lockdown 0.7.1 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.DS_Store +0 -0
- data/History.txt +3 -0
- data/README.txt +1 -1
- data/Rakefile +16 -1
- data/lib/lockdown/context.rb +41 -0
- data/lib/lockdown/database.rb +11 -14
- data/lib/lockdown/frameworks/rails/controller.rb +57 -4
- data/lib/lockdown/frameworks/rails/view.rb +1 -1
- data/lib/lockdown/frameworks/rails.rb +21 -10
- data/lib/lockdown/helper.rb +1 -1
- data/lib/lockdown/permission.rb +204 -0
- data/lib/lockdown/rules.rb +287 -0
- data/lib/lockdown/session.rb +8 -6
- data/lib/lockdown/system.rb +35 -88
- data/lib/lockdown.rb +52 -49
- data/rails_generators/.DS_Store +0 -0
- data/rails_generators/lockdown/.DS_Store +0 -0
- data/rails_generators/lockdown/lockdown_generator.rb +5 -5
- data/rails_generators/lockdown/templates/.DS_Store +0 -0
- data/rails_generators/lockdown/templates/lib/.DS_Store +0 -0
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +27 -19
- data/rails_generators/lockdown/templates/lib/lockdown/session.rb +1 -3
- data/spec/lockdown/database_spec.rb +158 -0
- data/spec/lockdown/frameworks/rails/controller_spec.rb +220 -0
- data/spec/lockdown/frameworks/rails/view_spec.rb +87 -0
- data/spec/lockdown/frameworks/rails_spec.rb +170 -0
- data/spec/lockdown/permission_spec.rb +156 -0
- data/spec/lockdown/rules_spec.rb +109 -0
- data/spec/lockdown/session_spec.rb +88 -0
- data/spec/lockdown/system_spec.rb +59 -0
- data/spec/lockdown_spec.rb +19 -0
- data/spec/rcov.opts +5 -0
- data/spec/spec.opts +3 -0
- data/spec/spec_helper.rb +1 -0
- data/tasks/post_load.rake +2 -7
- data/tasks/setup.rb +24 -3
- metadata +23 -12
- data/.gitignore +0 -5
- data/Manifest.txt +0 -51
- data/lib/lockdown/controller.rb +0 -64
- data/lib/lockdown/frameworks/merb/controller.rb +0 -63
- data/lib/lockdown/frameworks/merb/view.rb +0 -32
- data/lib/lockdown/frameworks/merb.rb +0 -84
- data/lib/lockdown/orms/data_mapper.rb +0 -70
- data/lib/lockdown/rights.rb +0 -208
- data/tasks/manifest.rake +0 -48
@@ -0,0 +1,287 @@
|
|
1
|
+
module Lockdown
|
2
|
+
class InvalidRuleAssignment < StandardError; end
|
3
|
+
|
4
|
+
module Rules
|
5
|
+
attr_accessor :options
|
6
|
+
attr_accessor :permissions
|
7
|
+
attr_accessor :user_groups
|
8
|
+
attr_accessor :controller_classes
|
9
|
+
|
10
|
+
attr_reader :protected_access
|
11
|
+
attr_reader :public_access
|
12
|
+
|
13
|
+
attr_reader :permission_objects
|
14
|
+
|
15
|
+
def set_defaults
|
16
|
+
@permissions = {}
|
17
|
+
@user_groups = {}
|
18
|
+
@options = {}
|
19
|
+
|
20
|
+
@permission_objects = {}
|
21
|
+
|
22
|
+
@controller_classes = []
|
23
|
+
@public_access = []
|
24
|
+
@protected_access = []
|
25
|
+
|
26
|
+
@options = {
|
27
|
+
:session_timeout => (60 * 60),
|
28
|
+
:logout_on_access_violation => false,
|
29
|
+
:access_denied_path => "/",
|
30
|
+
:successful_login_path => "/",
|
31
|
+
:subdirectory => nil,
|
32
|
+
:skip_db_sync_in => ["test"],
|
33
|
+
:link_separator => ' | '
|
34
|
+
}
|
35
|
+
end
|
36
|
+
|
37
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
38
|
+
# =Rule defining methods. e.g. Methods used in lib/lockdown/init.rb
|
39
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
40
|
+
|
41
|
+
# Creates new permission object
|
42
|
+
