lockdown 1.0.6 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/lib/lockdown/database.rb
CHANGED
|
@@ -48,7 +48,7 @@ module Lockdown
|
|
|
48
48
|
# Create user groups not found in the database
|
|
49
49
|
@user_groups.each do |key|
|
|
50
50
|
str = Lockdown.get_string(key)
|
|
51
|
-
unless ug = ::
|
|
51
|
+
unless ug = Lockdown::System.fetch(:user_group_model).find(:first, :conditions => ["name = ?", str])
|
|
52
52
|
create_user_group(str, key)
|
|
53
53
|
else
|
|
54
54
|
# Remove permissions from user group not found in init.rb
|
|
@@ -61,8 +61,8 @@ module Lockdown
|
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
def create_user_group(name_str, key)
|
|
64
|
-
puts ">> Lockdown:
|
|
65
|
-
ug = ::
|
|
64
|
+
puts ">> Lockdown: #{Lockdown::System.fetch(:user_group_model)} not in the db: #{name_str}, creating."
|
|
65
|
+
ug = Lockdown::System.fetch(:user_group_model).create(:name => name_str)
|
|
66
66
|
#Inefficient, definitely, but shouldn't have any issues across orms.
|
|
67
67
|
Lockdown::System.permissions_for_user_group(key).each do |perm|
|
|
68
68
|
p = ::Permission.find(:first, :conditions => ["name = ?",
|
|
@@ -15,7 +15,7 @@ module Lockdown
|
|
|
15
15
|
def link_to_secured(name, options = {}, html_options = nil)
|
|
16
16
|
url = url_for(options)
|
|
17
17
|
|
|
18
|
-
method = html_options ? html_options[:method] :
|
|
18
|
+
method = html_options ? html_options[:method] : :get
|
|
19
19
|
|
|
20
20
|
if authorized?(url, method)
|
|
21
21
|
return link_to_open(name, url, html_options)
|
|
@@ -26,7 +26,7 @@ module Lockdown
|
|
|
26
26
|
def button_to_secured(name, options = {}, html_options = nil)
|
|
27
27
|
url = url_for(options)
|
|
28
28
|
|
|
29
|
-
method = html_options ? html_options[:method] :
|
|
29
|
+
method = html_options ? html_options[:method] : :get
|
|
30
30
|
|
|
31
31
|
if authorized?(url, method)
|
|
32
32
|
return button_to_open(name, url, html_options)
|
data/lib/lockdown/helper.rb
CHANGED
data/lib/lockdown/rules.rb
CHANGED
|
@@ -31,7 +31,9 @@ module Lockdown
|
|
|
31
31
|
:successful_login_path => "/",
|
|
32
32
|
:subdirectory => nil,
|
|
33
33
|
:skip_db_sync_in => ["test"],
|
|
34
|
-
:link_separator => ' | '
|
|
34
|
+
:link_separator => ' | ',
|
|
35
|
+
:user_group_model => ::UserGroup,
|
|
36
|
+
:user_model => ::User
|
|
35
37
|
}
|
|
36
38
|
end
|
|
37
39
|
|
|
@@ -143,7 +145,8 @@ module Lockdown
|
|
|
143
145
|
# Pass in a user object to be associated to the administrator user group
|
|
144
146
|
# The group will be created if it doesn't exist
|
|
145
147
|
def make_user_administrator(usr)
|
|
146
|
-
|
|
148
|
+
user_groups = usr.send(Lockdown.user_groups_hbtm_reference)
|
|
149
|
+
user_groups << Lockdown::System.fetch(:user_group_model).
|
|
147
150
|
find_or_create_by_name(Lockdown.administrator_group_string)
|
|
148
151
|
end
|
|
149
152
|
|
|
@@ -160,7 +163,8 @@ module Lockdown
|
|
|
160
163
|
|
|
161
164
|
rights = standard_authorized_user_rights
|
|
162
165
|
|
|
163
|
-
usr.
|
|
166
|
+
user_groups = usr.send(Lockdown.user_groups_hbtm_reference)
|
|
167
|
+
user_groups.each do |grp|
|
|
164
168
|
permissions_for_user_group(grp).each do |perm|
|
|
165
169
|
rights += access_rights_for_permission(perm)
|
|
166
170
|
end
|
|
@@ -185,7 +189,8 @@ module Lockdown
|
|
|
185
189
|
|
|
186
190
|
# Pass in user object and symbol for name of user group
|
|
187
191
|
def user_has_user_group?(usr, sym)
|
|
188
|
-
usr.
|
|
192
|
+
user_groups = usr.send(Lockdown.user_groups_hbtm_reference)
|
|
193
|
+
user_groups.any? do |ug|
|
|
189
194
|
Lockdown.convert_reference_name(ug.name) == sym
|
|
190
195
|
end
|
|
191
196
|
end
|
|
@@ -197,11 +202,11 @@ module Lockdown
|
|
|
197
202
|
return [] if usr.nil?
|
|
198
203
|
|
|
199
204
|
if administrator?(usr)
|
|
200
|
-
|
|
205
|
+
Lockdown::System.fetch(:user_group_model).find_by_sql <<-SQL
|
|
201
206
|
select user_groups.* from user_groups order by user_groups.name
|
|
202
207
|
SQL
|
|
203
208
|
else
|
|
204
|
-
|
|
209
|
+
Lockdown::System.fetch(:user_group_model).find_by_sql <<-SQL
|
|
205
210
|
select user_groups.* from user_groups, user_groups_users
|
|
206
211
|
where user_groups.id = user_groups_users.user_group_id
|
|
207
212
|
and user_groups_users.user_id = #{usr.id}
|
data/lib/lockdown.rb
CHANGED
|
@@ -5,12 +5,19 @@ Lockdown::System.configure do
|
|
|
5
5
|
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
6
6
|
# Options with defaults:
|
|
7
7
|
#
|
|
8
|
-
#
|
|
8
|
+
#
|
|
9
|
+
# Set User model:
|
|
10
|
+
# options[:user_model] = User
|
|
11
|
+
#
|
|
12
|
+
# Set UserGroup model:
|
|
13
|
+
# options[:user_group_model] = UserGroup
|
|
14
|
+
#
|
|
15
|
+
# Set who_did_it method:
|
|
9
16
|
# This method is used in setting the created_by/updated_by fields and
|
|
10
17
|
# should be accessible to the controller
|
|
11
18
|
# options[:who_did_it] = :current_user_id
|
|
12
19
|
#
|
|
13
|
-
# Set default_who_did_it
|
|
20
|
+
# Set default_who_did_it:
|
|
14
21
|
# When current_user_id returns nil, this is the value to use
|
|
15
22
|
# options[:default_who_did_it] = 1
|
|
16
23
|
#
|