lockdown 1.6.5 → 2.0.0

data/lib/lockdown/resource.rb

@@ -0,0 +1,54 @@
+# encoding: utf-8
+
+module Lockdown
+  class Resource
+    class << self
+      attr_accessor :resources, :resources_regex
+
+      # When a new resource is created, this method is called to register the root
+      def register_regex(resource)
+        resource = "(#{resource})"
+        @resources << resource unless @resources.include?(resource)
+      end
+
+      # @return [Regexp] created from resources' base regex
+      def regex
+        @resources_regex ||= Lockdown.regex(@resources.join("|"))
+      end
+    end # class block
+
+    # Initialize resources to empty array
+    @resources = []
+
+    # Name of the resource
+    attr_accessor :name
+    # Regular expression pattern
+    attr_accessor :regex_pattern
+    # The only methods restricted on the resource
+    attr_accessor :exceptions
+    # The only methods allowed on the resource
+    attr_accessor :inclusions
+
+
+    # @param [String,Symbol] name resource reference. 
+    def initialize(name)
+      @name = name.to_s
+      @regex_pattern = "\/#{@name}(\/.*)?"
+      self.class.register_regex(@regex_pattern)
+    end
+
+    # @param *[String,Symbol] only methods restricted on the resource
+    def except(*methods)
+      return if methods.empty?
+      @exceptions = methods.collect{|m| m.to_s}
+      @regex_pattern = "\/#{@name}(?!\/(#{@exceptions.join('|')}))(\/.*)?"
+    end
+
+    # @param *[String,Symbol] only methods allowed on the resource
+    def only(*methods)
+      return if methods.empty?
+      @inclusions = methods.collect{|m| m.to_s}
+      @regex_pattern = "\/#{@name}\/(#{@inclusions.join('|')})(\/)?"
+    end
+  end # Resource
+end # Lockdown

data/lib/lockdown/session.rb

@@ -1,51 +1,44 @@
+# encoding: utf-8
+
 module Lockdown
   module Session
 
-    protected
 
     def add_lockdown_session_values(user = nil)
       user ||= current_user
 
       if user
-        session[:access_rights] = Lockdown::System.access_rights_for_user(user)
+        session[:access_rights] = Lockdown::Configuration.access_rights_for_user(user)
         session[:current_user_id] = user.id
       else
-        session[:access_rights] = Lockdown::System.public_access
+        session[:access_rights] = Lockdown::Configuration.public_access
       end
     end
 
+    # Tests for current_user_id > 0
+    # @return [True|False] 
     def logged_in?
       current_user_id.to_i > 0
     end
 
+    # @return session value of current_user_id
     def current_user_id
       session[:current_user_id]
     end
 
-    def current_user_is_admin?
-      session[:access_rights] == :all
-    end
-
-    def current_user_access_in_group?(grp)
-      return true if current_user_is_admin?
-        Lockdown::System.user_groups[grp].each do |perm|
-          return true if access_in_perm?(perm)
-        end
-      false
-    end
-
-    def access_in_perm?(perm)
-      if Lockdown::System.permissions[perm]
-        Lockdown::System.permissions[perm].each do |ar|
-          return true if session_access_rights_include?(ar)
-        end 
+    # Returns true if the permission's regex_pattern is 
+    # in session[:access_rights]
+    # @param [String] name permission name
+    # @return [True|False] 
+    def access_in_perm?(name)
+      if perm = Lockdown::Configuration.permission(name)
+        return session_access_rights.include?(perm.regex_pattern)
       end
       false
     end
 
-    def session_access_rights_include?(str)
-      return false unless session[:access_rights]
-      session[:access_rights].include?(str)
+    def session_access_rights
+      session[:access_rights].to_s
     end
 
     def reset_lockdown_session
@@ -53,7 +46,5 @@ module Lockdown
         session[val] = nil if session[val]
       end
     end 
-
-    alias_method :nil_lockdown_values, :reset_lockdown_session
   end # Session
 end # Lockdown

data/lib/lockdown/user_group.rb

@@ -0,0 +1,16 @@
+# encoding: utf-8
+
+module Lockdown
+  class UserGroup
+    # Name of permission
+    attr_accessor :name
+    # Array of permission objects that define the user group
+    attr_accessor :permissions
+
+    # @param [String,Symbol] name permission reference. 
+    def initialize(name)
+      @name = name.to_s
+      @permissions = []
+    end
+  end # Permission
+end # Lockdown