# Refer to the Permission object for the full functionality
|
43
|
+
def set_permission(name)
|
44
|
+
@permission_objects[name] = Lockdown::Permission.new(name)
|
45
|
+
end
|
46
|
+
|
47
|
+
# Defines public access by the permission symbols
|
48
|
+
#
|
49
|
+
# ==== Example
|
50
|
+
# set_public_access(:permission_one, :permission_two)
|
51
|
+
#
|
52
|
+
def set_public_access(*perms)
|
53
|
+
perms.each do |perm_symbol|
|
54
|
+
perm = permission_objects.find{|name, pobj| pobj.name == perm_symbol}
|
55
|
+
if perm
|
56
|
+
perm[1].set_as_public_access
|
57
|
+
else
|
58
|
+
msg = "Permission not found: #{perm_symbol}"
|
59
|
+
raise InvalidRuleAssigment, msg
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
# Defines protected access by the permission symbols
|
65
|
+
#
|
66
|
+
# ==== Example
|
67
|
+
# set_public_access(:permission_one, :permission_two)
|
68
|
+
#
|
69
|
+
def set_protected_access(*perms)
|
70
|
+
perms.each do |perm_symbol|
|
71
|
+
perm = permission_objects.find{|name, pobj| pobj.name == perm_symbol}
|
72
|
+
if perm
|
73
|
+
perm[1].set_as_protected_access
|
74
|
+
else
|
75
|
+
msg = "Permission not found: #{perm_symbol}"
|
76
|
+
raise InvalidRuleAssigment, msg
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
# Define a user groups by name and permission symbol(s)
|
82
|
+
#
|
83
|
+
# ==== Example
|
84
|
+
# set_user_group(:managment_group, :permission_one, :permission_two)
|
85
|
+
#
|
86
|
+
def set_user_group(name, *perms)
|
87
|
+
user_groups[name] ||= []
|
88
|
+
perms.each do |perm|
|
89
|
+
user_groups[name].push(perm)
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
94
|
+
# =Convenience methods for permissions and user groups
|
95
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
96
|
+
|
97
|
+
# Returns array of permission names as symbols
|
98
|
+
def get_permissions
|
99
|
+
permissions.keys
|
100
|
+
end
|
101
|
+
|
102
|
+
# Is the permission defined?
|
103
|
+
def permission_exists?(permission_symbol)
|
104
|
+
get_permissions.include?(permission_symbol)
|
105
|
+
end
|
106
|
+
|
107
|
+
alias_method :has_permission?, :permission_exists?
|
108
|
+
|
109
|
+
# returns true if the permission is public
|
110
|
+
def public_access?(permmision_symbol)
|
111
|
+
public_access.include?(permmision_symbol)
|
112
|
+
end
|
113
|
+
|
114
|
+
# returns true if the permission is public
|
115
|
+
def protected_access?(permmision_symbol)
|
116
|
+
protected_access.include?(permmision_symbol)
|
117
|
+
end
|
118
|
+
|
119
|
+
# These permissions are assigned by the system
|
120
|
+
def permission_assigned_automatically?(permmision_symbol)
|
121
|
+
public_access?(permmision_symbol) || protected_access?(permmision_symbol)
|
122
|
+
end
|
123
|
+
|
124
|
+
# Returns array of user group names as symbols
|
125
|
+
def get_user_groups
|
126
|
+
user_groups.keys
|
127
|
+
end
|
128
|
+
|
129
|
+
# Is the user group defined?
|
130
|
+
# The :administrators user group always exists
|
131
|
+
def user_group_exists?(user_group_symbol)
|
132
|
+
return true if user_group_symbol == Lockdown.administrator_group_symbol
|
133
|
+
get_user_groups.include?(user_group_symbol)
|
134
|
+
end
|
135
|
+
|
136
|
+
alias_method :has_user_group?, :user_group_exists?
