lockdown 1.6.5 → 2.0.0

data/rails_generators/lockdown/templates/lib/lockdown/init.rb

@@ -1,131 +0,0 @@
-Lockdown::System.configure do
-
-  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  # Configuration Options
-  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  # Options with defaults:
-  #
-  #
-  # Set User model:
-  #      # make sure you use the string "User", not the constant
-  #      options[:user_model] = "User"
-  #
-  # Set UserGroup model:
-  #      # make sure you use the string "UserGroup", not the constant
-  #      options[:user_group_model] = "UserGroup"
-  #
-  # Set who_did_it method:
-  #   This method is used in setting the created_by/updated_by fields and
-  #   should be accessible to the controller
-  #      options[:who_did_it] = :current_user_id
-  #
-  # Set default_who_did_it:
-  #   When current_user_id returns nil, this is the value to use
-  #      options[:default_who_did_it] = 1
-  #
-  #   Lockdown version < 0.9.0 set this to:
-  #       options[:default_who_did_it] = Profile::System
-  #
-  #   Should probably be something like:
-  #      options[:default_who_did_it] = User::SystemId
-  #
-  # Set timeout to 1 hour:
-  #       options[:session_timeout] = (60 * 60)
-  #
-  # Call method when timeout occurs (method must be callable by controller):
-  #       options[:session_timeout_method] = :clear_session_values
-  #
-  # Set system to logout if unauthorized access is attempted:
-  #       options[:logout_on_access_violation] = false
-  #
-  # Set redirect to path on unauthorized access attempt:
-  #       options[:access_denied_path] = "/"
-  #
-  # Set redirect to path on successful login:
-  #       options[:successful_login_path] = "/"
-  #
-  # Set separator on links call
-  #       options[:links_separator] = "|"
-  #
-  # If deploying to a subdirectory, set that here. Defaults to nil
-  #       options[:subdirectory] = "blog"
-  #       *Notice: Do not add leading or trailing slashes,
-  #                Lockdown will handle this
-  #
-  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  # Define permissions
-  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  #
-  # set_permission(:product_management).
-  #   with_controller(:products)
-  #
-  # :product_management is the name of the permission which is later
-  # referenced by the set_user_group method
-  #
-  # .with_controller(:products) defaults to all action_methods available on that
-  #  controller.  You can change this behaviour by chaining on except_methods or
-  #  only_methods.  (see examples below)
-  #
-  #  ** To define a namespaced controller use two underscores:
-  #     :admin__products
-  #
-  # if products is your standard RESTful resource you'll get:
-  #   ["products/index , "products/show",
-  #    "products/new", "products/edit",
-  #    "products/create", "products/update",
-  #    "products/destroy"]
-  #
-  # You can chain method calls to restrict the methods for one controller
-  # or you can add multiple controllers to one permission.
-  #      
-  #   set_permission(:security_management).
-  #     with_controller(:users).
-  #     and_controller(:user_groups).
-  #     and_controller(:permissions) 
-  #
-  # In addition to with_controller(:controller) there are:
-  #
-  #   set_permission(:some_nice_permission_name).
-  #     with_controller(:some_controller_name).
-  #       only_methods(:only_method_1, :only_method_2)
-  #
-  #   set_permission(:some_nice_permission_name).
-  #     with_controller(:some_controller_name).
-  #       except_methods(:except_method_1, :except_method_2)
-  #
-  #   set_permission(:some_nice_permission_name).
-  #     with_controller(:some_controller_name).
-  #       except_methods(:except_method_1, :except_method_2).
-  #     and_controller(:another_controller_name).
