RubyGems - lockdown - Versions diffs - 0.4.6 → 0.5.0 - Mend

lockdown 0.4.6 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

data/Manifest.txt CHANGED Viewed

@@ -21,6 +21,41 @@ lib/lockdown/model.rb
 lib/lockdown/system.rb
 lib/lockdown/version.rb
 lib/lockdown/view.rb
+rails_generators/lockdown/USAGE
+rails_generators/lockdown/lockdown_generator.rb
+rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
+rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
+rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
+rails_generators/lockdown/templates/app/controllers/users_controller.rb
+rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
+rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
+rails_generators/lockdown/templates/app/helpers/users_helper.rb
+rails_generators/lockdown/templates/app/models/permission.rb
+rails_generators/lockdown/templates/app/models/profile.rb
+rails_generators/lockdown/templates/app/models/user.rb
+rails_generators/lockdown/templates/app/models/user_group.rb
+rails_generators/lockdown/templates/app/views/permissions/_data.html.erb
+rails_generators/lockdown/templates/app/views/permissions/index.html.erb
+rails_generators/lockdown/templates/app/views/permissions/show.html.erb
+rails_generators/lockdown/templates/app/views/sessions/new.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/_data.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/_form.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
+rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
+rails_generators/lockdown/templates/app/views/users/_data.html.erb
+rails_generators/lockdown/templates/app/views/users/_form.html.erb
+rails_generators/lockdown/templates/app/views/users/_password.html.erb
+rails_generators/lockdown/templates/app/views/users/edit.html.erb
+rails_generators/lockdown/templates/app/views/users/index.html.erb
+rails_generators/lockdown/templates/app/views/users/new.html.erb
+rails_generators/lockdown/templates/app/views/users/show.html.erb
+rails_generators/lockdown/templates/db/migrate/create_admin_user_and_user_group.rb
+rails_generators/lockdown/templates/db/migrate/create_permissions.rb
+rails_generators/lockdown/templates/db/migrate/create_profiles.rb
+rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
+rails_generators/lockdown/templates/db/migrate/create_users.rb
 rails_generators/lockdown_all/USAGE
 rails_generators/lockdown_all/lockdown_all_generator.rb
 rails_generators/lockdown_all/templates/app/controllers/permissions_controller.rb
@@ -70,7 +105,11 @@ test/test_lockdown.rb
 test/test_lockdown_all_generator.rb
 test/test_lockdown_generator.rb
 test/test_lockdown_models_generator.rb
+website/generator.html
+website/generator.txt
+website/index.html
 website/index.txt
 website/javascripts/rounded_corners_lite.inc.js
+website/model.jpg
 website/stylesheets/screen.css
 website/template.html.erb

data/lib/lockdown/controller.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module Lockdown
           if session[:expiry_time] && session[:expiry_time] < Time.now
             nil_lockdown_values
           end
-          session[:expiry_time] = Time.now + Lockdown::System[:session_timeout]
+          session[:expiry_time] = Time.now + Lockdown::System.fetch(:session_timeout)
         end
         def store_location
@@ -189,13 +189,13 @@ module Lockdown
         end
         def access_denied(e)
-					if Lockdown::System[:logout_on_access_violation]
+					if Lockdown::System.fetch(:logout_on_access_violation)
 						reset_session
 					end
           respond_to do |accepts|
             accepts.html do
               store_location
-              send_to Lockdown::System[:access_denied_path]
+              send_to Lockdown::System.fetch(:access_denied_path)
             end
             accepts.xml do
               headers["Status"] = "Unauthorized"

data/lib/lockdown/system.rb CHANGED Viewed

@@ -27,14 +27,10 @@ module Lockdown
         end
       end
-      def [](key)
+      def fetch(key)
         (@options||={})[key]
       end
-			def []=(key,val)
-        @options[key] = val
-      end
       def set_permission(name, *method_arrays)
         @permissions[name] ||= []
         method_arrays.each{|ary| @permissions[name] += ary}

data/lib/lockdown/version.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 module Lockdown #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 0
-    MINOR = 4
-    TINY  = 6
+    MINOR = 5
+    TINY  = 0
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/rails_generators/lockdown/USAGE ADDED Viewed