|
137
|
+
|
138
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
139
|
+
# =Convenience methods for permissions and user groups
|
140
|
+
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
141
|
+
|
142
|
+
# Pass in a user object to be associated to the administrator user group
|
143
|
+
# The group will be created if it doesn't exist
|
144
|
+
def make_user_administrator(usr)
|
145
|
+
usr.user_groups << UserGroup.
|
146
|
+
find_or_create_by_name(Lockdown.administrator_group_string)
|
147
|
+
end
|
148
|
+
|
149
|
+
|
150
|
+
# Returns array of controller/action values all logged in users can access.
|
151
|
+
def standard_authorized_user_rights
|
152
|
+
public_access + protected_access
|
153
|
+
end
|
154
|
+
|
155
|
+
# Return array of controller/action values user can access.
|
156
|
+
def access_rights_for_user(usr)
|
157
|
+
return unless usr
|
158
|
+
return :all if administrator?(usr)
|
159
|
+
|
160
|
+
rights = standard_authorized_user_rights
|
161
|
+
|
162
|
+
usr.user_groups.each do |grp|
|
163
|
+
permissions_for_user_group(grp).each do |perm|
|
164
|
+
rights += access_rights_for_permission(perm)
|
165
|
+
end
|
166
|
+
end
|
167
|
+
rights
|
168
|
+
end
|
169
|
+
|
170
|
+
# Return array of controller/action for a permission
|
171
|
+
def access_rights_for_permission(perm)
|
172
|
+
sym = Lockdown.get_symbol(perm)
|
173
|
+
|
174
|
+
permissions[sym]
|
175
|
+
rescue
|
176
|
+
raise SecurityError, "Permission requested is not defined: #{sym}"
|
177
|
+
end
|
178
|
+
|
179
|
+
|
180
|
+
# Test user for administrator rights
|
181
|
+
def administrator?(usr)
|
182
|
+
user_has_user_group?(usr, Lockdown.administrator_group_symbol)
|
183
|
+
end
|
184
|
+
|
185
|
+
# Pass in user object and symbol for name of user group
|
186
|
+
def user_has_user_group?(usr, sym)
|
187
|
+
usr.user_groups.any? do |ug|
|
188
|
+
Lockdown.convert_reference_name(ug.name) == sym
|
189
|
+
end
|
190
|
+
end
|
191
|
+
|
192
|
+
# Use this for the management screen to restrict user group list to the
|
193
|
+
# user. This will prevent a user from creating a user with more power than
|
194
|
+
# him/her self.
|
195
|
+
def user_groups_assignable_for_user(usr)
|
196
|
+
return [] if usr.nil?
|
197
|
+
|
198
|
+
if administrator?(usr)
|
199
|
+
UserGroup.find_by_sql <<-SQL
|
200
|
+
select user_groups.* from user_groups order by user_groups.name
|
201
|
+
SQL
|
202
|
+
else
|
203
|
+
UserGroup.find_by_sql <<-SQL
|
204
|
+
select user_groups.* from user_groups, user_groups_users
|
205
|
+
where user_groups.id = user_groups_users.user_group_id
|
206
|
+
and user_groups_users.user_id = #{usr.id}
|
207
|
+
order by user_groups.name
|
208
|
+
SQL
|
209
|
+
end
|
210
|
+
end
|
211
|
+
|
212
|
+
# Similar to user_groups_assignable_for_user, this method should be
|
213
|
+
# used to restrict users from creating a user group with more power than
|
214
|
+
# they have been allowed.
|
215
|
+
def permissions_assignable_for_user(usr)
|
216
|
+
return [] if usr.nil?