-  #     and_controller(:yet_another_controller_name)
-  #
-  # Define your permissions here:
-
-  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  # Built-in user groups
-  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  #  You can assign the above permission to one of the built-in user groups
-  #  by using the following:
-  # 
-  #  To allow public access on the permissions :sessions and :home:
-  #    set_public_access :sessions, :home
-  #     
-  #  Restrict :my_account access to only authenticated users:
-  #    set_protected_access :my_account
-  #
-  # Define the built-in user groups here:
-
-  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  # Define user groups
-  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  #
-  #  set_user_group(:catalog_management, :category_management, 
-  #                                      :product_management) 
-  #
-  #  :catalog_management is the name of the user group
-  #  :category_management and :product_management refer to permission names
-  #
-  # 
-  # Define your user groups here:
-
-end 

data/spec/lockdown/context_spec.rb

@@ -1,191 +0,0 @@
-require File.join(File.dirname(__FILE__), %w[.. spec_helper])
-
-describe Lockdown::Context do
-  before do
-    @name = :my_account
-  end
-
-  describe Lockdown::RootContext do
-    before do
-      @c = Lockdown::RootContext.new(@name)
-    end
-
-    it "should return rootcontext" do
-      @c.to_s.should == "Lockdown::RootContext"
-    end
-
-    it "should allow with_controller" do
-      @c.allows?('with_controller').should == true
-    end
-
-    it "should allow and_controller" do
-      @c.allows?('and_controller').should == true
-    end
-
-    it "should allow to_model" do
-      @c.allows?('to_model').should == true
-    end
-
-    it "should not allow only_methods" do
-      @c.allows?('only_methods').should == false
-    end
-
-    it "should not allow except_methods" do
-      @c.allows?('except_methods').should == false
-    end
-
-    it "should not allow where" do
-      @c.allows?('where').should == false
-    end
-
-    it "should not allow is_in" do
-      @c.allows?('is_in').should == false
-    end
-
-    it "should not allow includes" do
-      @c.allows?('includes').should == false
-    end
-
-    it "should not allow equals" do
-      @c.allows?('equals').should == false
-    end
-  end
-
-  describe Lockdown::ControllerContext do
-    before do
-      @c = Lockdown::ControllerContext.new(@name)
-    end
-
-    it "should return rootcontext" do
-      @c.to_s.should == "Lockdown::ControllerContext"
-    end
-
-    it "should allow with_controller" do
-      @c.allows?('with_controller').should == true
-    end
-
-    it "should allow and_controller" do
-      @c.allows?('and_controller').should == true
-    end
-
-    it "should allow to_model" do
-      @c.allows?('to_model').should == true
-    end
-
-    it "should allow only_methods" do
-      @c.allows?('only_methods').should == true
-    end
-
-    it "should allow except_methods" do
-      @c.allows?('except_methods').should == true
-    end
-
-    it "should not allow where" do
-      @c.allows?('where').should == false
-    end
-
-    it "should not allow is_in" do
-      @c.allows?('is_in').should == false
-    end
-
-    it "should not allow includes" do
-      @c.allows?('includes').should == false
-    end
-
-    it "should not allow equals" do
-      @c.allows?('equals').should == false
-    end
-  end 
-
-  describe Lockdown::ModelContext do
-    before do
-      @c = Lockdown::ModelContext.new(@name)
-    end
-
-    it "should return rootcontext" do
-      @c.to_s.should == "Lockdown::ModelContext"
-    end
-
-    it "should not allow with_controller" do
-      @c.allows?('with_controller').should == false
-    end
-
-    it "should not allow and_controller" do
-      @c.allows?('and_controller').should == false
-    end
-
-    it "should not allow to_model" do
-      @c.allows?('to_model').should == false
-    end
-
-    it "should not allow only_methods" do
-      @c.allows?('only_methods').should == false
-    end
-
-    it "should not allow except_methods" do
-      @c.allows?('except_methods').should == false
-    end
-
-    it "should allow where" do
-      @c.allows?('where').should == true
-    end
-
-    it "should not allow is_in" do
-      @c.allows?('is_in').should == false
-    end
-
-    it "should not allow includes" do
-      @c.allows?('includes').should == false
-    end
-
-    it "should not allow equals" do
-      @c.allows?('equals').should == false
-    end
-  end 
-
-  describe Lockdown::ModelWhereContext do
-    before do
-      @c = Lockdown::ModelWhereContext.new(@name)
-    end