data/lib/lockdown.rb

@@ -1,87 +1,42 @@
+# encoding: utf-8
+
 $:.unshift File.dirname(__FILE__)
 
 require 'logger'
 
 require File.join("lockdown", "errors")
 require File.join("lockdown", "helper")
+require File.join("lockdown", "configuration")
 require File.join("lockdown", "session")
-require File.join("lockdown", "context")
+require File.join("lockdown", "delivery")
+require File.join("lockdown", "resource")
 require File.join("lockdown", "permission")
+require File.join("lockdown", "user_group")
+require File.join("lockdown", "access")
 require File.join("lockdown", "database")
-require File.join("lockdown", "rules")
-require File.join("lockdown", "system")
-require File.join("lockdown", "references")
+
 
 module Lockdown
-  extend Lockdown::References
   extend Lockdown::Helper
 
-  VERSION = '1.6.5'
-
   class << self
     attr_accessor :logger
 
-    # Returns the version string for the library.
+    # @return the version string for the library.
     def version
-      VERSION
-    end
-
-    def major_version
-      version.split('.')[0].to_i
-    end
-
-    def minor_version
-      version.split('.')[1].to_i
+      '2.0.0'
     end
 
-    def patch_version
-      version.split('.')[2].to_i
-    end
-
-    # Mixin Lockdown code to the appropriate framework and ORM
-    def mixin
-      if mixin_resource?("frameworks")
-        unless mixin_resource?("orms")
-          raise NotImplementedError, "ORM unknown to Lockdown!"
-        end
-      else
-        Lockdown.logger.info "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
-      end
-    end # mixin
+    def rails_mixin
+      require File.join("lockdown", "frameworks", "rails")
+      include Lockdown::Frameworks::Rails
 
-    def maybe_parse_init
-      return if Lockdown::System.initialized?
-
-      if File.exists?(Lockdown.init_file)
-        Lockdown.logger.info "=> Requiring Lockdown rules engine: #{Lockdown.init_file} \n"
-        load Lockdown.init_file
-      else
-        Lockdown.logger.info "=> Note:: Lockdown couldn't find init file: #{Lockdown.init_file}\n"
-      end
+      require File.join("lockdown", "orms", "active_record")
+      include Lockdown::Orms::ActiveRecord
     end
 
-    private
-
-    def mixin_resource?(str)
-      wildcard_path = File.join( File.dirname(__FILE__), 'lockdown', str , '*.rb' ) 
-      Dir[wildcard_path].each do |f|
-        require f
-        module_name = File.basename(f).split(".")[0]
-        module_class = eval("Lockdown::#{str.capitalize}::#{Lockdown.camelize(module_name)}")
-        if module_class.use_me?
-          include module_class
-          return true
-        end
-      end
-      false
-    end # mixin_resource?
   end # class block
 
   self.logger = Logger.new(STDOUT)
 
 end # Lockdown
-
-Lockdown.logger.info "=> Mixing in Lockdown version: #{Lockdown.version} \n"
-Lockdown.mixin
-
-

