lockdown 0.7.1 → 0.8.0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: lockdown
 version: !ruby/object:Gem::Version 
-  version: 0.7.1
+  version: 0.8.0
 platform: ruby
 authors: 
 - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-01-17 00:00:00 -05:00
+date: 2009-02-08 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 2.2.0
+        version: 2.4.0
     version: 
 description: Lockdown is a authentication/authorization system for RubyOnRails (ver >= 2.1).
 email: andy@stonean.com
@@ -32,27 +32,26 @@ extra_rdoc_files:
 - History.txt
 - README.txt
 files: 
-- .gitignore
+- .DS_Store
 - History.txt
-- Manifest.txt
 - README.txt
 - Rakefile
 - lib/lockdown.rb
-- lib/lockdown/controller.rb
+- lib/lockdown/context.rb
 - lib/lockdown/database.rb
-- lib/lockdown/frameworks/merb.rb
-- lib/lockdown/frameworks/merb/controller.rb
-- lib/lockdown/frameworks/merb/view.rb
 - lib/lockdown/frameworks/rails.rb
 - lib/lockdown/frameworks/rails/controller.rb
 - lib/lockdown/frameworks/rails/view.rb
 - lib/lockdown/helper.rb
 - lib/lockdown/orms/active_record.rb
-- lib/lockdown/orms/data_mapper.rb
-- lib/lockdown/rights.rb
+- lib/lockdown/permission.rb
+- lib/lockdown/rules.rb
 - lib/lockdown/session.rb
 - lib/lockdown/system.rb
+- rails_generators/.DS_Store
+- rails_generators/lockdown/.DS_Store
 - rails_generators/lockdown/lockdown_generator.rb
+- rails_generators/lockdown/templates/.DS_Store
 - rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
 - rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
 - rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
@@ -81,13 +80,25 @@ files:
 - rails_generators/lockdown/templates/db/migrate/create_profiles.rb
 - rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
 - rails_generators/lockdown/templates/db/migrate/create_users.rb
+- rails_generators/lockdown/templates/lib/.DS_Store
 - rails_generators/lockdown/templates/lib/lockdown/init.rb
 - rails_generators/lockdown/templates/lib/lockdown/session.rb
+- spec/lockdown/database_spec.rb
+- spec/lockdown/frameworks/rails/controller_spec.rb
+- spec/lockdown/frameworks/rails/view_spec.rb
+- spec/lockdown/frameworks/rails_spec.rb
+- spec/lockdown/permission_spec.rb
+- spec/lockdown/rules_spec.rb
+- spec/lockdown/session_spec.rb
+- spec/lockdown/system_spec.rb
+- spec/lockdown_spec.rb
+- spec/rcov.opts
+- spec/spec.opts
+- spec/spec_helper.rb
 - tasks/ann.rake
 - tasks/bones.rake
 - tasks/gem.rake
 - tasks/git.rake
-- tasks/manifest.rake
 - tasks/notes.rake
 - tasks/post_load.rake
 - tasks/rdoc.rake

