lockdown 1.3.1 → 1.3.2

data/.gitignore

@@ -0,0 +1,6 @@
+*.DS_Store
+*.swp
+pkg/**
+doc/**
+email.txt
+coverage/**

data/Rakefile

@@ -1,16 +1,7 @@
-# Look in the tasks/setup.rb file for the various options that can be
-# configured in this Rakefile. The .rake files in the tasks directory
-# are where the options are used.
-
-begin
-  require 'bones'
-  Bones.setup
-rescue LoadError
-  load 'tasks/setup.rb'
-end
-
-ensure_in_path 'lib'
-require 'lockdown'
+require 'rubygems'
+require 'rake'
+require 'rcov'
+require 'spec/rake/spectask'
 
 task :default => 'rcov'
 
@@ -27,15 +18,19 @@ Spec::Rake::SpecTask.new(:rcov) do |t|
   t.rcov_opts = IO.readlines("spec/rcov.opts").map {|l| l.chomp.split " "}.flatten
 end
 
-PROJ.name = 'lockdown'
-PROJ.authors = 'Andrew Stone'
-PROJ.email = 'andy@stonean.com'
-PROJ.url = 'http://stonean.com/wiki/lockdown'
-PROJ.version = Lockdown::VERSION
-PROJ.rubyforge.name = 'lockdown'
-
-PROJ.spec.opts << '--color'
-PROJ.exclude << ".swp"
-PROJ.exclude << ".gitignore"
-
-# EOF
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "lockdown"
+    gemspec.rubyforge_project = "lockdown"
+    gemspec.summary = "Authorization system for Rails 2.x"
+    gemspec.description = "Restrict access to your controller actions.  Supports basic model level restrictions as well"
+    gemspec.email = "andy@stonean.com"
+    gemspec.homepage = "http://stonean.com/wiki/lockdown"
+    gemspec.authors = ["Andrew Stone"]
+    gemspec.add_development_dependency('rspec')
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION

@@ -0,0 +1 @@
+1.3.2

data/lib/lockdown/database.rb

@@ -11,7 +11,7 @@ module Lockdown
         @user_groups = Lockdown::System.get_user_groups
 
         unless ::Permission.table_exists? && Lockdown.user_group_class.table_exists?
-          puts ">> Lockdown tables not found.  Skipping database sync."
+          Lockdown.logger.info ">> Lockdown tables not found.  Skipping database sync."
           return
         end
         create_new_permissions
@@ -20,7 +20,7 @@ module Lockdown
       
         maintain_user_groups
       rescue Exception => e
-        puts ">> Lockdown sync failed: #{e}" 
+        Lockdown.logger.error ">> Lockdown sync failed: #{e.backtrace.join("\n")}" 
       end
 
       # Create permissions not found in the database
@@ -30,7 +30,7 @@ module Lockdown
           str = Lockdown.get_string(key)
           p = ::Permission.find(:first, :conditions => ["name = ?", str])
           unless p
-            puts ">> Lockdown: Permission not found in db: #{str}, creating."
+            Lockdown.logger.info ">> Lockdown: Permission not found in db: #{str}, creating."
             ::Permission.create(:name => str)
           end
         end
@@ -41,7 +41,7 @@ module Lockdown
         db_perms = ::Permission.find(:all).dup
         db_perms.each do |dbp|
           unless @permissions.include?(Lockdown.get_symbol(dbp.name))
-            puts ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
+            Lockdown.logger.info ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
           ug_table = Lockdown.user_groups_hbtm_reference.to_s
           if "permissions" < ug_table
             join_table = "permissions_#{ug_table}"
@@ -71,12 +71,18 @@ module Lockdown
       end
 
       def create_user_group(name_str, key)
-        puts ">> Lockdown: #{Lockdown::System.fetch(:user_group_model)} not in the db: #{name_str}, creating."
+        Lockdown.logger.info ">> Lockdown: #{Lockdown::System.fetch(:user_group_model)} not in the db: #{name_str}, creating."
         ug = Lockdown.user_group_class.create(:name => name_str)
         #Inefficient, definitely, but shouldn't have any issues across orms.
+        #
         Lockdown::System.permissions_for_user_group(key).each do |perm|
-          p = ::Permission.find(:first, :conditions => ["name = ?", 
-                                Lockdown.get_string(perm)])
+
+          if Lockdown::System.permission_assigned_automatically?(perm)
+            Lockdown.logger.info  ">> Permission #{perm} cannot be assigned to #{name_str}.  Already belongs to built in user group (public or protected)."
+            raise  InvalidPermissionAssignment, "Invalid permission assignment"
+          end
+
+          p = ::Permission.find(:first, :conditions => ["name = ?", Lockdown.get_string(perm)]) 
 