data/lockdown.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{lockdown}
-  s.version = "1.6.5"
+  s.version = "2.0.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Andrew Stone"]
-  s.date = %q{2010-03-01}
+  s.date = %q{2010-09-07}
   s.description = %q{Restrict access to your controller actions.  Supports basic model level restrictions as well}
   s.email = %q{andy@stonean.com}
   s.extra_rdoc_files = [
@@ -20,8 +20,10 @@ Gem::Specification.new do |s|
      "README.txt",
      "Rakefile",
      "lib/lockdown.rb",
-     "lib/lockdown/context.rb",
+     "lib/lockdown/access.rb",
+     "lib/lockdown/configuration.rb",
      "lib/lockdown/database.rb",
+     "lib/lockdown/delivery.rb",
      "lib/lockdown/errors.rb",
      "lib/lockdown/frameworks/rails.rb",
      "lib/lockdown/frameworks/rails/controller.rb",
@@ -29,90 +31,48 @@ Gem::Specification.new do |s|
      "lib/lockdown/helper.rb",
      "lib/lockdown/orms/active_record.rb",
      "lib/lockdown/permission.rb",
-     "lib/lockdown/references.rb",
-     "lib/lockdown/rspec_helper.rb",
-     "lib/lockdown/rules.rb",
+     "lib/lockdown/resource.rb",
      "lib/lockdown/session.rb",
-     "lib/lockdown/system.rb",
+     "lib/lockdown/user_group.rb",
      "lockdown.gemspec",
-     "rails_generators/lockdown/lockdown_generator.rb",
-     "rails_generators/lockdown/templates/app/controllers/permissions_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/sessions_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb",
-     "rails_generators/lockdown/templates/app/controllers/users_controller.rb",
-     "rails_generators/lockdown/templates/app/helpers/permissions_helper.rb",
-     "rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb",
-     "rails_generators/lockdown/templates/app/helpers/users_helper.rb",
-     "rails_generators/lockdown/templates/app/models/permission.rb",
-     "rails_generators/lockdown/templates/app/models/profile.rb",
-     "rails_generators/lockdown/templates/app/models/user.rb",
-     "rails_generators/lockdown/templates/app/models/user_group.rb",
-     "rails_generators/lockdown/templates/app/views/permissions/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/permissions/show.html.erb",
-     "rails_generators/lockdown/templates/app/views/sessions/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/user_groups/show.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/edit.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/index.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/new.html.erb",
-     "rails_generators/lockdown/templates/app/views/users/show.html.erb",
-     "rails_generators/lockdown/templates/config/initializers/lockit.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_admin_user.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_permissions.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_profiles.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_user_groups.rb",
-     "rails_generators/lockdown/templates/db/migrate/create_users.rb",
-     "rails_generators/lockdown/templates/lib/lockdown/README",
-     "rails_generators/lockdown/templates/lib/lockdown/init.rb",
-     "spec/lockdown/context_spec.rb",
-     "spec/lockdown/database_spec.rb",
-     "spec/lockdown/frameworks/rails/controller_spec.rb",
-     "spec/lockdown/frameworks/rails/view_spec.rb",
-     "spec/lockdown/frameworks/rails_spec.rb",
-     "spec/lockdown/permission_spec.rb",
-     "spec/lockdown/rspec_helper_spec.rb",
-     "spec/lockdown/rules_spec.rb",
-     "spec/lockdown/session_spec.rb",
-     "spec/lockdown/system_spec.rb",
-     "spec/lockdown_spec.rb",
-     "spec/rcov.opts",
-     "spec/spec.opts",
-     "spec/spec_helper.rb"
+     "test/helper.rb",
+     "test/lockdown/test_access.rb",
+     "test/lockdown/test_configuration.rb",
+     "test/lockdown/test_delivery.rb",
+     "test/lockdown/test_helper.rb",
+     "test/lockdown/test_permission.rb",
+     "test/lockdown/test_resource.rb",
+     "test/lockdown/test_session.rb",
+     "test/lockdown/test_user_group.rb",
+     "test/test_lockdown.rb"
   ]
   s.homepage = %q{http://stonean.com/wiki/lockdown}
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{lockdown}
-  s.rubygems_version = %q{1.3.5}
+  s.rubygems_version = %q{1.3.7}
   s.summary = %q{Authorization system for Rails 2.x}
   s.test_files = [
-    "spec/lockdown/rules_spec.rb",
-     "spec/lockdown/context_spec.rb",
-     "spec/lockdown/system_spec.rb",
-     "spec/lockdown/session_spec.rb",
-     "spec/lockdown/frameworks/rails_spec.rb",
-     "spec/lockdown/frameworks/rails/controller_spec.rb",
-     "spec/lockdown/frameworks/rails/view_spec.rb",
-     "spec/lockdown/permission_spec.rb",
-     "spec/lockdown/database_spec.rb",
-     "spec/lockdown/rspec_helper_spec.rb",
-     "spec/lockdown_spec.rb",
-     "spec/spec_helper.rb"
+    "test/lockdown/test_user_group.rb",
+     "test/lockdown/test_delivery.rb",
+     "test/lockdown/test_configuration.rb",
+     "test/lockdown/test_access.rb",
+     "test/lockdown/test_session.rb",
+     "test/lockdown/test_permission.rb",
+     "test/lockdown/test_helper.rb",
+     "test/lockdown/test_resource.rb",
+     "test/helper.rb",
+     "test/test_lockdown.rb"
   ]
 