data/.gitignore

@@ -1,5 +0,0 @@
-*.DS_Store
-*.swp
-pkg/**
-doc/**
-email.txt

data/Manifest.txt

@@ -1,51 +0,0 @@
-.gitignore
-History.txt
-Manifest.txt
-README.txt
-Rakefile
-lib/lockdown.rb
-lib/lockdown/controller.rb
-lib/lockdown/database.rb
-lib/lockdown/frameworks/merb.rb
-lib/lockdown/frameworks/merb/controller.rb
-lib/lockdown/frameworks/merb/view.rb
-lib/lockdown/frameworks/rails.rb
-lib/lockdown/frameworks/rails/controller.rb
-lib/lockdown/frameworks/rails/view.rb
-lib/lockdown/helper.rb
-lib/lockdown/orms/active_record.rb
-lib/lockdown/orms/data_mapper.rb
-lib/lockdown/rights.rb
-lib/lockdown/session.rb
-lib/lockdown/system.rb
-rails_generators/lockdown/lockdown_generator.rb
-rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
-rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
-rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
-rails_generators/lockdown/templates/app/controllers/users_controller.rb
-rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
-rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
-rails_generators/lockdown/templates/app/helpers/users_helper.rb
-rails_generators/lockdown/templates/app/models/permission.rb
-rails_generators/lockdown/templates/app/models/profile.rb
-rails_generators/lockdown/templates/app/models/user.rb
-rails_generators/lockdown/templates/app/models/user_group.rb
-rails_generators/lockdown/templates/app/views/permissions/index.html.erb
-rails_generators/lockdown/templates/app/views/permissions/show.html.erb
-rails_generators/lockdown/templates/app/views/sessions/new.html.erb
-rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
-rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
-rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
-rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
-rails_generators/lockdown/templates/app/views/users/edit.html.erb
-rails_generators/lockdown/templates/app/views/users/index.html.erb
-rails_generators/lockdown/templates/app/views/users/new.html.erb
-rails_generators/lockdown/templates/app/views/users/show.html.erb
-rails_generators/lockdown/templates/config/initializers/lockit.rb
-rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
-rails_generators/lockdown/templates/db/migrate/create_permissions.rb
-rails_generators/lockdown/templates/db/migrate/create_profiles.rb
-rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
-rails_generators/lockdown/templates/db/migrate/create_users.rb
-rails_generators/lockdown/templates/lib/lockdown/init.rb
-rails_generators/lockdown/templates/lib/lockdown/session.rb

data/lib/lockdown/controller.rb

@@ -1,64 +0,0 @@
-module Lockdown
-  module Controller
-    module Core
-      def configure_lockdown
-        check_session_expiry
-        store_location
-      end
-
-      def set_current_user
-        login_from_basic_auth? unless logged_in?
-        if logged_in?
-          Thread.current[:profile_id] = current_profile_id
-          Thread.current[:client_id] = current_client_id if respond_to? :current_client_id
-        end
-      end
-  
-      def check_request_authorization
-        unless authorized?(path_from_hash(params))
-          raise SecurityError, "Authorization failed for params #{params.inspect}"
-        end
-      end
-      
-      def path_allowed?(url)
-        session[:access_rights] ||= Lockdown::System.public_access
-        session[:access_rights].include?(url)
-      end
-        
-      def check_session_expiry
-        if session[:expiry_time] && session[:expiry_time] < Time.now
-          nil_lockdown_values
-          timeout_method = Lockdown::System.fetch(:session_timeout_method)
-          if timeout_method.is_a?(Symbol) && self.respond_to?(timeout_method)
-            send(timeout_method) 
-          end
-        end
-        session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
-      end
-              
-      def store_location
-        if (request.method == :get) && (session[:thispage] != sent_from_uri)
-          session[:prevpage] = session[:thispage] || ''
-          session[:thispage] = sent_from_uri
-        end
-      end
-      
-      # Called from current_user.  Now, attempt to login by
-      # basic authentication information.
-      def login_from_basic_auth?
-        username, passwd = get_auth_data
-        if username && passwd
-          set_session_user User.authenticate(username, passwd)
-        end
-      end
-    
-      @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-      # gets BASIC auth info
-      def get_auth_data
-        auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-        auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-        return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
-      end
-    end # Core
-   end # Controller
-end # Lockdown

