lockdown 1.6.5 → 2.0.0

data/lib/lockdown/frameworks/rails/controller.rb

@@ -2,31 +2,19 @@ module Lockdown
   module Frameworks
     module Rails
       module Controller
-        
-        def available_actions(klass)
-          klass.action_methods
-        end
-
-        def controller_name(klass)
-          klass.controller_name
-        end
-
         # Locking methods
         module Lock
 
           def configure_lockdown
-            Lockdown.maybe_parse_init
-            check_session_expiry
             store_location
           end
 
           # Basic auth functionality needs to be reworked as 
           # Lockdown doesn't provide authentication functionality.
           def set_current_user
-            #login_from_basic_auth? unless logged_in?
             if logged_in?
-              Thread.current[:who_did_it] = Lockdown::System.
-                call(self, :who_did_it)
+              whodat = send(Lockdown::Configuration.who_did_it)
+              Thread.current[:who_did_it] = whodat
             end
           end
 
@@ -39,19 +27,6 @@ module Lockdown
 
           protected 
   
-          def path_allowed?(url)
-            session[:access_rights] ||= Lockdown::System.public_access
-            session[:access_rights].include?(url)
-          end
-    
-          def check_session_expiry
-            if session[:expiry_time] && session[:expiry_time] < Time.now
-              nil_lockdown_values
-              Lockdown::System.call(self, :session_timeout_method)
-            end
-            session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
-          end
-          
           def store_location
             if (request.method == :get) && (session[:thispage] != sent_from_uri)
               session[:prevpage] = session[:thispage] || ''
@@ -69,25 +44,30 @@ module Lockdown
 
             return false unless url
 
-            return true if current_user_is_admin?
-
             method ||= (params[:method] || request.method)
 
             url_parts = URI::split(url.strip)
 
             path = url_parts[5]
 
-            subdir = Lockdown::System.fetch(:subdirectory)
-            if subdir && subdir == path[1,subdir.length]
-              path = path[(subdir.length+1)..-1]
+            if Lockdown::Delivery.allowed?(path, session[:access_rights])
+              return true 
             end
 
-            return true if path_allowed?(path)
-
             begin
-              hash = ActionController::Routing::Routes.recognize_path(path, :method => method)
-              return path_allowed?(path_from_hash(hash)) if hash
-            rescue Exception => e
+              if ::Rails.respond_to?(:application)
+                router = ::Rails.application.routes
+              else
+                router = ActionController::Routing::Routes
+              end
+
+              hash = router.recognize_path(path, :method => method)
+
+              if hash
+                return Lockdown::Delivery.allowed?(path_from_hash(hash),
+                                                      session[:access_rights])
+              end
+            rescue ActionController::RoutingError
               # continue on
             end
 
@@ -95,7 +75,7 @@ module Lockdown
             return true if url =~ /^mailto:/
 
             # Public file
-            file = File.join(RAILS_ROOT, 'public', url)
+            file = File.join(::Rails.root, 'public', url)
             return true if File.exists?(file)
 
             # Passing in different domain
@@ -106,13 +86,13 @@ module Lockdown
 
             Lockdown.logger.info "Access denied: #{e}"
 
-            if Lockdown::System.fetch(:logout_on_access_violation)
+            if Lockdown::Configuration.logout_on_access_violation
               reset_session
             end
             respond_to do |format|
               format.html do
                 store_location
-                redirect_to Lockdown::System.fetch(:access_denied_path)
+                redirect_to Lockdown::Configuration.access_denied_path
                 return
               end
               format.xml do
@@ -125,8 +105,7 @@ module Lockdown
           end
 
           def path_from_hash(hash)
-            subdir = Lockdown::System.fetch(:subdirectory)
-            (subdir ? subdir + "/" : "") + hash[:controller].to_s + "/" + hash[:action].to_s
+            hash[:controller].to_s + "/" + hash[:action].to_s
           end
 
