks/rails/controller_spec.rb +220 -0
  25. data/spec/lockdown/frameworks/rails/view_spec.rb +87 -0
  26. data/spec/lockdown/frameworks/rails_spec.rb +170 -0
  27. data/spec/lockdown/permission_spec.rb +156 -0
  28. data/spec/lockdown/rules_spec.rb +109 -0
  29. data/spec/lockdown/session_spec.rb +88 -0
  30. data/spec/lockdown/system_spec.rb +59 -0
  31. data/spec/lockdown_spec.rb +19 -0
  32. data/spec/rcov.opts +5 -0
  33. data/spec/spec.opts +3 -0
  34. data/spec/spec_helper.rb +1 -0
  35. data/tasks/post_load.rake +2 -7
  36. data/tasks/setup.rb +24 -3
  37. metadata +23 -12
  38. data/.gitignore +0 -5
  39. data/Manifest.txt +0 -51
  40. data/lib/lockdown/controller.rb +0 -64
  41. data/lib/lockdown/frameworks/merb/controller.rb +0 -63
  42. data/lib/lockdown/frameworks/merb/view.rb +0 -32
  43. data/lib/lockdown/frameworks/merb.rb +0 -84
  44. data/lib/lockdown/orms/data_mapper.rb +0 -70
  45. data/lib/lockdown/rights.rb +0 -208
  46. data/tasks/manifest.rake +0 -48
@@ -0,0 +1,287 @@
1
+ module Lockdown
2
+ class InvalidRuleAssignment < StandardError; end
3
+
4
+ module Rules
5
+ attr_accessor :options
6
+ attr_accessor :permissions
7
+ attr_accessor :user_groups
8
+ attr_accessor :controller_classes
9
+
10
+ attr_reader :protected_access
11
+ attr_reader :public_access
12
+
13
+ attr_reader :permission_objects
14
+
15
+ def set_defaults
16
+ @permissions = {}
17
+ @user_groups = {}
18
+ @options = {}
19
+
20
+ @permission_objects = {}
21
+
22
+ @controller_classes = []
23
+ @public_access = []
24
+ @protected_access = []
25
+
26
+ @options = {
27
+ :session_timeout => (60 * 60),
28
+ :logout_on_access_violation => false,
29
+ :access_denied_path => "/",
30
+ :successful_login_path => "/",
31
+ :subdirectory => nil,
32
+ :skip_db_sync_in => ["test"],
33
+ :link_separator => ' | '
34
+ }
35
+ end
36
+
37
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
38
+ # =Rule defining methods. e.g. Methods used in lib/lockdown/init.rb
39
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
40
+
41
+ # Creates new permission object
42
+ # Refer to the Permission object for the full functionality
43
+ def set_permission(name)
44
+ @permission_objects[name] = Lockdown::Permission.new(name)
45
+ end
46
+
47
+ # Defines public access by the permission symbols
48
+ #
49
+ # ==== Example
50
+ # set_public_access(:permission_one, :permission_two)
51
+ #
52
+ def set_public_access(*perms)
53
+ perms.each do |perm_symbol|
54
+ perm = permission_objects.find{|name, pobj| pobj.name == perm_symbol}
55
+ if perm
56
+ perm[1].set_as_public_access
57
+ else
58
+ msg = "Permission not found: #{perm_symbol}"
59
+ raise InvalidRuleAssigment, msg
60
+ end
61
+ end
62
+ end
63
+
64
+ # Defines protected access by the permission symbols
65
+ #
66
+ # ==== Example
67
+ # set_public_access(:permission_one, :permission_two)
68
+ #
69
+ def set_protected_access(*perms)
70
+ perms.each do |perm_symbol|
71
+ perm = permission_objects.find{|name, pobj| pobj.name == perm_symbol}
72
+ if perm
73
+ perm[1].set_as_protected_access
74
+ else
75
+ msg = "Permission not found: #{perm_symbol}"
76
+ raise InvalidRuleAssigment, msg
77
+ end
78
+ end
79
+ end
80
+
81
+ # Define a user groups by name and permission symbol(s)
82
+ #
83
+ # ==== Example
84
+ # set_user_group(:managment_group, :permission_one, :permission_two)
85
+ #
86
+ def set_user_group(name, *perms)
87
+ user_groups[name] ||= []
88
+ perms.each do |perm|
89
+ user_groups[name].push(perm)
90
+ end
91
+ end
92
+
93
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
94
+ # =Convenience methods for permissions and user groups
95
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
96
+
97
+ # Returns array of permission names as symbols
98
+ def get_permissions
99
+ permissions.keys
100
+ end
101
+
102
+ # Is the permission defined?
103
+ def permission_exists?(permission_symbol)
104
+ get_permissions.include?(permission_symbol)
105
+ end
106
+
107
+ alias_method :has_permission?, :permission_exists?
108
+
109
+ # returns true if the permission is public
110
+ def public_access?(permmision_symbol)
111
+ public_access.include?(permmision_symbol)
112
+ end
113
+
114
+ # returns true if the permission is public
115
+ def protected_access?(permmision_symbol)
116
+ protected_access.include?(permmision_symbol)
117
+ end
118
+
119
+ # These permissions are assigned by the system
120
+ def permission_assigned_automatically?(permmision_symbol)
121
+ public_access?(permmision_symbol) || protected_access?(permmision_symbol)
122
+ end
123
+
124
+ # Returns array of user group names as symbols
125
+ def get_user_groups
126
+ user_groups.keys
127
+ end
128
+
129
+ # Is the user group defined?
130
+ # The :administrators user group always exists
131
+ def user_group_exists?(user_group_symbol)
132
+ return true if user_group_symbol == Lockdown.administrator_group_symbol
133
+ get_user_groups.include?(user_group_symbol)