data/lib/lockdown/frameworks/merb/controller.rb

@@ -1,63 +0,0 @@
-module Lockdown
-  module Frameworks
-    module Merb
-      module Controller
-
-        def available_actions(klass)
-          klass.callable_actions.keys
-        end
-
-        def controller_name(klass)
-          klass.controller_name
-        end
-        
-        # Locking methods
-        module Lock
-          def self.included(base)
-            base.class_eval do 
-              include Lockdown::Frameworks::Merb::Controller::Lock::InstanceMethods
-            end
-
-            base.before :set_current_user
-            base.before :configure_lockdown
-            base.before :check_request_authorization
-          end
-
-          module InstanceMethods
-            def self.included(base)
-              base.class_eval do
-                include Lockdown::Controller::Core
-              end
-            end
-
-            def sent_from_uri
-              request.uri
-            end
-
-            def authorized?(path)
-              return true if current_user_is_admin?
-
-              path_allowed?(path)
-            end
-          
-            # Can log Error => e if desired, I don't desire to now.
-            # For now, just send home, but will probably make this configurable
-            def access_denied(e)
-              redirect Lockdown::System.fetch(:access_denied_path)
-            end
-          
-            def path_from_hash(hsh)
-              return hsh if hsh.is_a?(String)
-              hsh = hsh.to_hash if hsh.is_a?(Mash)
-              hsh['controller'].to_s + "/" + hsh['action'].to_s
-            end
-          
-            def redirect_back_or_default(default)
-              session[:prevpage] ? redirect(session[:prevpage]) : redirect(default)
-            end
-          end # InstanceMethods
-        end # Lock
-      end # Controller
-    end # Merb
-  end # Frameworks
-end # Lockdown

data/lib/lockdown/frameworks/merb/view.rb

@@ -1,32 +0,0 @@
-module Lockdown
-  module Frameworks
-    module Merb
-      module View
-        def self.included(base)
-          base.class_eval do
-            alias_method  :link_to_open,  :link_to
-            alias_method  :link_to,  :link_to_secured
-          end
-        end
-
-        def link_to_secured(name, url = '', options = {})
-          if authorized? url
-            return link_to_open(name, url, options)
-          end
-          return ""
-        end
-
-        def link_to_or_show(name, url = '', options = {})
-          lnk = link_to(name, url , options)
-          lnk.length == 0  ? name : lnk
-        end
-
-        def links(*lis)
-          rvalue = []
-          lis.each{|link| rvalue << link if link.length > 0 }
-          rvalue.join(" | ")
-        end
-      end # View
-    end # Merb
-  end # Frameworks
-end # Lockdown

data/lib/lockdown/frameworks/merb.rb

@@ -1,84 +0,0 @@
-require File.join(File.dirname(__FILE__), "merb", "controller")
-require File.join(File.dirname(__FILE__), "merb", "view")
-
-module Lockdown
-  module Frameworks
-    module Merb
-      class << self
-        def use_me?
-          Object.const_defined?("Merb") && ::Merb.const_defined?("AbstractController")
-        end
-
-        def included(mod)
-          mod.extend Lockdown::Frameworks::Merb::Environment
-          mixin
-        end
-
-        def mixin
-          Lockdown.controller_parent.class_eval do
-            include Lockdown::Frameworks::Merb::Controller::Lock
-          end
-          Lockdown.view_helper.class_eval do
-            include Lockdown::Frameworks::Merb::View
-          end
-          Lockdown::System.class_eval do
-            extend Lockdown::Frameworks::Merb::System
-          end
-        end
-      end # class block
-
-
-      module Environment
-        def project_root
-          ::Merb.root
-        end
-
-        def controller_parent
-          ::Merb::Controller 
-        end
-
-        def view_helper
-          ::Merb::AssetsMixin
-        end
-
-        def controller_class_name(str)
-          if str.include?("__")
-            str.split("__").collect{|p| Lockdown.camelize(p)}.join("::")
-          else
-            Lockdown.camelize(str)
-          end
-        end
-      end
-
-      module System
-        include Lockdown::Frameworks::Merb::Controller
-
-        def skip_sync?
-          Lockdown::System.fetch(:skip_db_sync_in).include?(Merb.environment)
-        end
-
-        def load_controller_classes
-          @controller_classes = {}
-         
-          maybe_load_framework_controller_parent
-        
-          Dir.chdir("#{Lockdown.project_root}/app/controllers") do
-            Dir["**/*.rb"].sort.each do |c|
-              next if c == "application.rb"
-              lockdown_load(c) 
-            end
-          end
-        end
- 
-        def maybe_load_framework_controller_parent
-          load("application.rb") unless const_defined?("Application")
-        end
-
-        def lockdown_load(file)
-          klass = Lockdown.class_name_from_file(file)
-          @controller_classes[klass] = Lockdown.qualified_const_get(klass) 
-        end
-      end # System
-    end # Merb
-  end # Frameworks
-end # Lockdown