           ug_table = Lockdown.user_groups_hbtm_reference.to_s
           if "permissions" < ug_table
@@ -93,7 +99,7 @@ module Lockdown
           perm_sym = Lockdown.get_symbol(perm)
           perm_string = Lockdown.get_string(perm)
           unless Lockdown::System.permissions_for_user_group(key).include?(perm_sym)
-            puts ">> Lockdown: Permission: #{perm_string} no longer associated to User Group: #{ug.name}, deleting."
+            Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} no longer associated to User Group: #{ug.name}, deleting."
             ug.permissions.delete(perm)
           end
         end
@@ -109,7 +115,7 @@ module Lockdown
           end
           # if not found, add it
           unless found
-            puts ">> Lockdown: Permission: #{perm_string} not found for User Group: #{ug.name}, adding it."
+            Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} not found for User Group: #{ug.name}, adding it."
             p = ::Permission.find(:first, :conditions => ["name = ?", perm_string])
             ug.permissions << p
           end

data/lib/lockdown/errors.rb

@@ -4,4 +4,6 @@ module Lockdown
   class InvalidRuleContext < StandardError; end
 
   class PermissionScopeCollision < StandardError; end
+
+  class InvalidPermissionAssignment < StandardError; end
 end

data/lib/lockdown/rules.rb

@@ -334,8 +334,6 @@ module Lockdown
 
       method_definition << "\n\tend"
 
-      #puts "method_definition:\n #{method_definition}"
-
       Lockdown.add_controller_method method_definition
     end
 

data/lib/lockdown.rb

@@ -1,7 +1,8 @@
 $:.unshift File.dirname(__FILE__)
 
-require File.join("lockdown", "errors")
+require 'logger'
 
+require File.join("lockdown", "errors")
 require File.join("lockdown", "helper")
 require File.join("lockdown", "session")
 require File.join("lockdown", "context")
@@ -9,69 +10,74 @@ require File.join("lockdown", "permission")
 require File.join("lockdown", "database")
 require File.join("lockdown", "rules")
 require File.join("lockdown", "system")
-
 require File.join("lockdown", "references")
 
 module Lockdown
   extend Lockdown::References
   extend Lockdown::Helper
 
-  # current version is 1.3.0
-  VERSION = '1.3.1'
+  VERSION = '1.3.2'
 
-  # Returns the version string for the library.
-  def self.version
-    VERSION
-  end
+  class << self
+    attr_accessor :logger
 
-  def self.major_version
-    version.split('.')[0].to_i
-  end
+    # Returns the version string for the library.
+    def version
+      VERSION
+    end
 
-  def self.minor_version
-    version.split('.')[1].to_i
-  end
+    def major_version
+      version.split('.')[0].to_i
+    end
 
-  def self.patch_version
-    version.split('.')[2].to_i
-  end
+    def minor_version
+      version.split('.')[1].to_i
+    end
 
-  # Mixin Lockdown code to the appropriate framework and ORM
-  def self.mixin
-    if mixin_resource?("frameworks")
-      unless mixin_resource?("orms")
-        raise NotImplementedError, "ORM unknown to Lockdown!"
-      end
+    def patch_version
+      version.split('.')[2].to_i
+    end
 
-      if File.exists?(Lockdown.init_file)
-        puts "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
-        require Lockdown.init_file
+    # Mixin Lockdown code to the appropriate framework and ORM
+    def mixin
+      if mixin_resource?("frameworks")
+        unless mixin_resource?("orms")
+          raise NotImplementedError, "ORM unknown to Lockdown!"
+        end
+
+        if File.exists?(Lockdown.init_file)
+          Lockdown.logger.info "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
+          require Lockdown.init_file
+        else
+          Lockdown.logger.info "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
+        end
       else
-        puts "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
+        Lockdown.logger.info "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
       end
-    else
-      puts "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
-    end
-  end # mixin
-
-  private
-
-  def self.mixin_resource?(str)
-    wildcard_path = File.join( File.dirname(__FILE__), 'lockdown', str , '*.rb' ) 
-    Dir[wildcard_path].each do |f|
-      require f
-      module_name = File.basename(f).split(".")[0]
-      module_class = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(module_name)}")
-      if module_class.use_me?
-        include module_class
-        return true
+    end # mixin
+
+    private
+
+    def mixin_resource?(str)
+      wildcard_path = File.join( File.dirname(__FILE__), 'lockdown', str , '*.rb' ) 
+      Dir[wildcard_path].each do |f|
+        require f
+        module_name = File.basename(f).split(".")[0]
+        module_class = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(module_name)}")
+        if module_class.use_me?
+          include module_class
+          return true
+        end
       end
-    end
-    false
-  end # mixin_resource?
+      false
+    end # mixin_resource?
+  end # class block
+
+  self.logger = Logger.new(STDOUT)
+
 end # Lockdown
 