|
217
|
+
if administrator?(usr)
|
218
|
+
get_permissions.collect do |k|
|
219
|
+
::Permission.find_by_name(Lockdown.get_string(k))
|
220
|
+
end.compact
|
221
|
+
else
|
222
|
+
user_groups_assignable_for_user(usr).collect do |g|
|
223
|
+
g.permissions
|
224
|
+
end.flatten.compact
|
225
|
+
end
|
226
|
+
end
|
227
|
+
|
228
|
+
# Returns and array of permission symbols for the user group
|
229
|
+
def permissions_for_user_group(ug)
|
230
|
+
sym = Lockdown.get_symbol(ug)
|
231
|
+
perm_array = []
|
232
|
+
|
233
|
+
if has_user_group?(sym)
|
234
|
+
permissions = user_groups[sym] || []
|
235
|
+
else
|
236
|
+
permissions = ug.permissions
|
237
|
+
end
|
238
|
+
|
239
|
+
|
240
|
+
permissions.each do |perm|
|
241
|
+
perm_sym = Lockdown.get_symbol(perm)
|
242
|
+
|
243
|
+
unless permission_exists?(perm_sym)
|
244
|
+
msg = "Permission associated to User Group is invalid: #{perm}"
|
245
|
+
raise SecurityError, msg
|
246
|
+
end
|
247
|
+
|
248
|
+
perm_array << perm_sym
|
249
|
+
end
|
250
|
+
|
251
|
+
perm_array
|
252
|
+
end
|
253
|
+
|
254
|
+
def process_rules
|
255
|
+
parse_permissions
|
256
|
+
validate_user_groups
|
257
|
+
end
|
258
|
+
|
259
|
+
private
|
260
|
+
|
261
|
+
def parse_permissions
|
262
|
+
permission_objects.each do |name, perm|
|
263
|
+
@permissions[perm.name] ||= []
|
264
|
+
perm.controllers.each do |name, controller|
|
265
|
+
@permissions[perm.name] << controller.access_methods
|
266
|
+
|
267
|
+
if perm.public_access?
|
268
|
+
@public_access.concat controller.access_methods
|
269
|
+
elsif perm.protected_access?
|
270
|
+
@protected_access.concat controller.access_methods
|
271
|
+
end
|
272
|
+
end
|
273
|
+
end
|
274
|
+
end
|
275
|
+
|
276
|
+
def validate_user_groups
|
277
|
+
user_groups.each do |user_group, perms|
|
278
|
+
perms.each do |perm|
|
279
|
+
unless permission_exists?(perm)
|
280
|
+
msg ="User Group: #{user_group}, permission not found: #{perm}"
|
281
|
+
raise InvalidRuleAssignment, msg
|
282
|
+
end
|
283
|
+
end
|
284
|
+
end
|
285
|
+
end
|
286
|
+
end
|
287
|
+
end
|
data/lib/lockdown/session.rb
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
module Lockdown
|
2
2
|
module Session
|
3
|
+
protected
|
4
|
+
|
3
5
|
def nil_lockdown_values
|
4
6
|
[:expiry_time, :user_id, :user_name, :user_profile_id, :access_rights].each do |val|
|
5
7
|
session[val] = nil if session[val]
|
@@ -18,16 +20,16 @@ module Lockdown
|
|
18
20
|
session[:access_rights] == :all
|
19
21
|
end
|
20
22
|
|
21
|
-
private
|
22
|
-
|
23
23
|
def add_lockdown_session_values(user)
|
24
24
|
session[:access_rights] = Lockdown::System.access_rights_for_user(user)
|
25
25
|
end
|
26
26
|
|
27
27
|
def access_in_perm?(perm)