134
+ end
135
+
136
+ alias_method :has_user_group?, :user_group_exists?
137
+
138
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
139
+ # =Convenience methods for permissions and user groups
140
+ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
141
+
142
+ # Pass in a user object to be associated to the administrator user group
143
+ # The group will be created if it doesn't exist
144
+ def make_user_administrator(usr)
145
+ usr.user_groups << UserGroup.
146
+ find_or_create_by_name(Lockdown.administrator_group_string)
147
+ end
148
+
149
+
150
+ # Returns array of controller/action values all logged in users can access.
151
+ def standard_authorized_user_rights
152
+ public_access + protected_access
153
+ end
154
+
155
+ # Return array of controller/action values user can access.
156
+ def access_rights_for_user(usr)
157
+ return unless usr
158
+ return :all if administrator?(usr)
159
+
160
+ rights = standard_authorized_user_rights
161
+
162
+ usr.user_groups.each do |grp|
163
+ permissions_for_user_group(grp).each do |perm|
164
+ rights += access_rights_for_permission(perm)
165
+ end
166
+ end
167
+ rights
168
+ end
169
+
170
+ # Return array of controller/action for a permission
171
+ def access_rights_for_permission(perm)
172
+ sym = Lockdown.get_symbol(perm)
173
+
174
+ permissions[sym]
175
+ rescue
176
+ raise SecurityError, "Permission requested is not defined: #{sym}"
177
+ end
178
+
179
+
180
+ # Test user for administrator rights
181
+ def administrator?(usr)
182
+ user_has_user_group?(usr, Lockdown.administrator_group_symbol)
183
+ end
184
+
185
+ # Pass in user object and symbol for name of user group
186
+ def user_has_user_group?(usr, sym)
187
+ usr.user_groups.any? do |ug|
188
+ Lockdown.convert_reference_name(ug.name) == sym
189
+ end
190
+ end
191
+
192
+ # Use this for the management screen to restrict user group list to the
193
+ # user. This will prevent a user from creating a user with more power than
194
+ # him/her self.
195
+ def user_groups_assignable_for_user(usr)
196
+ return [] if usr.nil?
197
+
198
+ if administrator?(usr)
199
+ UserGroup.find_by_sql <<-SQL
200
+ select user_groups.* from user_groups order by user_groups.name
201
+ SQL
202
+ else
203
+ UserGroup.find_by_sql <<-SQL
204
+ select user_groups.* from user_groups, user_groups_users
205
+ where user_groups.id = user_groups_users.user_group_id
206
+ and user_groups_users.user_id = #{usr.id}
207
+ order by user_groups.name
208
+ SQL
209
+ end
210
+ end
211
+
212
+ # Similar to user_groups_assignable_for_user, this method should be
213
+ # used to restrict users from creating a user group with more power than
214
+ # they have been allowed.
215
+ def permissions_assignable_for_user(usr)
216
+ return [] if usr.nil?
217
+ if administrator?(usr)
218
+ get_permissions.collect do |k|
219
+ ::Permission.find_by_name(Lockdown.get_string(k))
220
+ end.compact
221
+ else
222
+ user_groups_assignable_for_user(usr).collect do |g|
223
+ g.permissions
224
+ end.flatten.compact
225
+ end
226
+ end
227
+
228
+ # Returns and array of permission symbols for the user group
229
+ def permissions_for_user_group(ug)
230
+ sym = Lockdown.get_symbol(ug)
231
+ perm_array = []
232
+
233
+ if has_user_group?(sym)
234
+ permissions = user_groups[sym] || []
235
+ else
236
+ permissions = ug.permissions
237
+ end
238
+
239
+
240
+ permissions.each do |perm|
241
+ perm_sym = Lockdown.get_symbol(perm)
242
+
243
+ unless permission_exists?(perm_sym)
244
+ msg = "Permission associated to User Group is invalid: #{perm}"
245
+ raise SecurityError, msg
246
+ end
247
+
248
+ perm_array << perm_sym
249
+ end
250
+
251
+ perm_array
252
+ end
253
+
254
+ def process_rules
255
+ parse_permissions
256
+ validate_user_groups
257
+ end
258
+
259
+ private
260
+
261
+ def parse_permissions
262
+ permission_objects.each do |name, perm|
263
+ @permissions[perm.name] ||= []
264
+ perm.controllers.each do |name, controller|
265
+ @permissions[perm.name] << controller.access_methods
266
+
267
+ if perm.public_access?
268
+ @public_access.concat controller.access_methods
269
+ elsif perm.protected_access?
270
+ @protected_access.concat controller.access_methods
271
+ end
272
+ end
273
+ end
274
+ end
275
+
276
+ def validate_user_groups
277
+ user_groups.each do |user_group, perms|
278
+ perms.each do |perm|
279
+ unless permission_exists?(perm)
280
+ msg ="User Group: #{user_group}, permission not found: #{perm}"
281
+ raise InvalidRuleAssignment, msg
282
+ end
283
+ end
284
+ end
285
+ end
286
+ end
287
+ end
@@ -1,5 +1,7 @@
1
1
  module Lockdown
2
2
  module Session
3
+ protected
4
+
3
5
  def nil_lockdown_values
4
6
  [:expiry_time, :user_id, :user_name, :user_profile_id, :access_rights].each do |val|
5
7
  session[val] = nil if session[val]
@@ -18,16 +20,16 @@ module Lockdown
18
20
  session[:access_rights] == :all
19
21
  end
20
22
 