-puts "=> Mixing in Lockdown version: #{Lockdown.version} \n"
+Lockdown.logger.info "=> Mixing in Lockdown version: #{Lockdown.version} \n"
 Lockdown.mixin
 
 

data/lockdown.gemspec

@@ -0,0 +1,119 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE
+# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{lockdown}
+  s.version = "1.3.2"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Andrew Stone"]
+  s.date = %q{2009-10-17}
+  s.description = %q{Restrict access to your controller actions.  Supports basic model level restrictions as well}
+  s.email = %q{andy@stonean.com}
+  s.extra_rdoc_files = [
+    "README.txt"
+  ]
+  s.files = [
+    ".gitignore",
+     "History.txt",
+     "README.txt",
+     "Rakefile",
+     "VERSION",
+     "lib/lockdown.rb",
+     "lib/lockdown/context.rb",
+     "lib/lockdown/database.rb",
+     "lib/lockdown/errors.rb",
+     "lib/lockdown/frameworks/rails.rb",
+     "lib/lockdown/frameworks/rails/controller.rb",
+     "lib/lockdown/frameworks/rails/view.rb",
+     "lib/lockdown/helper.rb",
+     "lib/lockdown/orms/active_record.rb",
+     "lib/lockdown/permission.rb",
+     "lib/lockdown/references.rb",
+     "lib/lockdown/rspec_helper.rb",
+     "lib/lockdown/rules.rb",
+     "lib/lockdown/session.rb",
+     "lib/lockdown/system.rb",
+     "lockdown.gemspec",
+     "rails_generators/lockdown/lockdown_generator.rb",
+     "rails_generators/lockdown/templates/app/controllers/permissions_controller.rb",
+     "rails_generators/lockdown/templates/app/controllers/sessions_controller.rb",
+     "rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb",
+     "rails_generators/lockdown/templates/app/controllers/users_controller.rb",
+     "rails_generators/lockdown/templates/app/helpers/permissions_helper.rb",
+     "rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb",
+     "rails_generators/lockdown/templates/app/helpers/users_helper.rb",
+     "rails_generators/lockdown/templates/app/models/permission.rb",
+     "rails_generators/lockdown/templates/app/models/profile.rb",
+     "rails_generators/lockdown/templates/app/models/user.rb",
+     "rails_generators/lockdown/templates/app/models/user_group.rb",
+     "rails_generators/lockdown/templates/app/views/permissions/index.html.erb",
+     "rails_generators/lockdown/templates/app/views/permissions/show.html.erb",
+     "rails_generators/lockdown/templates/app/views/sessions/new.html.erb",
+     "rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb",
+     "rails_generators/lockdown/templates/app/views/user_groups/index.html.erb",
+     "rails_generators/lockdown/templates/app/views/user_groups/new.html.erb",
+     "rails_generators/lockdown/templates/app/views/user_groups/show.html.erb",
+     "rails_generators/lockdown/templates/app/views/users/edit.html.erb",
+     "rails_generators/lockdown/templates/app/views/users/index.html.erb",
+     "rails_generators/lockdown/templates/app/views/users/new.html.erb",
+     "rails_generators/lockdown/templates/app/views/users/show.html.erb",
+     "rails_generators/lockdown/templates/config/initializers/lockit.rb",
+     "rails_generators/lockdown/templates/db/migrate/create_admin_user.rb",
+     "rails_generators/lockdown/templates/db/migrate/create_permissions.rb",
+     "rails_generators/lockdown/templates/db/migrate/create_profiles.rb",
+     "rails_generators/lockdown/templates/db/migrate/create_user_groups.rb",
+     "rails_generators/lockdown/templates/db/migrate/create_users.rb",
+     "rails_generators/lockdown/templates/lib/lockdown/README",
+     "rails_generators/lockdown/templates/lib/lockdown/init.rb",
+     "spec/lockdown/context_spec.rb",
+     "spec/lockdown/database_spec.rb",
+     "spec/lockdown/frameworks/rails/controller_spec.rb",
+     "spec/lockdown/frameworks/rails/view_spec.rb",
+     "spec/lockdown/frameworks/rails_spec.rb",
+     "spec/lockdown/permission_spec.rb",
+     "spec/lockdown/rspec_helper_spec.rb",
+     "spec/lockdown/rules_spec.rb",
+     "spec/lockdown/session_spec.rb",
+     "spec/lockdown/system_spec.rb",
+     "spec/lockdown_spec.rb",
+     "spec/rcov.opts",
+     "spec/spec.opts",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://stonean.com/wiki/lockdown}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{lockdown}
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Authorization system for Rails 2.x}
+  s.test_files = [
+    "spec/lockdown/context_spec.rb",
+     "spec/lockdown/database_spec.rb",
+     "spec/lockdown/frameworks/rails/controller_spec.rb",
+     "spec/lockdown/frameworks/rails/view_spec.rb",
+     "spec/lockdown/frameworks/rails_spec.rb",
+     "spec/lockdown/permission_spec.rb",
+     "spec/lockdown/rspec_helper_spec.rb",
+     "spec/lockdown/rules_spec.rb",
+     "spec/lockdown/session_spec.rb",
+     "spec/lockdown/system_spec.rb",
+     "spec/lockdown_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rspec>, [">= 0"])
+    else
+      s.add_dependency(%q<rspec>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rspec>, [">= 0"])
+  end
+end