           def remote_url?(domain = nil)
@@ -141,23 +120,6 @@ module Lockdown
               redirect_to(session[:prevpage])
             end
           end
-  
-          # Called from current_user.  Now, attempt to login by
-          # basic authentication information.
-          def login_from_basic_auth?
-            username, passwd = get_auth_data
-            if username && passwd
-              set_session_user ::User.authenticate(username, passwd)
-            end
-          end
-
-          @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-          # gets BASIC auth info
-          def get_auth_data
-            auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-            auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-            return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
-          end
         end # Lock
       end # Controller
     end # Rails

data/lib/lockdown/frameworks/rails/view.rb

@@ -42,7 +42,7 @@ module Lockdown
         def links(*lis)
           rvalue = []
           lis.each{|link| rvalue << link if link.length > 0 }
-          rvalue.join( Lockdown::System.fetch(:link_separator) )
+          rvalue.join( Lockdown::Configuration.link_separator )
         end
       end # View
     end # Rails

data/lib/lockdown/frameworks/rails.rb

@@ -1,3 +1,5 @@
+# encoding: utf-8
+
 require File.join(File.dirname(__FILE__), "rails", "controller")
 require File.join(File.dirname(__FILE__), "rails", "view")
 
@@ -5,10 +7,6 @@ module Lockdown
   module Frameworks
     module Rails
       class << self
-        def use_me?
-          Object.const_defined?("ActionController") && ActionController.const_defined?("Base")
-        end
-
         def included(mod)
           mod.extend Lockdown::Frameworks::Rails::Environment
           mixin
@@ -21,8 +19,10 @@ module Lockdown
             include Lockdown::Frameworks::Rails::View
           end
 
-          Lockdown.system.class_eval do 
-            extend Lockdown::Frameworks::Rails::System
+          Lockdown::Configuration.class_eval do 
+            def self.skip_sync?
+              skip_db_sync_in.include?(::Rails.env)
+            end
           end
         end
 
@@ -34,13 +34,12 @@ module Lockdown
 
           klass.helper_method :authorized?
 
-          klass.hide_action(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
+          klass.hide_action(:set_current_user, :configure_lockdown, :check_request_authorization)
 
           klass.before_filter do |c|
             c.set_current_user
             c.configure_lockdown
             c.check_request_authorization
-            c.check_model_authorization
           end
 
           klass.filter_parameter_logging :password, :password_confirmation
@@ -55,10 +54,6 @@ module Lockdown
           ::RAILS_ROOT
         end
 
-        def init_file
-          "#{project_root}/lib/lockdown/init.rb"
-        end
-
         def view_helper
           ::ActionView::Base 
         end
@@ -76,38 +71,7 @@ module Lockdown
         def caching?
           ::Rails.configuration.cache_classes
         end
-
-        # cache_classes is true in production and testing, need to
-        # do an instance eval instead
-        def add_controller_method(code)
-          Lockdown.controller_parent.class_eval code, __FILE__,__LINE__ +1
-        end
-
-        def controller_class_name(str)
-          str = "#{str}Controller"
-          if str.include?("__")
-            str.split("__").collect{|p| Lockdown.camelize(p)}.join("::")
-          else
-            Lockdown.camelize(str)
-          end
-        end
-
-        def fetch_controller_class(str)
-          eval("::#{controller_class_name(str)}")
-        end
       end
-
-      module System
-        include Lockdown::Frameworks::Rails::Controller
-
-        def skip_sync?
-          Lockdown.system.fetch(:skip_db_sync_in).include?(framework_environment)
-        end
-        
-        def framework_environment
-          ::Rails.env
-        end
-      end # System
     end # Rails
   end # Frameworks
 end # Lockdown

data/lib/lockdown/helper.rb

@@ -1,111 +1,40 @@
-require 'active_support'
+# encoding: utf-8
+
+require 'active_support/core_ext'
 
 module Lockdown
   module Helper
-    def class_name_from_file(str)
-      str.split(".")[0].split("/").collect{|s| camelize(s) }.join("::")
+    # @return [Regexp] with \A \z boundaries
+    def regex(string)
+      Regexp.new(/\A#{string}\z/)
     end
 