@@ -0,0 +1,5 @@
+Description:
+Usage:

data/rails_generators/lockdown/lockdown_generator.rb ADDED Viewed

@@ -0,0 +1,221 @@
+class LockdownGenerator < Rails::Generator::Base
+  attr_accessor :file_name
+  def manifest
+    record do |m|
+      # Ensure appropriate folder(s) exists
+      m.directory 'app/helpers'
+      m.directory 'app/views'
+      m.directory 'app/controllers'
+      if options[:all]
+        options[:management] = true
+        options[:login] = true
+      end
+      add_management(m) if options[:management]
+      add_login(m) if options[:login]
+      add_models(m)
+    end #record do |m|
+  end
+  protected
+  def add_management(m)
+      m.directory 'app/views/users'
+      m.directory 'app/views/user_groups'
+      m.directory 'app/views/permissions'
+      m.file "app/controllers/permissions_controller.rb",
+							"app/controllers/permissions_controller.rb"
+      m.file "app/controllers/users_controller.rb",
+							"app/controllers/users_controller.rb"
+      m.file "app/controllers/user_groups_controller.rb",
+							"app/controllers/user_groups_controller.rb"
+      m.file "app/helpers/permissions_helper.rb",
+							"app/helpers/permissions_helper.rb"
+      m.file "app/helpers/users_helper.rb",
+							"app/helpers/users_helper.rb"
+      m.file "app/helpers/user_groups_helper.rb",
+							"app/helpers/user_groups_helper.rb"
+      copy_views(m, "users")
+      m.file "app/views/users/_password.html.erb",
+							"app/views/users/_password.html.erb"
+      copy_views(m, "user_groups")
+      m.file "app/views/permissions/_data.html.erb",
+							"app/views/permissions/_data.html.erb"
+      m.file "app/views/permissions/index.html.erb",
+							"app/views/permissions/index.html.erb"
+      m.file "app/views/permissions/show.html.erb",
+							"app/views/permissions/show.html.erb"
+      m.route_resources "permissions"
+      m.route_resources "user_groups"
+      m.route_resources "users"
+    add_management_permissions(m)
+  end
+  def add_login(m)
+    m.directory 'app/views/sessions'
+    m.file "app/controllers/sessions_controller.rb",
+      "app/controllers/sessions_controller.rb"
+    m.file "app/views/sessions/new.html.erb",
+      "app/views/sessions/new.html.erb"
+    m.route_resources "sessions"
+    add_login_permissions(m)
+    add_login_routes(m)
+  end
+  def add_models(m)
+    m.directory 'app/models'
+    m.file "app/models/permission.rb",
+      "app/models/permission.rb"
+    m.file "app/models/user.rb",
+      "app/models/user.rb"
+    m.file "app/models/user_group.rb",
+      "app/models/user_group.rb"
+    m.file "app/models/profile.rb",
+      "app/models/profile.rb"
+    add_migrations(m) unless options[:no_migrations]
+  end
+  def add_migrations(m)
+    begin
+      m.migration_template "db/migrate/create_profiles.rb", "db/migrate",
+        :migration_file_name => "create_profiles"
+    rescue
+      puts "Profiles migration exists"
+    end
+    begin
+      m.migration_template "db/migrate/create_users.rb", "db/migrate",
+        :migration_file_name => "create_users"
+    rescue
+      puts "Users migration exists"
+    end
+    begin
+      m.migration_template "db/migrate/create_user_groups.rb", "db/migrate",
+        :migration_file_name => "create_user_groups"
+    rescue
+      puts "User Groups migration exists"
+    end
+    begin
+      m.migration_template "db/migrate/create_permissions.rb", "db/migrate",