   if s.respond_to? :specification_version then
     current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<rspec>, [">= 0"])
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
     else
-      s.add_dependency(%q<rspec>, [">= 0"])
     end
   else
-    s.add_dependency(%q<rspec>, [">= 0"])
   end
 end
 

data/test/helper.rb

@@ -0,0 +1,9 @@
+# encoding: utf-8
+
+require 'minitest/unit'
+
+MiniTest::Unit.autorun
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+require 'lockdown'

data/test/lockdown/test_access.rb

@@ -0,0 +1,80 @@
+require 'helper'
+
+class TestLockdownAccess < MiniTest::Unit::TestCase
+  include Lockdown::Access
+
+  def teardown
+    Lockdown::Configuration.reset
+  end
+
+  def test_model_responds_to_permission
+    assert_respond_to self, :permission
+  end
+
+  def test_permission_with_single_resource
+    perm = permission(:my_perm) do 
+              resource :my_resource
+           end
+
+    resource = perm.resources.first
+    assert_equal 'my_resource', resource.name
+    assert_equal "\/my_resource(\/.*)?", resource.regex_pattern
+  end
+
+  def test_permission_without_block
+    perm = permission(:users) 
+
+    resource = perm.resources.first
+    assert_equal 'users', resource.name
+    assert_equal "\/users(\/.*)?", resource.regex_pattern
+  end
+
+  def test_public_access
+    permission(:site)
+    public_access :site
+
+    assert_equal Lockdown::Configuration.public_access, "(\/site(\/.*)?)"
+  end
+
+  def test_public_access_with_multiple_permissions
+    permission(:site)
+    permission(:registration)
+    permission(:view_posts)
+    public_access :site, :registration, :view_posts
+
+    assert_equal Lockdown::Configuration.public_access, 
+      "(\/site(\/.*)?)|(\/registration(\/.*)?)|(\/view_posts(\/.*)?)"
+  end
+
+  def test_protected_access
+    permission(:my_account)
+    protected_access :my_account
+
+    assert_equal Lockdown::Configuration.protected_access, "(\/my_account(\/.*)?)"
+  end
+
+  def test_protected_access_with_multiple_permissions
+    permission(:my_account)
+    permission(:edit_posts)
+    protected_access :my_account, :edit_posts
+
+    assert_equal Lockdown::Configuration.protected_access, 
+      "(\/my_account(\/.*)?)|(\/edit_posts(\/.*)?)"
+  end
+
+  def test_user_group
+    permission(:site)
+    permission(:registration)
+    permission(:view_posts)
+    user_group(:all, :site, :registration, :view_posts)
+
+    ug =  Lockdown::Configuration.find_or_create_user_group(:all)
+
+    assert_equal 'all', ug.name
+
+    assert_equal 'view_posts', ug.permissions.pop.name
+    assert_equal 'registration', ug.permissions.pop.name
+    assert_equal 'site', ug.permissions.pop.name
+  end
+
+end