-    # If str_sym is a Symbol (:users), return "Users"
-    # If str_sym is a String ("Users"), return :users
-    def convert_reference_name(str_sym)
-      if str_sym.is_a?(Symbol)
-        titleize(str_sym)
-      else
-       str_sym.underscore.tr(' ','_').to_sym
-      end
+    def administrator_group_name
+      'Administrators'
     end
 
     def user_group_class
-      eval(user_group_model_string)
+      eval("::#{Lockdown::Configuration.user_group_model}")
     end
 
     def user_groups_hbtm_reference
-      user_group_model_string.underscore.pluralize.to_sym
+      Lockdown::Configuration.user_group_model.underscore.pluralize.to_sym
     end
 
     def user_group_id_reference
-      user_group_model_string.underscore + "_id"
+      Lockdown::Configuration.user_group_model.underscore + "_id"
     end
 
     def user_class
-      eval(user_model_string)
+      eval("::#{Lockdown::Configuration.user_model}")
     end
 
     def users_hbtm_reference
-      user_model_string.underscore.pluralize.to_sym
+      Lockdown::Configuration.user_model.underscore.pluralize.to_sym
     end
 
     def user_id_reference
-      user_model_string.underscore + "_id"
-    end
-
-    def user_group_model_string
-      Lockdown.system.fetch(:user_group_model) || "UserGroup"
-    end
-    
-    def user_model_string
-      Lockdown.system.fetch(:user_model) || "User"
-    end
-    
-    def get_string(value)
-      if value.respond_to?(:name)
-        string_name(value.name)
-      else
-        string_name(value)
-      end
-    end
-
-    def get_symbol(value)
-      if value.respond_to?(:name)
-        symbol_name(value.name)
-      elsif value.is_a?(String)
-        symbol_name(value)
-      else
-        value
-      end
-    end
-
-    def camelize(str)
-      str.to_s.gsub(/\/(.?)/) { "::" + $1.upcase }.gsub(/(^|_)(.)/) { $2.upcase }
-    end
-
-    def random_string(len = 10)
-      chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
-      Array.new(len){||chars[rand(chars.size)]}.join
-    end
-
-    def administrator_group_string
-      string_name(administrator_group_symbol)
-    end
-
-    def administrator_group_symbol
-      :administrators
-    end
-
-    private
-
-    def string_name(str_sym)
-      str_sym.is_a?(Symbol) ? convert_reference_name(str_sym) : str_sym
-    end
-
-    def symbol_name(str_sym)
-      str_sym.is_a?(String) ? convert_reference_name(str_sym) : str_sym
-    end
-
-    def titleize(str)
-      humanize(underscore(str)).gsub(/\b([a-z])/) { $1.capitalize }
-    end
-    
-    def humanize(str)
-      str.to_s.gsub(/_id$/, "").gsub(/_/, " ").capitalize
-    end
-
-    def underscore(str)
-      str.to_s.gsub(/::/, '/').
-        gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
-        gsub(/([a-z\d])([A-Z])/,'\1_\2').
-        tr("-", "_").downcase
+      Lockdown::Configuration.user_model.underscore + "_id"
     end
   end
 end

data/lib/lockdown/orms/active_record.rb

@@ -1,11 +1,9 @@
+# encoding: utf-8
+
 module Lockdown
   module Orms
     module ActiveRecord
       class << self
-        def use_me?
-          Object.const_defined?("ActiveRecord") && ::ActiveRecord.const_defined?("Base")
-        end
-
         def included(mod)
           mod.extend Lockdown::Orms::ActiveRecord::Helper
           mixin
@@ -51,15 +49,15 @@ module Lockdown
         end
 