|
28
|
-
Lockdown::System.permissions[perm]
|
29
|
-
|
30
|
-
|
28
|
+
if Lockdown::System.permissions[perm]
|
29
|
+
Lockdown::System.permissions[perm].each do |ar|
|
30
|
+
return true if session_access_rights_include?(ar)
|
31
|
+
end
|
32
|
+
end
|
31
33
|
false
|
32
34
|
end
|
33
35
|
|
@@ -36,4 +38,4 @@ module Lockdown
|
|
36
38
|
session[:access_rights].include?(str)
|
37
39
|
end
|
38
40
|
end # Session
|
39
|
-
end # Lockdown
|
41
|
+
end # Lockdown
|
data/lib/lockdown/system.rb
CHANGED
@@ -1,106 +1,53 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), "rights")
|
2
|
-
require File.join(File.dirname(__FILE__), "database")
|
3
|
-
|
4
1
|
module Lockdown
|
5
2
|
class System
|
6
|
-
|
7
|
-
include Lockdown::Rights
|
8
|
-
|
9
|
-
attr_accessor :options #:nodoc:
|
10
|
-
attr_accessor :controller_classes #:nodoc:
|
3
|
+
extend Lockdown::Rules
|
11
4
|
|
12
|
-
|
13
|
-
|
5
|
+
def self.configure(&block)
|
6
|
+
set_defaults
|
14
7
|
|
15
|
-
|
8
|
+
# Defined by the framework
|
9
|
+
load_controller_classes
|
16
10
|
|
17
|
-
|
11
|
+
# Lockdown::Rules defines the methods that are used inside block
|
12
|
+
instance_eval(&block)
|
18
13
|
|
19
|
-
|
14
|
+
# Lockdown::Rules defines process_rules
|
15
|
+
process_rules
|
20
16
|
|
21
|
-
|
22
|
-
|
23
|
-
(@options||={})[key]
|
24
|
-
end
|
17
|
+
Lockdown::Database.sync_with_db unless skip_sync?
|
18
|
+
end
|
25
19
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
syms.collect{ |sym| paths_for(sym) }.flatten
|
30
|
-
end
|
31
|
-
|
32
|
-
# controller name (sym) and a splat of methods to
|
33
|
-
# exclude from result
|
34
|
-
#
|
35
|
-
# All user methods except destroy:
|
36
|
-
# e.g all_except_methods(:users, :destroy)
|
37
|
-
def all_except_methods(sym, *methods)
|
38
|
-
paths_for(sym) - paths_for(sym, *methods)
|
39
|
-
end
|
40
|
-
|
41
|
-
# controller name (sym) and a splat of methods to
|
42
|
-
# to build the result
|
43
|
-
#
|
44
|
-
# Only user methods index (list), show (good for readonly access):
|
45
|
-
# e.g only_methods(:users, :index, :show)
|
46
|
-
def only_methods(sym, *methods)
|
47
|
-
paths_for(sym, *methods)
|
48
|
-
end
|
20
|
+
def self.fetch(key)
|
21
|
+
(@options||={})[key]
|
22
|
+
end
|
49
23
|
|
50
|
-
|
51
|
-
#
|
52
|
-
# This is admin access
|
53
|
-
def all_controllers_all_methods
|
54
|
-
controllers = controller_classes
|
55
|
-
controllers.collect do |str, klass|
|
56
|
-
paths_for( controller_name(klass), available_actions(klass) )
|
57
|
-
end.flatten!
|
58
|
-
end
|
24
|
+
protected
|
59
25
|
|
60
|
-
|
61
|
-
|
26
|
+
def self.paths_for(str_sym, *methods)
|
27
|
+
str_sym = str_sym.to_s if str_sym.is_a?(Symbol)
|
28
|
+
if methods.empty?