21
- private
22
-
23
23
  def add_lockdown_session_values(user)
24
24
  session[:access_rights] = Lockdown::System.access_rights_for_user(user)
25
25
  end
26
26
 
27
27
  def access_in_perm?(perm)
28
- Lockdown::System.permissions[perm].each do |ar|
29
- return true if session_access_rights_include?(ar)
30
- end unless Lockdown::System.permissions[perm].nil?
28
+ if Lockdown::System.permissions[perm]
29
+ Lockdown::System.permissions[perm].each do |ar|
30
+ return true if session_access_rights_include?(ar)
31
+ end
32
+ end
31
33
  false
32
34
  end
33
35
 
@@ -36,4 +38,4 @@ module Lockdown
36
38
  session[:access_rights].include?(str)
37
39
  end
38
40
  end # Session
39
- end # Lockdown
41
+ end # Lockdown
@@ -1,106 +1,53 @@
1
- require File.join(File.dirname(__FILE__), "rights")
2
- require File.join(File.dirname(__FILE__), "database")
3
-
4
1
  module Lockdown
5
2
  class System
6
- class << self
7
- include Lockdown::Rights
8
-
9
- attr_accessor :options #:nodoc:
10
- attr_accessor :controller_classes #:nodoc:
3
+ extend Lockdown::Rules
11
4
 
12
- def configure(&block)
13
- set_defaults
5
+ def self.configure(&block)
6
+ set_defaults
14
7
 
15
- instance_eval(&block)
8
+ # Defined by the framework
9
+ load_controller_classes
16
10
 
17
- Lockdown::Database.sync_with_db unless skip_sync?
11
+ # Lockdown::Rules defines the methods that are used inside block
12
+ instance_eval(&block)
18
13
 
19
- end
14
+ # Lockdown::Rules defines process_rules
15
+ process_rules
20
16
 
21
- # Return option value for key
22
- def fetch(key)
23
- (@options||={})[key]
24
- end
17
+ Lockdown::Database.sync_with_db unless skip_sync?
18
+ end
25
19
 