         def create_with_stamps
-          pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
-          self[:created_by] = pid if self.respond_to?(:created_by) 
-          self[:updated_by] = pid if self.respond_to?(:updated_by) 
+          pid = current_who_did_it || Lockdown::Configuration.default_who_did_it
+          self[:created_by] = pid if respond_to?(:created_by) 
+          self[:updated_by] = pid if respond_to?(:updated_by) 
           create_without_stamps
         end
                   
         def update_with_stamps
-          pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
-          self[:updated_by] = pid if self.respond_to?(:updated_by)
+          pid = current_who_did_it || Lockdown::Configuration.default_who_did_it
+          self[:updated_by] = pid if respond_to?(:updated_by)
           update_without_stamps
         end
       end

data/lib/lockdown/permission.rb

@@ -1,222 +1,56 @@
-module Lockdown
-  class Controller
-    attr_accessor :name, :access_methods, :only_methods, :except_methods
-
-    def initialize(name)
-      @name = name
-      @except_methods = []
-    end
-
-    def set_access_methods
-      if @only_methods
-        @access_methods = paths_for(@name, *@only_methods)
-      else
-        @access_methods = paths_for(@name)
-      end
-
-      apply_exceptions if @except_methods.length > 0
-    end
-
-    private
-
-    def apply_exceptions
-      exceptions = paths_for(@name, *@except_methods)
-      @access_methods = @access_methods - exceptions
-    end
-
-    def paths_for(str_sym, *methods)
-      Lockdown::System.paths_for(str_sym, *methods)
-    end
-  end
+# encoding: utf-8
 
-  class Model
-    attr_accessor :name, :controller_method, :model_method, :association, :param
-
-    def initialize(name, param = :id)
-      @name = name
-      @param = param
-    end
-
-    def class_name
-      self.name.to_s.camelize
-    end
- 
-  end
-  
+module Lockdown
   class Permission
-    attr_reader :name, :controllers, :models
-
-    # A Permission is a set of rules that are, through UserGroups, assigned
-    # to users to allow access to system resources.
-    #
-    # ==== Summary of controller oriented methods:
-    #
-    #   # defines which controller we're talking about
-    #   .with_controller(:controller_name)  #all_methods is the default
-    #
-    #   # only these methods on the controller
-    #   .only_methods(:meth1, :meth2)       
-    #
-    #   # all controller methods except these
-    #   .except_methods(:meth1, :meth2)
-    #
-    # ==== Summary of model oriented methods:
-    #
-    #   # defines which model we're talking about
-    #   .to_model(:model)         
-    #
-    #   # model_method is simply a public method on :model
-    #   .where(:model_method)           
-    #
-    #   # controller_method must equal model_method
-    #   .equals(:controller_method)         
-    #
-    #   # controller_method.include?(model_method)
-    #   .is_in(:controller_method)         
-    #   
-    #
-    # ==== Example:
-    #
-    #   # Define a permission called 'Manage Users' that allows users access
-    #   # all methods on the users_controller
-    #
-    #   set_permission(:manage_users).
-    #     with_controller(:users)
-    #
-    #   # Define a permission called "My Account" that only allows a user access
-    #   # to methods show and update and the current_user_id must match the id 
-    #   # of the user being modified
-    #
-    #   set_permission(:my_account).
-    #     with_controller(:users).
-    #     only_methods(:show, :update).
-    #     to_model(:user).
-    #       where(:current_user_id).
-    #       equals(:id)
-    #
-    def initialize(name_symbol)
-      @name             = name_symbol
-      @controllers      = {}
-      @models           = {}
-      @current_context  = Lockdown::RootContext.new(name_symbol)
-      @public_access    = false
-      @protected_access = false
-    end
-
-    def with_controller(name_symbol)
-      validate_context
-
-      controller = Controller.new(name_symbol)
-      @controllers[name_symbol] = controller
-      @current_context = Lockdown::ControllerContext.new(name_symbol)
-      self
-    end
-
-    alias_method :and_controller, :with_controller
-
-    def only_methods(*methods)
-      validate_context
+    # Name of permission
+    attr_accessor :name
+    # Array of resource objects that define the access rights for this permission
+    attr_reader :resources
 