-
-    it "should return rootcontext" do
-      @c.to_s.should == "Lockdown::ModelWhereContext"
-    end
-
-    it "should not allow with_controller" do
-      @c.allows?('with_controller').should == false
-    end
-
-    it "should not allow and_controller" do
-      @c.allows?('and_controller').should == false
-    end
-
-    it "should not allow to_model" do
-      @c.allows?('to_model').should == false
-    end
-
-    it "should not allow only_methods" do
-      @c.allows?('only_methods').should == false
-    end
-
-    it "should not allow except_methods" do
-      @c.allows?('except_methods').should == false
-    end
-
-    it "should not allow where" do
-      @c.allows?('where').should == false
-    end
-
-    it "should allow is_in" do
-      @c.allows?('is_in').should == true
-    end
-
-    it "should allow includes" do
-      @c.allows?('includes').should == true
-    end
-
-    it "should allow equals" do
-      @c.allows?('equals').should == true
-    end
-  end 
-end

data/spec/lockdown/database_spec.rb

@@ -1,162 +0,0 @@
-require File.join(File.dirname(__FILE__), %w[.. spec_helper])
-
-class Permission; end;
-
-describe Lockdown::Database do
-  before do    
-    Lockdown::System.stub!(:get_permissions).and_return([:permission])
-    Lockdown::System.stub!(:get_user_groups).and_return([:user_group])
-    @user_group_class = mock(:table_exists? => true, :find => false)
-    Lockdown.stub!(:user_group_class).and_return @user_group_class
-
-  end
-
-  describe "#sync_with_db" do
-    it "should call create_new_permissions, delete_extinct_permissions and maintain_user_groups" do
-      Permission.stub!(:table_exists?).and_return(true)
-      Lockdown::Database.should_receive :create_new_permissions
-      Lockdown::Database.should_receive :delete_extinct_permissions
-      Lockdown::Database.should_receive :maintain_user_groups
-
-      Lockdown::Database.sync_with_db
-    end
-  end
-
-  describe "#create_new_permissions" do
-    it "should create permission from @permissions" do
-      Lockdown::System.stub!(:permission_assigned_automatically?).and_return(false)
-
-      Permission.stub!(:find).and_return(false)
-      Permission.should_receive(:create).with(:name => 'Permission')
-
-      Lockdown::Database.create_new_permissions
-    end
-  end
-
-  describe "#delete_extinct_permissions" do
-    it "should create permission from @permissions" do
-      permission = mock('permission')
-      permission.stub!(:id).and_return("3344")
-      permission.stub!(:name).and_return("sweet permission")
-      permissions = [permission]
-
-      Permission = mock('Permission') unless defined?(Permission)
-      Permission.stub!(:find).with(:all).and_return(permissions)
-
-      Lockdown.should_receive(:database_execute).
-        with("delete from permissions_user_groups where permission_id = 3344")
-      permission.should_receive(:destroy)
-
-      Lockdown::Database.delete_extinct_permissions
-    end
-  end
-
-  describe "#maintain_user_groups" do
-    before do
-      UserGroup = mock('UserGroup') unless defined?(UserGroup)
-    end
-
-    it "should create user group for non-existent user group" do
-      @user_group_class.should_receive(:find).and_return(false)
-      
-      Lockdown::Database.should_receive(:create_user_group).
-        with("User Group",:user_group)
-
-      Lockdown::Database.maintain_user_groups
-    end
-
-    it "should sync user group permissions for existing user group" do
-      ug = mock('user group')
-
-      @user_group_class.should_receive(:find).
-        with(:first, :conditions => ["name = ?", "User Group"]).
-        and_return(ug)
-      
-      Lockdown::Database.should_receive(:remove_invalid_permissions).
-        with(ug,:user_group)
-
-      Lockdown::Database.should_receive(:add_valid_permissions).
-        with(ug,:user_group)
-
-      Lockdown::Database.maintain_user_groups
-    end
-  end
-
-  describe "#create_user_group" do
-    it "should create new user group" do
-      ug = mock('user group')
-      ug.stub!(:id).and_return(123)
-
-      @user_group_class.should_receive(:create).
-        with(:name => "some group").
-        and_return(ug)
-
-      Lockdown::System.stub!(:permissions_for_user_group).
-        and_return([:perm])
-
-      Lockdown::System.stub!(:permission_assigned_automatically?).
-        and_return(false)
-
-      perm = mock('permission')
-      perm.stub!(:id).and_return(3344)
-
-      Permission = mock('Permission') unless defined?(Permission)
-
-      Permission.should_receive(:find).
-        with(:first, :conditions => ["name = ?",'Perm']).
-        and_return(perm)
-
-      Lockdown.should_receive(:database_execute).