26
- # *syms is a splat of controller symbols,
27
- # e.g all_methods(:users, :authors, :books)
28
- def all_methods(*syms)
29
- syms.collect{ |sym| paths_for(sym) }.flatten
30
- end
31
-
32
- # controller name (sym) and a splat of methods to
33
- # exclude from result
34
- #
35
- # All user methods except destroy:
36
- # e.g all_except_methods(:users, :destroy)
37
- def all_except_methods(sym, *methods)
38
- paths_for(sym) - paths_for(sym, *methods)
39
- end
40
-
41
- # controller name (sym) and a splat of methods to
42
- # to build the result
43
- #
44
- # Only user methods index (list), show (good for readonly access):
45
- # e.g only_methods(:users, :index, :show)
46
- def only_methods(sym, *methods)
47
- paths_for(sym, *methods)
48
- end
20
+ def self.fetch(key)
21
+ (@options||={})[key]
22
+ end
49
23
 
50
- # all controllers, all actions
51
- #
52
- # This is admin access
53
- def all_controllers_all_methods
54
- controllers = controller_classes
55
- controllers.collect do |str, klass|
56
- paths_for( controller_name(klass), available_actions(klass) )
57
- end.flatten!
58
- end
24
+ protected
59
25
 
60
- def fetch_controller_class(str)
61
- controller_classes[Lockdown.controller_class_name(str)]
26
+ def self.paths_for(str_sym, *methods)
27
+ str_sym = str_sym.to_s if str_sym.is_a?(Symbol)
28
+ if methods.empty?
29
+ klass = fetch_controller_class(str_sym)
30
+ methods = available_actions(klass)
62
31
  end
63
-
64
- protected
65
-
66
- def set_defaults
67
- load_controller_classes
68
-
69
- initialize_rights
70
-
71
- @options = {
72
- :session_timeout => (60 * 60),
73
- :logout_on_access_violation => false,
74
- :access_denied_path => "/",
75
- :successful_login_path => "/",
76
- :subdirectory => nil,
77
- :skip_db_sync_in => ["test"]
78
- }
79
- end
80
-
81
- private
82
-
83
- def paths_for(str_sym, *methods)
84
- str_sym = str_sym.to_s if str_sym.is_a?(Symbol)
85
- if methods.empty?
86
- klass = fetch_controller_class(str_sym)
87
- methods = available_actions(klass)
88
- end
89
- path_str = str_sym.gsub("__","\/")
32
+ path_str = str_sym.gsub("__","\/")
90
33
 
91
- subdir = Lockdown::System.fetch(:subdirectory)
92
- path_str = "#{subdir}/#{path_str}" if subdir
34
+ subdir = Lockdown::System.fetch(:subdirectory)
35
+ path_str = "#{subdir}/#{path_str}" if subdir
93
36
 
94
- controller_actions = methods.flatten
95
- returning = controller_actions.collect{|meth| "#{path_str}/#{meth.to_s}" }
37
+ controller_actions = methods.flatten.collect{|m| m.to_s}
96
38
 
97
- if controller_actions.include?("index")
98
- returning += [path_str]
99
- end
39
+ paths = controller_actions.collect{|meth| "#{path_str}/#{meth.to_s}" }
100
40
 
101
- returning
41
+ if controller_actions.include?("index")
42
+ paths += [path_str]
102
43
  end
103
44
 
104
- end # class block
105
- end # System class
45
+ paths
46
+ end
47
+
48
+ def self.fetch_controller_class(str)
49
+ controller_classes[Lockdown.controller_class_name(str)]
50
+ end
51
+
52
+ end # System class
106
53
  end # Lockdown
data/lib/lockdown.rb CHANGED
@@ -1,67 +1,70 @@
1
1
  require File.join(File.dirname(__FILE__), "lockdown", "helper")
2
2
 
3
3
  module Lockdown
4
- # :stopdoc:
5
- VERSION = '0.7.1'
6
- LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
7
- PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR
8
- # :startdoc:
9
-
10
- class << self
11
- include Lockdown::Helper
4
+ extend Lockdown::Helper
12
5
 
13
- # Returns the version string for the library.
14
- def version
15
- VERSION
16
- end
17
-
18
- # Returns the qualified path to the init file
19
- def init_file
20
- "#{Dir.pwd}/lib/lockdown/init.rb"
21
- end
6
+ VERSION = '0.8.0'
7
+
8
+ # Returns the version string for the library.
9
+ def self.version
10
+ VERSION
11
+ end
12
+
13
+ def self.major_version
14
+ version.split('.')[0].to_i
15
+ end
22
16
 
23
- # Mixin Lockdown code to the appropriate framework and ORM
24
- def mixin
25
- if mixin_resource?("frameworks")
26
- unless mixin_resource?("orms")
27
- raise NotImplementedError, "ORM unknown to Lockdown!"
28
- end
17
+ def self.minor_version
18
+ version.split('.')[1].to_i
19
+ end
20
+
21
+ def self.patch_version
22
+ version.split('.')[2].to_i
23
+ end
24
+
25
+ # Mixin Lockdown code to the appropriate framework and ORM
26
+ def self.mixin
27
+ if mixin_resource?("frameworks")
28
+ unless mixin_resource?("orms")
29
+ raise NotImplementedError, "ORM unknown to Lockdown!"
30
+ end
29
31
 