data/spec/lockdown/database_spec.rb

@@ -68,7 +68,7 @@ describe Lockdown::Database do
     it "should sync user group permissions for existing user group" do
       ug = mock('user group')
 
-     @user_group_class.should_receive(:find).
+      @user_group_class.should_receive(:find).
         with(:first, :conditions => ["name = ?", "User Group"]).
         and_return(ug)
       
@@ -94,6 +94,9 @@ describe Lockdown::Database do
       Lockdown::System.stub!(:permissions_for_user_group).
         and_return([:perm])
 
+      Lockdown::System.stub!(:permission_assigned_automatically?).
+        and_return(false)
+
       perm = mock('permission')
       perm.stub!(:id).and_return(3344)
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: lockdown
 version: !ruby/object:Gem::Version 
-  version: 1.3.1
+  version: 1.3.2
 platform: ruby
 authors: 
 - Andrew Stone
@@ -9,32 +9,33 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-09-02 00:00:00 -04:00
+date: 2009-10-17 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: bones
+  name: rspec
   type: :development
   version_requirement: 
   version_requirements: !ruby/object:Gem::Requirement 
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 2.5.1
+        version: "0"
     version: 
-description: Lockdown is an authorization system for RubyOnRails (ver >= 2.1).
+description: Restrict access to your controller actions.  Supports basic model level restrictions as well
 email: andy@stonean.com
 executables: []
 
 extensions: []
 
 extra_rdoc_files: 
-- History.txt
 - README.txt
 files: 
+- .gitignore
 - History.txt
 - README.txt
 - Rakefile
+- VERSION
 - lib/lockdown.rb
 - lib/lockdown/context.rb
 - lib/lockdown/database.rb
@@ -50,6 +51,7 @@ files:
 - lib/lockdown/rules.rb
 - lib/lockdown/session.rb
 - lib/lockdown/system.rb
+- lockdown.gemspec
 - rails_generators/lockdown/lockdown_generator.rb
 - rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
 - rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
@@ -95,27 +97,13 @@ files:
 - spec/rcov.opts
 - spec/spec.opts
 - spec/spec_helper.rb
-- tasks/ann.rake
-- tasks/bones.rake
-- tasks/gem.rake
-- tasks/git.rake
-- tasks/notes.rake
-- tasks/post_load.rake
-- tasks/rdoc.rake
-- tasks/rubyforge.rake
-- tasks/setup.rb
-- tasks/spec.rake
-- tasks/svn.rake
-- tasks/test.rake
-- tasks/zentest.rake
 has_rdoc: true
 homepage: http://stonean.com/wiki/lockdown
 licenses: []
 