-        with("insert into permissions_user_groups(permission_id, user_group_id) values(3344, 123)")
-
-      Lockdown::Database.create_user_group("some group",  :some_group)
-    end
-  end
-
-  describe "#remove_invalid_permissions" do
-    it "should remove permissions that no longer exist" do
-      permissions = [:good_perm, :bad_perm]
-
-      user_group = mock("user group", :name => "user group")
-
-      #returns what's in the database
-      user_group.stub!(:permissions).and_return(permissions)
-
-      #return what's defined in init.rb
-      Lockdown::System.stub!(:permissions_for_user_group).
-        and_return([:good_perm])
-
-      #delete what's not in init.rb 
-      permissions.should_receive(:delete).with(:bad_perm)
-
-      Lockdown::Database.remove_invalid_permissions(user_group, :user_group)
-    end
-  end
-
-  describe "#add_invalid_permissions" do
-    it "should add permissions that are defined in init.rb" do
-      #return what's defined in init.rb
-      Lockdown::System.stub!(:permissions_for_user_group).
-        and_return([:defined_perm, :undefined_perm])
-
-      permissions = [:defined_perm]
-
-      user_group = mock("user group", :name => "user group")
-
-      #returns what's in the database
-      user_group.stub!(:permissions).and_return(permissions)
-
-      Permission = mock('Permission') unless defined?(Permission)
-
-      #get the permission object for the undefined_perm
-      Permission.should_receive(:find).
-        with(:first, :conditions => ["name = ?",'Undefined Perm']).
-        and_return(:undefined_perm)
-
-      #add the perm to the user group
-      permissions.should_receive(:<<).with(:undefined_perm)
-
-      Lockdown::Database.add_valid_permissions(user_group, :user_group)
-    end
-  end
-end

data/spec/lockdown/frameworks/rails/controller_spec.rb

@@ -1,215 +0,0 @@
-require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
-
-class TestAController
-  extend Lockdown::Frameworks::Rails::Controller
-  include Lockdown::Frameworks::Rails::Controller::Lock
-end
-
-describe Lockdown::Frameworks::Rails::Controller do
-  before do
-    @controller = TestAController
-
-    @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
-
-    @lockdown = mock("lockdown")
-  end
-
-  describe "#controller_name" do
-    it "should return action_methods" do
-      post_controller = mock("PostController")
-      post_controller.stub!(:controller_name).and_return("PostController")
-
-      @controller.controller_name(post_controller).should == "PostController"
-    end
-  end
-
-end
-
-describe Lockdown::Frameworks::Rails::Controller::Lock do
-  before do
-    @controller = TestAController.new
-
-    @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
-
-    @session = {:access_rights => @actions}
-
-    @controller.stub!(:session).and_return(@session)
-  end
-  
-  describe "#configure_lockdown" do
-    it "should call Lockdown.maybe_parse_init, check_session_expiry and store_location" do
-      Lockdown.should_receive(:maybe_parse_init)
-      @controller.should_receive(:check_session_expiry)
-      @controller.should_receive(:store_location)
-
-      @controller.configure_lockdown
-    end
-  end
-
-  describe "#set_current_user" do
-    it "should set who_did_it  in Thread.current" do
-      Lockdown::System.stub!(:fetch).with(:who_did_it).and_return(:current_user_id)
-      @controller.stub!(:logged_in?).and_return(true)
-      @controller.stub!(:current_user_id).and_return(1234)
-
-      @controller.set_current_user
-
-      Thread.current[:who_did_it].should == 1234
-    end
-  end
-
-  describe "#check_request_authorization" do
-    it "should raise SecurityError if not authorized" do
-      @controller.stub!(:authorized?).and_return(false)
-      @controller.stub!(:params).and_return({:p => 1})
-
-      lambda{@controller.check_request_authorization}.