data/lib/lockdown/orms/data_mapper.rb

@@ -1,70 +0,0 @@
-module Lockdown
-  module Orms
-    module DataMapper
-      class << self
-        def use_me?
-          Object.const_defined?("DataMapper") && DataMapper.const_defined?("Base")
-        end
-
-        def included(mod)
-          mod.extend Lockdown::Orms::Datamapper::Helper
-          mixin
-        end
-
-        def mixin
-          orm_parent.class_eval do
-            include Lockdown::Orm::DataMapper::Stamps
-          end
-        end
-      end # class block
-
-      module Helper
-        def orm_parent
-          ::DataMapper::Base
-        end
-
-        #TODO: These may be called from DataMapper::Base or DataMapper, not sure
-        #FIXME: If Datamapper is correct, need ::DataMapper
-        def database_execute(query)
-          DataMapper.database.execute(query)
-        end
-
-        def database_query(query)
-          DataMapper.database.query(query)
-        end
-
-        def database_table_exists?(klass)
-          DataMapper.database.table_exists?(klass)
-        end
-      end
-
-      module Stamps
-        def self.included(base)
-          base.class_eval do
-            alias_method :create_without_stamps,  :create
-            alias_method :create,  :create_with_stamps
-            alias_method :update_without_stamps,  :update
-            alias_method :update,  :update_with_stamps
-          end
-        end
-
-        def current_profile_id
-          Thread.current[:profile_id]
-        end
-
-        def create_with_stamps
-          profile_id = current_profile_id || Profile::SYSTEM
-          self[:created_by] = profile_id if self.respond_to?(:created_by) 
-          self[:updated_by] = profile_id if self.respond_to?(:updated_by) 
-          create_without_stamps
-        end
-                  
-        def update_with_stamps
-          profile_id = current_profile_id || Profile::SYSTEM
-          self[:updated_by] = profile_id if self.respond_to?(:updated_by)
-          update_without_stamps
-        end
-      end
-    end
-  end
-end