 post_install_message: 
 rdoc_options: 
-- --main
-- README.txt
+- --charset=UTF-8
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
@@ -136,6 +124,17 @@ rubyforge_project: lockdown
 rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
-summary: Lockdown is an authorization system for RubyOnRails (ver >= 2
-test_files: []
-
+summary: Authorization system for Rails 2.x
+test_files: 
+- spec/lockdown/context_spec.rb
+- spec/lockdown/database_spec.rb
+- spec/lockdown/frameworks/rails/controller_spec.rb
+- spec/lockdown/frameworks/rails/view_spec.rb
+- spec/lockdown/frameworks/rails_spec.rb
+- spec/lockdown/permission_spec.rb
+- spec/lockdown/rspec_helper_spec.rb
+- spec/lockdown/rules_spec.rb
+- spec/lockdown/session_spec.rb
+- spec/lockdown/system_spec.rb
+- spec/lockdown_spec.rb
+- spec/spec_helper.rb

data/tasks/ann.rake

@@ -1,80 +0,0 @@
-
-begin
-  require 'bones/smtp_tls'
-rescue LoadError
-  require 'net/smtp'
-end
-require 'time'
-
-namespace :ann do
-
-  # A prerequisites task that all other tasks depend upon
-  task :prereqs
-
-  file PROJ.ann.file do
-    ann = PROJ.ann
-    puts "Generating #{ann.file}"
-    File.open(ann.file,'w') do |fd|
-      fd.puts("#{PROJ.name} version #{PROJ.version}")
-      fd.puts("    by #{Array(PROJ.authors).first}") if PROJ.authors
-      fd.puts("    #{PROJ.url}") if PROJ.url.valid?
-      fd.puts("    (the \"#{PROJ.release_name}\" release)") if PROJ.release_name
-      fd.puts
-      fd.puts("== DESCRIPTION")
-      fd.puts
-      fd.puts(PROJ.description)
-      fd.puts
-      fd.puts(PROJ.changes.sub(%r/^.*$/, '== CHANGES'))
-      fd.puts
-      ann.paragraphs.each do |p|
-        fd.puts "== #{p.upcase}"
-        fd.puts
-        fd.puts paragraphs_of(PROJ.readme_file, p).join("\n\n")
-        fd.puts
-      end
-      fd.puts ann.text if ann.text
-    end
-  end
-
-  desc "Create an announcement file"
-  task :announcement => ['ann:prereqs', PROJ.ann.file]
-
-  desc "Send an email announcement"
-  task :email => ['ann:prereqs', PROJ.ann.file] do
-    ann = PROJ.ann
-    from = ann.email[:from] || Array(PROJ.authors).first || PROJ.email
-    to   = Array(ann.email[:to])
-
-    ### build a mail header for RFC 822
-    rfc822msg =  "From: #{from}\n"
-    rfc822msg << "To: #{to.join(',')}\n"
-    rfc822msg << "Subject: [ANN] #{PROJ.name} #{PROJ.version}"
-    rfc822msg << " (#{PROJ.release_name})" if PROJ.release_name
-    rfc822msg << "\n"
-    rfc822msg << "Date: #{Time.new.rfc822}\n"
-    rfc822msg << "Message-Id: "
-    rfc822msg << "<#{"%.8f" % Time.now.to_f}@#{ann.email[:domain]}>\n\n"
-    rfc822msg << File.read(ann.file)
-
-    params = [:server, :port, :domain, :acct, :passwd, :authtype].map do |key|
-      ann.email[key]
-    end
-
-    params[3] = PROJ.email if params[3].nil?
-
-    if params[4].nil?
-      STDOUT.write "Please enter your e-mail password (#{params[3]}): "
-      params[4] = STDIN.gets.chomp
-    end
-
-    ### send email
-    Net::SMTP.start(*params) {|smtp| smtp.sendmail(rfc822msg, from, to)}
-  end
-end  # namespace :ann
-
-desc 'Alias to ann:announcement'
-task :ann => 'ann:announcement'
-
-CLOBBER << PROJ.ann.file
-
-# EOF

data/tasks/bones.rake

@@ -1,20 +0,0 @@
-
-if HAVE_BONES
-
-namespace :bones do
-
-  desc 'Show the PROJ open struct'
-  task :debug do |t|
-    atr = if t.application.top_level_tasks.length == 2
-      t.application.top_level_tasks.pop
-    end
-
-    if atr then Bones::Debug.show_attr(PROJ, atr)
-    else Bones::Debug.show PROJ end
-  end
-
-end  # namespace :bones
-
-end  # HAVE_BONES
-
-# EOF