+        :migration_file_name => "create_permissions"
+    rescue
+      puts "Permissions migration exists"
+    end
+    begin
+      m.migration_template "db/migrate/create_admin_user_and_user_group.rb",
+        "db/migrate",
+        :migration_file_name => "create_admin_user_and_user_group"
+    rescue
+      puts "Admin User Group... migration exists"
+    end
+  end # add_migrations
+	def copy_views(m, vw)
+		m.file "app/views/#{vw}/_data.html.erb", "app/views/#{vw}/_data.html.erb"
+		m.file "app/views/#{vw}/_form.html.erb", "app/views/#{vw}/_form.html.erb"
+		m.file "app/views/#{vw}/index.html.erb", "app/views/#{vw}/index.html.erb"
+		m.file "app/views/#{vw}/show.html.erb", "app/views/#{vw}/show.html.erb"
+		m.file "app/views/#{vw}/edit.html.erb", "app/views/#{vw}/edit.html.erb"
+		m.file "app/views/#{vw}/new.html.erb", "app/views/#{vw}/new.html.erb"
+	end
+	def add_login_permissions(m)
+    add_permissions m, "set_permission :sessions_management, all_methods(:sessions)"
+    add_predefined_user_group m, "set_public_access :sessions_management"
+  end
+	def add_management_permissions(m)
+    perms = []
+    perms << "set_permission :users_management, all_methods(:users)"
+    perms << "set_permission :user_groups_management, all_methods(:user_groups)"
+    perms << "set_permission :permissions_management, all_methods(:permissions)"
+    perms << "set_permission :my_account, only_methods(:users, :edit, :update, :show)"
+    add_permissions m, perms.join("\n  ")
+    add_predefined_user_group m, "set_protected_access :my_account"
+	end
+  def add_permissions(m, str)
+		sentinel = '# Define your permissions here:'
+		m.gsub_file 'lib/lockdown/init.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+				"#{match}\n  #{str}"
+		end
+  end
+  def add_predefined_user_group(m, str)
+		sentinel = '# Define the built-in user groups here:'
+		m.gsub_file 'lib/lockdown/init.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+				"#{match}\n  #{str}"
+    end
+  end
+	def add_login_routes(m)
+		home = %Q(map.home '', :controller => 'sessions', :action => 'new')
+		login = %Q(map.login '/login', :controller => 'sessions', :action => 'new')
+		logout =%Q(map.logout '/logout', :controller => 'sessions', :action => 'destroy')
+		sentinel = 'ActionController::Routing::Routes.draw do |map|'
+		m.gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+				"#{match}\n  #{home}\n\n  #{login}\n\n  #{logout}\n"
+		end
+  end
+  def banner
+<<-EOS
+Installs the lockdown framework to managing users user_groups
+and viewing permissions. Also includes a login screen.
+USAGE: #{$0} #{spec.name}
+EOS
+  end
+  def add_options!(opt)
+    opt.separator ''
+    opt.separator 'Options:'
+    opt.on("--all",
+      "Install all Lockdown templates") { |v| options[:all] = v }
+    opt.on("--models",
+      "Install only models and migrations (skip migrations by --no_migrations).") { |v| options[:models] = v }
+    opt.on("--management",
+      "Install  management functionality.  Which is --all minus --login. All models (migrations) included. ") { |v| options[:management] = v }
+    opt.on("--login",
+      "Install login functionality.  Which is --all minus --management. All models (migrations) included. ") { |v| options[:login] = v }
+    opt.on("--no_migrations",
+      "Skip migrations installation") { |v| options[:no_migrations] = v }
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb ADDED Viewed