data/test/lockdown/test_configuration.rb

@@ -0,0 +1,194 @@
+require 'helper'
+
+class Authorization
+  include Lockdown::Access
+end
+
+class TestLockdownConfiguration < MiniTest::Unit::TestCase
+
+  def setup 
+    @config = Lockdown::Configuration
+  end
+
+  def teardown
+    Lockdown::Configuration.reset
+  end
+
+  def test_initial_state
+    assert_equal false, @config.configured
+    assert_equal "", @config.public_access
+    assert_equal "", @config.protected_access
+    assert_equal [], @config.permissions
+    assert_equal [], @config.user_groups
+
+    assert_equal :current_user_id, @config.who_did_it
+    assert_equal 1, @config.default_who_did_it
+
+    assert_equal "/", @config.access_denied_path
+    assert_equal "/", @config.successful_login_path
+    assert_equal false, @config.logout_on_access_violation
+
+    assert_equal "|", @config.link_separator
+
+    assert_equal "UserGroup", @config.user_group_model
+    assert_equal "User", @config.user_model
+
+    assert_equal ['test'] , @config.skip_db_sync_in
+  end
+
+  def test_authenticated_access
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('users')
+
+    Authorization.public_access('home', 'faq')
+    Authorization.protected_access('users')
+
+    assert_equal "(/home(/.*)?)|(/faq(/.*)?)|(/users(/.*)?)", @config.authenticated_access
+  end
+
+  def test_permission
+    Authorization.permission('home')
+    Authorization.permission('faq')
+
+    perm  = Lockdown::Permission.new('home')
+    
+    assert_equal perm.name, @config.permission('home').name
+
+    assert_raises(Lockdown::PermissionNotFound){ @config.permission('delta') }
+  end
+
+  def test_make_permission_public
+    Authorization.permission('home')
+    
+    @config.make_permission_public('home')
+
+    perm = @config.permission('home')
+
+    assert_equal true, perm.public?
+  end
+
+  def test_has_permission
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    perm  = Lockdown::Permission.new('home')
+    perm2 = Lockdown::Permission.new('homey')
+
+    assert_equal true, @config.has_permission?(perm)
+
+    assert_equal false, @config.has_permission?(perm2)
+  end
+
+  def test_permission_names
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    assert_equal 'about', @config.permissions.pop.name
+    assert_equal 'faq', @config.permissions.pop.name
+    assert_equal 'home', @config.permissions.pop.name
+
+    assert_equal true, @config.permissions.empty?
+  end
+
+  def test_permission_assigned_automatically
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('users')
+
+    Authorization.public_access('home', 'faq')
+
+    assert_equal true, @config.permission_assigned_automatically?('home')
+    assert_equal true, @config.permission_assigned_automatically?('faq')
+    assert_equal false, @config.permission_assigned_automatically?('users')
+  end
+
+  def test_user_group
+    Authorization.permission('home')
+    Authorization.permission('faq')
+
+    Authorization.user_group 'all', 'home', 'faq'
+
+    ug =  @config.user_group('all')
+
+    assert_equal 'faq', ug.permissions.pop.name
+    assert_equal 'home',ug.permissions.pop.name
+  end
+
+  def test_maybe_add_user_group
+    Authorization.permission('home')
+    Authorization.permission('faq')
+
+    Authorization.user_group 'all', 'home', 'faq'
+    groups_1 = @config.user_groups
+
+    Authorization.user_group 'all', 'home', 'faq'
+    groups_2 = @config.user_groups
+
+    assert_equal groups_1, groups_2
+  end
+
+  def test_find_or_create_user_group
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    Authorization.user_group 'testone', 'home', 'faq', 'about'
+
+    ug = @config.find_or_create_user_group('testone')
+
+    assert_equal 'testone', ug.name
+
+    assert_equal 'about', ug.permissions.pop.name
+    assert_equal 'faq', ug.permissions.pop.name
+    assert_equal 'home', ug.permissions.pop.name
+
+    assert_equal true, ug.permissions.empty?
+
+    ug2 = @config.find_or_create_user_group('testtwo')
+
+    assert_equal 'testtwo', ug2.name
+    assert_equal true, ug2.permissions.empty?
+  end
+
+  def test_user_group_names
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    Authorization.user_group 'testone', 'home'
+    Authorization.user_group 'testtwo', 'faq', 'about'
+    
+    assert_equal 'testtwo', @config.user_groups.pop.name
+    assert_equal 'testone', @config.user_groups.pop.name
+
+    assert_equal true, @config.user_groups.empty?
+  end
+
+  def test_user_group_permission_names
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    Authorization.user_group 'testone', 'home'
+    Authorization.user_group 'testtwo', 'faq', 'about'
+    
+    assert_equal ['home'], @config.user_group_permissions_names('testone')
+    assert_equal ['faq', 'about'], @config.user_group_permissions_names('testtwo')
+  end
+
+  def test_access_rights_for_permissions
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    assert_equal "((/home(/.*)?))|((/faq(/.*)?))|((/about(/.*)?))", 
+      @config.access_rights_for_permissions('home', 'faq', 'about')
+  end
+
+  def test_skip_sync?
+    assert_equal true, @config.skip_sync?
+  end
+end