|
29
|
+
klass = fetch_controller_class(str_sym)
|
30
|
+
methods = available_actions(klass)
|
62
31
|
end
|
63
|
-
|
64
|
-
protected
|
65
|
-
|
66
|
-
def set_defaults
|
67
|
-
load_controller_classes
|
68
|
-
|
69
|
-
initialize_rights
|
70
|
-
|
71
|
-
@options = {
|
72
|
-
:session_timeout => (60 * 60),
|
73
|
-
:logout_on_access_violation => false,
|
74
|
-
:access_denied_path => "/",
|
75
|
-
:successful_login_path => "/",
|
76
|
-
:subdirectory => nil,
|
77
|
-
:skip_db_sync_in => ["test"]
|
78
|
-
}
|
79
|
-
end
|
80
|
-
|
81
|
-
private
|
82
|
-
|
83
|
-
def paths_for(str_sym, *methods)
|
84
|
-
str_sym = str_sym.to_s if str_sym.is_a?(Symbol)
|
85
|
-
if methods.empty?
|
86
|
-
klass = fetch_controller_class(str_sym)
|
87
|
-
methods = available_actions(klass)
|
88
|
-
end
|
89
|
-
path_str = str_sym.gsub("__","\/")
|
32
|
+
path_str = str_sym.gsub("__","\/")
|
90
33
|
|
91
|
-
|
92
|
-
|
34
|
+
subdir = Lockdown::System.fetch(:subdirectory)
|
35
|
+
path_str = "#{subdir}/#{path_str}" if subdir
|
93
36
|
|
94
|
-
|
95
|
-
returning = controller_actions.collect{|meth| "#{path_str}/#{meth.to_s}" }
|
37
|
+
controller_actions = methods.flatten.collect{|m| m.to_s}
|
96
38
|
|
97
|
-
|
98
|
-
returning += [path_str]
|
99
|
-
end
|
39
|
+
paths = controller_actions.collect{|meth| "#{path_str}/#{meth.to_s}" }
|
100
40
|
|
101
|
-
|
41
|
+
if controller_actions.include?("index")
|
42
|
+
paths += [path_str]
|
102
43
|
end
|
103
44
|
|
104
|
-
|
105
|
-
|
45
|
+
paths
|
46
|
+
end
|
47
|
+
|
48
|
+
def self.fetch_controller_class(str)
|
49
|
+
controller_classes[Lockdown.controller_class_name(str)]
|
50
|
+
end
|
51
|
+
|
52
|
+
end # System class
|
106
53
|
end # Lockdown
|
data/lib/lockdown.rb
CHANGED
@@ -1,67 +1,70 @@
|
|
1
1
|
require File.join(File.dirname(__FILE__), "lockdown", "helper")
|
2
2
|
|
3
3
|
module Lockdown
|
4
|
-
|
5
|
-
VERSION = '0.7.1'
|
6
|
-
LIBPATH = ::File.expand_path(::File.dirname(__FILE__)) + ::File::SEPARATOR
|
7
|
-
PATH = ::File.dirname(LIBPATH) + ::File::SEPARATOR
|
8
|
-
# :startdoc:
|
9
|
-
|
10
|
-
class << self
|
11
|
-
include Lockdown::Helper
|
4
|
+
extend Lockdown::Helper
|
12
5
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
6
|
+
VERSION = '0.8.0'
|
7
|
+
|
8
|
+
# Returns the version string for the library.
|
9
|
+
def self.version
|
10
|
+
VERSION
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.major_version
|
14
|
+
version.split('.')[0].to_i
|
15
|
+
end
|
22
16
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
17
|
+
def self.minor_version
|
18
|
+
version.split('.')[1].to_i
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.patch_version
|
22
|
+
version.split('.')[2].to_i
|
23
|
+
end
|
24
|
+
|
25
|
+
# Mixin Lockdown code to the appropriate framework and ORM
|
26
|
+
def self.mixin
|
27
|
+
if mixin_resource?("frameworks")
|
28
|
+
unless mixin_resource?("orms")
|
29
|
+
raise NotImplementedError, "ORM unknown to Lockdown!"