-        should raise_error(SecurityError)
-
-    end
-  end
-
-  describe "#path_allowed" do
-    it "should return false for an invalid path" do
-      @controller.send(:path_allowed?,"/no/good").should be_false
-    end
-  end
-
-  describe "#check_session_expiry" do
-    it "should set expiry if null" do
-      Lockdown::System.stub!(:fetch).with(:session_timeout).and_return(10)
-      @session[:expiry_time].should be_nil
-      @controller.send(:check_session_expiry)
-      @session[:expiry_time].should_not be_nil
-    end
-  end
-
-  describe "#store_location" do
-    it "should set prevpage and thispage" do
-      request = mock("request")
-      request.stub!(:method).and_return(:get)
-      @controller.stub!(:request).and_return(request)
-
-      @controller.stub!(:sent_from_uri).and_return("/blop")
-      @controller.send(:store_location)
-
-      @session[:prevpage].should == ''
-      @session[:thispage].should == '/blop'
-    end
-  end
-
-  describe "#sent_from_uri" do
-    it "should return request.request_uri" do
-      request = mock("request")
-      request.stub!(:request_uri).and_return("/blip")
-
-      @controller.stub!(:request).and_return(request)
-
-      @controller.send(:sent_from_uri).should == "/blip"
-    end
-  end
-
-  describe "#authorized?" do
-    before do
-      @sample_url = "http://stonean.com/posts/index"
-      @a_path = "/a_path"
-
-      request = mock("request")
-      request.stub!(:method).and_return(:get)
-      Lockdown.stub(:caching?).and_return(true)
-      @controller.stub!(:params).and_return({})
-      @controller.stub!(:request).and_return(request)
-
-      stonean_parts = ["http", nil, "stonean.com", nil, nil, "posts/index", nil, nil, nil]
-
-      a_path_parts = [nil, nil, nil, nil, nil, "/a_path", nil, nil, nil]
-
-      URI = mock('uri class') unless defined?(URI)
-      URI.stub!(:split).with(@sample_url).and_return(stonean_parts)
-      URI.stub!(:split).with(@a_path).and_return(a_path_parts)
-    end
-
-    it "should call add_lockdown_session_values unless caching" do
-      Lockdown.stub(:caching?).and_return(false)
-      @controller.should_receive(:add_lockdown_session_values)
-
-      @controller.send(:authorized?,nil)
-    end
-
-    it "should return false if url is nil" do
-      @controller.send(:authorized?,nil).should be_false
-    end
-
-    it "should return true if current_user_is_admin" do
-      @controller.stub!(:current_user_is_admin?).and_return(true)
-      @controller.send(:authorized?,@a_path).should be_true
-    end
-
-    it "should return false if path not in access_rights" do
-      @controller.send(:authorized?,@a_path).should be_false
-    end
-
-    it "should return true if path is in access_rights" do
-      @controller.send(:authorized?,@sample_url).should be_true
-    end
-
-  end
-
-  describe "#access_denied" do
-  end
-
-  describe "#path_from_hash" do
-    it "should return controller/action string" do
-      hash = {:controller => "users", :action => "show", :id => "1"}
-      @controller.send(:path_from_hash,hash).should == "users/show"
-    end
-  end
-
-  describe "#remote_url?" do
-    it "should return false if domain is nil" do
-      @controller.send(:remote_url?).should be_false
-    end
-
-    it "should return false if domain matches request domain" do
-      request = mock("request")
-      request.stub!(:host).and_return("stonean.com")
-      @controller.stub!(:request).and_return(request)
-      @controller.send(:remote_url?,"stonean.com").should be_false
-    end
-
-    it "should return true if subdomain differs" do
-      request = mock("request")
-      request.stub!(:host).and_return("blog.stonean.com")
-      @controller.stub!(:request).and_return(request)
-      @controller.send(:remote_url?,"stonean.com").should be_true
-    end
-
-    it "should return true if host doesn't match  domain" do
-      request = mock("request")
-      request.stub!(:host).and_return("stonean.com")
-      @controller.stub!(:request).and_return(request)
-      @controller.send(:remote_url?,"google.com").should be_true
-    end
-  end
-
-  describe "#redirect_back_or_default" do
-    it "should redirect to default without session[:prevpage]" do
-      @controller.should_receive(:redirect_to).with("/")
-      @controller.send :redirect_back_or_default, "/"
-    end
-
-    it "should redirect to session[:prevpage]" do
-      path = "/previous"
-      path.stub!(:blank?).and_return(false)
-      @session[:prevpage] = path
-      @controller.should_receive(:redirect_to).with(path)
-      @controller.send :redirect_back_or_default, "/"
-    end
-  end
-
-  describe "#login_from_basic_auth?" do
-  end
-
-  describe "#get_auth_data" do
-  end
-end