@@ -0,0 +1,22 @@
+class PermissionsController < ApplicationController
+  # GET /permissions
+  # GET /permissions.xml
+  def index
+    @permissions = Permission.find(:all)
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @permissions }
+    end
+  end
+  # GET /permissions/1
+  # GET /permissions/1.xml
+  def show
+    @permission = Permission.find(params[:id])
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @permission }
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# This controller handles the login/logout function of the site.
+class SessionsController < ApplicationController
+  def new
+    #Stub required for Lockdown to grant access
+  end
+  def create
+    password_authentication(params[:login], params[:password])
+  end
+  def destroy
+		logger.info "resetting session in sessions controller"
+    reset_session
+    flash[:notice] = "You have been logged out."
+    redirect_back_or_default('/')
+  end
+  protected
+  def password_authentication(login, password)
+    set_session_user(User.authenticate(login, password))
+    if logged_in?
+      successful_login
+    else
+      failed_login
+    end
+  end
+  def failed_login(message = 'Authentication failed.')
+    flash[:error] = message
+    redirect_back_or_default login_url
+  end
+  def successful_login
+    flash[:notice] = "Logged in successfully"
+    redirect_back_or_default Lockdown::System.fetch(:successful_login_path)
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb ADDED Viewed

@@ -0,0 +1,113 @@
+class UserGroupsController < ApplicationController
+	before_filter :find_user_group, :only => [:show, :edit, :update, :destroy]
+	after_filter :update_permissions, :only => [:create, :update]
+  # GET /user_groups
+  # GET /user_groups.xml
+  def index
+    @user_groups = UserGroup.find(:all)
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @user_groups }
+    end
+  end
+  # GET /user_groups/1
+  # GET /user_groups/1.xml
+  def show
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @user_group }
+    end
+  end
+  # GET /user_groups/new
+  # GET /user_groups/new.xml
+  def new
+    @user_group = UserGroup.new
+		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @user_group }
+    end
+  end
+  # GET /user_groups/1/edit
+  def edit
+		@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+  end
+  # POST /user_groups
+  # POST /user_groups.xml
+  def create
+    @user_group = UserGroup.new(params[:user_group])
+    respond_to do |format|
+      if @user_group.save
+        flash[:notice] = 'UserGroup was successfully created.'
+        format.html { redirect_to(@user_group) }
+        format.xml  { render :xml => @user_group, :status => :created, :location => @user_group }
+      else
+				@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @user_group.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+  # PUT /user_groups/1
+  # PUT /user_groups/1.xml
+  def update
+    respond_to do |format|
+      if @user_group.update_attributes(params[:user_group])
+        flash[:notice] = 'UserGroup was successfully updated.'
+        format.html { redirect_to(@user_group) }
+        format.xml  { head :ok }
+      else
+				@all_permissions = Lockdown::System.permissions_assignable_for_user(current_user)
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @user_group.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+  # DELETE /user_groups/1
+  # DELETE /user_groups/1.xml
+  def destroy
+    @user_group.destroy
+    respond_to do |format|
+      format.html { redirect_to(user_groups_url) }
+      format.xml  { head :ok }
+    end
+  end
+	private
+	def find_user_group
+    @user_group = UserGroup.find(params[:id])
+    if @action_name != "show" && Lockdown::System.has_user_group?(@user_group)
+      raise SecurityError,"Invalid attempt to modify user group."
+    end
+  end
+	def update_permissions
+		new_perm_ids = params.collect{|p| p[0].split("_")[1].to_i if p[0] =~ /^perm_/}.compact
+		#
+		# Removed previously associated permissions if not checked this time.
+		#
+		@user_group.permissions.dup.each do |p|
+			@user_group.permissions.delete(p) unless new_perm_ids.include?(p.id)
+    end
+		#
+		# Add in the new permissions
+		#
+		new_perm_ids.each do |id|
+			next if @user_group.permission_ids.include?(id)
+			@user_group.permissions << Permission.find(id)
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/controllers/users_controller.rb ADDED Viewed