|
30
|
+
end
|
29
31
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
else
|
34
|
-
puts "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
|
35
|
-
end
|
32
|
+
if File.exists?(Lockdown.init_file)
|
33
|
+
puts "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
|
34
|
+
require Lockdown.init_file
|
36
35
|
else
|
37
|
-
puts "=> Note:: Lockdown
|
36
|
+
puts "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
|
38
37
|
end
|
39
|
-
|
38
|
+
else
|
39
|
+
puts "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
|
40
|
+
end
|
41
|
+
end # mixin
|
40
42
|
|
41
|
-
|
42
|
-
private
|
43
|
+
private
|
43
44
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
end
|
45
|
+
def self.mixin_resource?(str)
|
46
|
+
wildcard_path = File.join( File.dirname(__FILE__), 'lockdown', str , '*.rb' )
|
47
|
+
Dir[wildcard_path].each do |f|
|
48
|
+
require f
|
49
|
+
module_name = File.basename(f).split(".")[0]
|
50
|
+
module_class = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(module_name)}")
|
51
|
+
if module_class.use_me?
|
52
|
+
include module_class
|
53
|
+
return true
|
54
54
|
end
|
55
|
-
|
56
|
-
|
57
|
-
end #
|
55
|
+
end
|
56
|
+
false
|
57
|
+
end # mixin_resource?
|
58
58
|
end # Lockdown
|
59
59
|
|
60
|
-
|
61
|
-
require File.join(File.dirname(__FILE__), "lockdown", "system")
|
62
|
-
require File.join(File.dirname(__FILE__), "lockdown", "controller")
|
63
60
|
require File.join(File.dirname(__FILE__), "lockdown", "session")
|
61
|
+
require File.join(File.dirname(__FILE__), "lockdown", "context")
|
62
|
+
require File.join(File.dirname(__FILE__), "lockdown", "permission")
|
63
|
+
require File.join(File.dirname(__FILE__), "lockdown", "database")
|
64
|
+
require File.join(File.dirname(__FILE__), "lockdown", "rules")
|
65
|
+
require File.join(File.dirname(__FILE__), "lockdown", "system")
|
64
66
|
|
65
67
|
puts "=> Mixing in Lockdown version: #{Lockdown.version} \n"
|
68
|
+
|
66
69
|
Lockdown.mixin
|
67
70
|
|
Binary file
|
Binary file
|
@@ -137,7 +137,7 @@ class LockdownGenerator < Rails::Generator::Base
|
|
137
137
|
end
|
138
138
|
|
139
139
|
def add_login_permissions
|
140
|
-
add_permissions "set_permission
|
140
|
+
add_permissions "set_permission(:sessions_management).with_controller(:sessions)"
|
141
141
|
|
142
142
|
add_predefined_user_group "set_public_access :sessions_management"
|
143
143
|
end
|
@@ -157,10 +157,10 @@ class LockdownGenerator < Rails::Generator::Base
|
|
157
157
|
|
158
158
|
def add_management_permissions
|
159
159
|
perms = []
|
160
|
-
perms << "set_permission
|
161
|
-
perms << "set_permission
|
162
|
-
perms << "set_permission
|
163
|
-
perms << "set_permission
|
160
|
+
perms << "set_permission(:users_management).with_controller(:#{@namespace.blank? ? "users" : "#{@namespace}__users"})"
|
161
|
+
perms << "set_permission(:user_groups_management).with_controller(:#{@namespace.blank? ? "user_groups" : "#{@namespace}__user_groups"})"
|
162
|
+
perms << "set_permission(:permissions_management).with_controller(:#{@namespace.blank? ? "permissions" : "#{@namespace}__permissions"})"
|
163
|
+
perms << "set_permission(:my_account).with_controller(:#{@namespace.blank? ? "users" : "#{@namespace}__users"}).only_methods(:edit, :update, :show)"
|
164
164
|
|
165
165
|
add_permissions perms.join("\n ")
|
166
166
|
|
Binary file
|
Binary file
|