30
- if File.exists?(Lockdown.init_file)
31
- puts "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
32
- require Lockdown.init_file
33
- else
34
- puts "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
35
- end
32
+ if File.exists?(Lockdown.init_file)
33
+ puts "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
34
+ require Lockdown.init_file
36
35
  else
37
- puts "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
36
+ puts "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
38
37
  end
39
- end # mixin
38
+ else
39
+ puts "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
40
+ end
41
+ end # mixin
40
42
 
41
- # :stopdoc:
42
- private
43
+ private
43
44
 
44
- def mixin_resource?(str)
45
- wildcard_path = File.join( File.dirname(__FILE__), 'lockdown', str , '*.rb' )
46
- Dir[wildcard_path].each do |f|
47
- require f
48
- module_name = File.basename(f).split(".")[0]
49
- module_class = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(module_name)}")
50
- if module_class.use_me?
51
- include module_class
52
- return true
53
- end
45
+ def self.mixin_resource?(str)
46
+ wildcard_path = File.join( File.dirname(__FILE__), 'lockdown', str , '*.rb' )
47
+ Dir[wildcard_path].each do |f|
48
+ require f
49
+ module_name = File.basename(f).split(".")[0]
50
+ module_class = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(module_name)}")
51
+ if module_class.use_me?
52
+ include module_class
53
+ return true
54
54
  end
55
- false
56
- end # mixin_resource?
57
- end # class block
55
+ end
56
+ false
57
+ end # mixin_resource?
58
58
  end # Lockdown
59
59
 
60
-
61
- require File.join(File.dirname(__FILE__), "lockdown", "system")
62
- require File.join(File.dirname(__FILE__), "lockdown", "controller")
63
60
  require File.join(File.dirname(__FILE__), "lockdown", "session")
61
+ require File.join(File.dirname(__FILE__), "lockdown", "context")
62
+ require File.join(File.dirname(__FILE__), "lockdown", "permission")
63
+ require File.join(File.dirname(__FILE__), "lockdown", "database")
64
+ require File.join(File.dirname(__FILE__), "lockdown", "rules")
65
+ require File.join(File.dirname(__FILE__), "lockdown", "system")
64
66
 
65
67
  puts "=> Mixing in Lockdown version: #{Lockdown.version} \n"
68
+
66
69
  Lockdown.mixin
67
70
 
Binary file
Binary file
@@ -137,7 +137,7 @@ class LockdownGenerator < Rails::Generator::Base
137
137
  end
138
138
 
139
139
  def add_login_permissions
140
- add_permissions "set_permission :sessions_management, all_methods(:sessions)"
140
+ add_permissions "set_permission(:sessions_management).with_controller(:sessions)"
141
141
 
142
142
  add_predefined_user_group "set_public_access :sessions_management"
143
143
  end
@@ -157,10 +157,10 @@ class LockdownGenerator < Rails::Generator::Base
157
157
 
158
158
  def add_management_permissions
159
159
  perms = []
160
- perms << "set_permission :users_management, all_methods(:#{@namespace.blank? ? "users" : "#{@namespace}__users"})"
161
- perms << "set_permission :user_groups_management, all_methods(:#{@namespace.blank? ? "user_groups" : "#{@namespace}__user_groups"})"
162
- perms << "set_permission :permissions_management, all_methods(:#{@namespace.blank? ? "permissions" : "#{@namespace}__permissions"})"
163
- perms << "set_permission :my_account, only_methods(:#{@namespace.blank? ? "users" : "#{@namespace}__users"}, :edit, :update, :show)"
160
+ perms << "set_permission(:users_management).with_controller(:#{@namespace.blank? ? "users" : "#{@namespace}__users"})"
161
+ perms << "set_permission(:user_groups_management).with_controller(:#{@namespace.blank? ? "user_groups" : "#{@namespace}__user_groups"})"
162
+ perms << "set_permission(:permissions_management).with_controller(:#{@namespace.blank? ? "permissions" : "#{@namespace}__permissions"})"
163
+ perms << "set_permission(:my_account).with_controller(:#{@namespace.blank? ? "users" : "#{@namespace}__users"}).only_methods(:edit, :update, :show)"
164
164
 
165
165
  add_permissions perms.join("\n ")
166
166