@@ -0,0 +1,124 @@
+class UsersController < ApplicationController
+	before_filter :find_user, :only => [:show, :edit, :update, :destroy]
+	after_filter :update_user_groups, :only => [:create, :update]
+  # GET /users
+  # GET /users.xml
+  def index
+    @users = User.find :all, :include => [:profile, :user_groups]
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @users }
+    end
+  end
+  # GET /users/1
+  # GET /users/1.xml
+  def show
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @user }
+    end
+  end
+  # GET /users/new
+  # GET /users/new.xml
+  def new
+		@user = User.new
+		@profile = Profile.new
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+		respond_to do |format|
+     format.html # new.html.erb
+     format.xml  { render :xml => @user }
+		end
+  end
+  # GET /users/1/edit
+  def edit
+    @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+  end
+  # POST /users
+  # POST /users.xml
+  def create
+    @user = User.new(params[:user])
+    @profile = Profile.new(params[:profile])
+    @user.profile = @profile
+		if @user.save
+			flash[:notice] = "Thanks for signing up!"
+			redirect_to(users_path)
+		else
+			@user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+			flash[:error] = "Please correct the following issues"
+			render :action => "new"
+    end
+  end
+  # PUT /users/1
+  # PUT /users/1.xml
+  def update
+		@user.profile.attributes = params[:profile]
+		@user.attributes = params[:user]
+    respond_to do |format|
+      if @user.save
+        flash[:notice] = 'User was successfully updated.'
+        format.html { redirect_to(@user) }
+        format.xml  { head :ok }
+      else
+        @user_groups_for_user = Lockdown::System.user_groups_assignable_for_user(current_user)
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+  # DELETE /users/1
+  # DELETE /users/1.xml
+  def destroy
+    @user.destroy
+    respond_to do |format|
+      format.html { redirect_to(users_url) }
+      format.xml  { head :ok }
+    end
+  end
+	def change_password
+		render :update do |page|
+			page.replace_html 'password', :partial => 'password'
+		end
+	end
+	private
+	def find_user
+		# Skip test if current user is an administrator
+		unless current_user_is_admin?
+			# Raise error if id not = current logged in user
+			raise SecurityError.new if (current_user_id != params[:id].to_i)
+		end
+		@user = User.find(params[:id])
+		raise SecurityError.new if @user.nil?
+		@profile = @user.profile
+	end
+	def update_user_groups
+		new_ug_ids = params.collect{|p| p[0].split("_")[1].to_i if p[0] =~ /^ug_/}.compact
+		#
+		# Removed previously associated user_groups if not checked this time.
+		#
+		@user.user_groups.dup.each do |g|
+			#Don't remove the automatically assigned user groups
+			next if Lockdown::System.has_user_group?(g)
+			@user.user_groups.delete(g) unless new_ug_ids.include?(g.id)
+    end
+		#
+		# Add in the new permissions
+		#
+		new_ug_ids.each do |id|
+			next if @user.user_group_ids.include?(id)
+			@user.user_groups << UserGroup.find(id)
+    end
+  end
+end

data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module PermissionsHelper
+  def permission_name_value
+		h @permission.name
+  end
+  def permission_access_rights_value
+    Lockdown::System.access_rights_for_permission(@permission).collect{|r| r}.join("<br/>")
+  end
+	def permission_users_value
+		@permission.all_users.collect{|u| link_to_or_show(u.full_name, u)}.join("<br/>")
+  end
+end

data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module UserGroupsHelper
+  def user_group_name_value
+    if @action_name == "show"
+       h @user_group.name
+    else
+       text_field_tag "user_group[name]", @user_group.name
+    end
+  end
+  def user_group_permissions_value
+    if @action_name == "show"
+       @user_group.permissions.collect{|p| p.name + "<br/>"}
+    else
+			rvalue = %{<ul id="all_permissions" class="checklist">}
+			@all_permissions.each_with_index do |perm,i|
+				bg = ( i % 2 == 0 ) ? "even" : "odd"
+				input_id = "perm_#{perm.id}"
+				checked = (@user_group.permission_ids.include?(perm.id) ? "checked" : "")
+				bg << "_" << checked if checked.length > 0
+				rvalue << <<-HTML
+					<li class="#{bg}">
+						<label id="lbl_#{input_id}" for="#{input_id}" onclick="do_highlight('#{input_id}')">
+							<input id="#{input_id}" name="#{input_id}" type="checkbox" #{checked}/>&nbsp;&nbsp;#{perm.name}
+						</label>
+					</li>
+				HTML
+       end
+			 rvalue << "</ul>"
+    end
+  end
+	def user_group_users_value
+		@user_group.all_users.collect{|u| link_to_or_show(u.full_name, u)}.join("<br/>")
+  end
+end