-      current_controller.only_methods = methods
-      @current_context = Lockdown::RootContext.new(@name)
-      self
-    end
-
-    def except_methods(*methods)
-      validate_context
-
-      current_controller.except_methods = methods
-
-      @current_context = Lockdown::RootContext.new(@name)
-      self
-    end
-
-    def to_model(name_symbol, param = :id)
-      validate_context
-
-      @models[name_symbol] = Model.new(name_symbol, param)
-      @current_context = Lockdown::ModelContext.new(name_symbol)
-      self
-    end
-
-    def where(model_method)
-      validate_context
-
-      current_model.model_method = model_method
-      @current_context = Lockdown::ModelWhereContext.new(current_context.name)
-      self
-    end
-
-    def equals(controller_method)
-      validate_context
-
-      associate_controller_method(controller_method, :==)
-      @current_context = Lockdown::RootContext.new(@name)
-      self
-    end
-
-    def is_in(controller_method)
-      validate_context
-
-      associate_controller_method(controller_method, :include?)
-      @current_context = Lockdown::RootContext.new(@name)
-      self
-    end
-
-    alias_method :includes, :is_in
-
-    def public_access?
-      @public_access
-    end
-
-    def protected_access?
-      @protected_access
+    # @param [String,Symbol] name permission reference. 
+    def initialize(name)
+      @name       = name.to_s
+      @resources  = []
+      @ispublic     = false
+      @isprotected  = false
     end
 
-    def set_as_public_access
-      if protected_access?
-        raise Lockdown::PermissionScopeCollision, "Permission: #{name} already marked as protected and trying to set as public."
-      end
-      @public_access = true
+    # @param [String,Symbol] name resource reference. 
+    # @return new resource 
+    def resource(name, &block)
+      resource =  Lockdown::Resource.new(name)
+      resource.instance_eval(&block) if block_given?
+      @resources << resource
+      resource
     end
 
-    def set_as_protected_access
-      if public_access?
-        raise Lockdown::PermissionScopeCollision, "Permission: #{name} already marked as public and trying to set as protected."
-      end
-      @protected_access = true
-    end
+    alias_method :controller, :resource
 
-    def current_context
-      @current_context
+    def controllers
+      @resources
     end
 
-    def current_controller
-      @controllers[current_context.name]
+    def is_public
+      @ispublic     = true
+      @isprotected  = false
     end
 
-    def current_model
-      @models[current_context.name]
+    def public?
+      @ispublic
     end
 
-    def ==(other)
-      name == other.name
+    def is_protected
+      @isprotected  = true
+      @ispublic     = false 
     end
 
-    private
-
-    def associate_controller_method(controller_method, association)
-      current_model.controller_method = controller_method
-      current_model.association = association
-      @current_context = Lockdown::RootContext.new(@name)
+    def protected?
+      @isprotected
     end
 
-    def validate_context
-      method_trace = caller.first;  
-      calling_method = caller.first[/#{__FILE__}:(\d+):in `(.*)'/,2]
-      unless current_context.allows?(calling_method)
-        raise Lockdown::InvalidRuleContext, "Method: #{calling_method} was called on wrong context #{current_context}. Allowed methods are: #{current_context.allowed_methods.join(',')}."
-      end
+    # @return String representing all resources defining this permission
+    def regex_pattern
+      resources.collect{|r| "(#{r.regex_pattern})"}.join("|")
     end
-  end
-end
+  end # Permission
+end # Lockdown