data/lib/lockdown/rights.rb

@@ -1,208 +0,0 @@
-module Lockdown
-  module Rights
-    attr_accessor :permissions #:nodoc:
-    attr_accessor :user_groups #:nodoc:
-
-    # :public_access allows access to all
-    attr_reader :public_access #:nodoc:
-    # :protected_access will restrict access to authenticated users.
-    attr_reader :protected_access #:nodoc:
-
-    # Future functionality:
-    # :private_access will restrict access to model data to their creators.
-    # attr_accessor :private_access 
-
-    # Sets permission with arrays of access_rights, e.g.:
-    # ["controller_a/method_1", "controller_a/method_2", ...]
-
-    def initialize_rights
-      @permissions ||= {}
-      @user_groups ||= {}
-
-      @public_access ||= []
-      @protected_access ||= []
-    end
-
-    def set_permission(name, *method_arrays)
-      permissions[name] ||= []
-      method_arrays.each{|ary| permissions[name] += ary}
-    end
-    
-    # Permissions are stored as a hash with the value being the method_arrays
-    def get_permissions
-      permissions.keys
-    end
-      
-    def permission_exists?(perm)
-      get_permissions.include?(perm)
-    end
-
-    def access_rights_for_permission(perm)
-      sym = Lockdown.get_symbol(perm)
-        
-      unless permission_exists?(sym)
-        raise SecurityError, "Permission requested is not defined: #{sym}"
-      end
-      permissions[sym]
-    end
-
-    def set_user_group(name, *perms)
-      user_groups[name] ||= []
-      perms.each do |perm| 
-        unless permission_exists?(perm)
-          raise SecurityError, "For UserGroup (#{name}), permission is invalid: #{perm}"
-        end
-        user_groups[name].push(perm)
-      end
-    end
-    
-    def get_user_groups
-      user_groups.keys
-    end
-
-    def user_group_exists?(ug)
-      get_user_groups.include?(ug)
-    end
-
-    # Determine if the user group is defined in init.rb
-    def has_user_group?(ug)
-      sym = Lockdown.get_symbol(ug)
-
-      return true if sym == Lockdown.administrator_group_symbol
-      user_group_exists?(sym)
-    end
-
-    def set_public_access(*perms)
-      perms.each{|perm| @public_access += permissions[perm]}
-    end
-
-    def public_access?(perm)
-      public_access.include?(perm)
-    end
-
-    def set_protected_access(*perms)
-      perms.each{|perm| @protected_access += permissions[perm]}
-    end
-
-    def protected_access?(perm)
-      protected_access.include?(perm)
-    end
-
-    def permission_assigned_automatically?(perm)
-      public_access?(perm) || protected_access?(perm)
-    end
-
-    # Test user for administrator rights
-    def administrator?(usr)
-      user_has_user_group?(usr, Lockdown.administrator_group_symbol)
-    end
-
-    # Returns array of controller/action values administrators can access.
-    def administrator_rights
-      Lockdown::System.all_controllers_all_methods
-    end
-      
-    def make_user_administrator(usr)
-      unless Lockdown.database_table_exists?(UserGroup)
-        create_administrator_user_group 
-      end
-
-      usr.user_groups << UserGroup.find_or_create_by_name(Lockdown.administrator_group_string)
-    end
-
-    # Returns array of controller/action values all logged in users can access.
-    def standard_authorized_user_rights
-      Lockdown::System.public_access + Lockdown::System.protected_access 
-    end
-
-    # Return array of controller/action values user can access.
-    def access_rights_for_user(usr)
-      return unless usr
-      return :all if administrator?(usr)
-
-      rights = standard_authorized_user_rights
-        
-      usr.user_groups.each do |grp|
-        permissions_for_user_group(grp) do |perm|
-          rights += access_rights_for_permission(perm) 
-        end
-      end
-      rights
-    end
-
-    # Use this for the management screen to restrict user group list to the
-    # user.  This will prevent a user from creating a user with more power than
-    # him/her self.
-    def user_groups_assignable_for_user(usr)
-      return [] if usr.nil?
-        
-      if administrator?(usr)
-        UserGroup.find_by_sql <<-SQL
-          select user_groups.* from user_groups order by user_groups.name
-        SQL
-      else
-        UserGroup.find_by_sql <<-SQL
-            select user_groups.* from user_groups, user_groups_users
-             where user_groups.id = user_groups_users.user_group_id
-             and user_groups_users.user_id = #{usr.id}	 
-             order by user_groups.name
-        SQL
-      end
-    end
-
-    # Similar to user_groups_assignable_for_user, this method should be
-    # used to restrict users from creating a user group with more power than
-    # they have been allowed.
-    def permissions_assignable_for_user(usr)
-      return [] if usr.nil?
-      if administrator?(usr)
-        get_permissions.collect{|k| Permission.find_by_name(Lockdown.get_string(k)) }.compact
-      else
-        user_groups_assignable_for_user(usr).collect{|g| g.permissions}.flatten.compact
-      end
-    end
-
-    def permissions_for_user_group(ug)
-      sym = Lockdown.get_symbol(ug)
-      perm_array = []  
-
-      if has_user_group?(sym)
-        permissions = user_groups[sym] || []
-      else
-        permissions = ug.permissions
-      end
-
-
-      permissions.each do |perm|
-        perm_sym = Lockdown.get_symbol(perm)
-
-        unless permission_exists?(perm_sym)
-          raise SecurityError, "Permission associated to User Group is invalid: #{perm}"
-        end
-
-        if block_given?
-          yield perm_sym
-        else
-          perm_array << perm_sym
-        end
-      end
-
-      return perm_array unless block_given?
-    end
-
-
-    private
-
-    def user_has_user_group?(usr, sym)
-      usr.user_groups.each do |ug|
-        return true if Lockdown.convert_reference_name(ug.name) == sym
-      end
-      false
-    end
-
-    def create_administrator_user_group
-      UserGroup.create :name => Lockdown.administrator_group_string
-    end
-      
-  end
-end