lockdown 1.6.5 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (80) hide show
  1. data/.gitignore +1 -0
  2. data/README.txt +8 -5
  3. data/Rakefile +43 -26
  4. data/lib/lockdown/access.rb +108 -0
  5. data/lib/lockdown/configuration.rb +201 -0
  6. data/lib/lockdown/database.rb +31 -36
  7. data/lib/lockdown/delivery.rb +26 -0
  8. data/lib/lockdown/errors.rb +3 -7
  9. data/lib/lockdown/frameworks/rails/controller.rb +21 -59
  10. data/lib/lockdown/frameworks/rails/view.rb +1 -1
  11. data/lib/lockdown/frameworks/rails.rb +7 -43
  12. data/lib/lockdown/helper.rb +14 -85
  13. data/lib/lockdown/orms/active_record.rb +7 -9
  14. data/lib/lockdown/permission.rb +37 -203
  15. data/lib/lockdown/resource.rb +54 -0
  16. data/lib/lockdown/session.rb +16 -25
  17. data/lib/lockdown/user_group.rb +16 -0
  18. data/lib/lockdown.rb +15 -60
  19. data/lockdown.gemspec +29 -69
  20. data/test/helper.rb +9 -0
  21. data/test/lockdown/test_access.rb +80 -0
  22. data/test/lockdown/test_configuration.rb +194 -0
  23. data/test/lockdown/test_delivery.rb +163 -0
  24. data/test/lockdown/test_helper.rb +33 -0
  25. data/test/lockdown/test_permission.rb +73 -0
  26. data/test/lockdown/test_resource.rb +47 -0
  27. data/test/lockdown/test_session.rb +31 -0
  28. data/test/lockdown/test_user_group.rb +17 -0
  29. data/test/test_lockdown.rb +11 -0
  30. metadata +41 -78
  31. data/lib/lockdown/context.rb +0 -41
  32. data/lib/lockdown/references.rb +0 -19
  33. data/lib/lockdown/rspec_helper.rb +0 -118
  34. data/lib/lockdown/rules.rb +0 -372
  35. data/lib/lockdown/system.rb +0 -58
  36. data/rails_generators/lockdown/lockdown_generator.rb +0 -274
  37. data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +0 -22
  38. data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +0 -39
  39. data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +0 -122
  40. data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +0 -117
  41. data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -2
  42. data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -2
  43. data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -2
  44. data/rails_generators/lockdown/templates/app/models/permission.rb +0 -13
  45. data/rails_generators/lockdown/templates/app/models/profile.rb +0 -10
  46. data/rails_generators/lockdown/templates/app/models/user.rb +0 -95
  47. data/rails_generators/lockdown/templates/app/models/user_group.rb +0 -15
  48. data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +0 -16
  49. data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +0 -26
  50. data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +0 -12
  51. data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +0 -33
  52. data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +0 -20
  53. data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +0 -31
  54. data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +0 -29
  55. data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +0 -51
  56. data/rails_generators/lockdown/templates/app/views/users/index.html.erb +0 -22
  57. data/rails_generators/lockdown/templates/app/views/users/new.html.erb +0 -50
  58. data/rails_generators/lockdown/templates/app/views/users/show.html.erb +0 -33
  59. data/rails_generators/lockdown/templates/config/initializers/lockit.rb +0 -1
  60. data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +0 -17
  61. data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +0 -19
  62. data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +0 -26
  63. data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +0 -19
  64. data/rails_generators/lockdown/templates/db/migrate/create_users.rb +0 -17
  65. data/rails_generators/lockdown/templates/lib/lockdown/README +0 -42
  66. data/rails_generators/lockdown/templates/lib/lockdown/init.rb +0 -131
  67. data/spec/lockdown/context_spec.rb +0 -191
  68. data/spec/lockdown/database_spec.rb +0 -162
  69. data/spec/lockdown/frameworks/rails/controller_spec.rb +0 -215
  70. data/spec/lockdown/frameworks/rails/view_spec.rb +0 -96
  71. data/spec/lockdown/frameworks/rails_spec.rb +0 -163
  72. data/spec/lockdown/permission_spec.rb +0 -156
  73. data/spec/lockdown/rspec_helper_spec.rb +0 -40
  74. data/spec/lockdown/rules_spec.rb +0 -245
  75. data/spec/lockdown/session_spec.rb +0 -112
  76. data/spec/lockdown/system_spec.rb +0 -51
  77. data/spec/lockdown_spec.rb +0 -19
  78. data/spec/rcov.opts +0 -5
  79. data/spec/spec.opts +0 -3
  80. data/spec/spec_helper.rb +0 -8
data/.gitignore CHANGED
@@ -1,5 +1,6 @@
1
1
  *.DS_Store
2
2
  *.swp
3
+ .yardoc/**
3
4
  pkg/**
4
5
  doc/**
5
6
  email.txt
data/README.txt CHANGED
@@ -1,10 +1,13 @@
1
- lockdown
2
- by Andrew Stone
3
- http://stonean.com
4
-
5
1
  == DESCRIPTION:
6
2
 
7
- Lockdown is an authorization system for RubyOnRails (ver >= 2.1).
3
+ Lockdown is an authorization system for RubyOnRails (ver >= 3.0).
4
+
5
+
6
+ Version 3.0 of Lockdown will be a Rails 3 compatible rewrite. I'm going to take some of the discoveries from Monty (my Rack based authorization project) and roll them into Lockdown.
7
+
8
+ The model level interaction will be redone completely. It sucks right now.
9
+
10
+ Follow me on Twitter (@stonean) to keep up to date.
8
11
 
9
12
  == INSTALL:
10
13
 
data/Rakefile CHANGED
@@ -1,38 +1,55 @@
1
1
  require 'rubygems'
2
2
  require 'rake'
3
- require 'rcov'
4
- require 'spec/rake/spectask'
5
3
 
6
- require 'lib/lockdown.rb'
7
- task :default => 'rcov'
4
+ require File.join(File.dirname(__FILE__), "lib", "lockdown")
8
5
 
9
- desc "Flog your code for Justice!"
10
- task :flog do
11
- sh('flog lib/**/*.rb')
6
+ begin
7
+ require 'jeweler'
8
+ Jeweler::Tasks.new do |gem|
9
+ gem.name = "lockdown"
10
+ gem.version = Lockdown.version
11
+ gem.rubyforge_project = "lockdown"
12
+ gem.summary = "Authorization system for Rails 2.x"
13
+ gem.description = "Restrict access to your controller actions. Supports basic model level restrictions as well"
14
+ gem.email = "andy@stonean.com"
15
+ gem.homepage = "http://stonean.com/wiki/lockdown"
16
+ gem.authors = ["Andrew Stone"]
17
+ end
18
+ Jeweler::GemcutterTasks.new
19
+ rescue LoadError
20
+ puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
12
21
  end
13
22
 
14
- desc "Run all specs and rcov in a non-sucky way"
15
- Spec::Rake::SpecTask.new(:rcov) do |t|
16
- t.spec_opts = IO.readlines("spec/spec.opts").map {|l| l.chomp.split " "}.flatten
17
- t.spec_files = FileList['spec/**/*_spec.rb']
18
- t.rcov = true
19
- t.rcov_opts = IO.readlines("spec/rcov.opts").map {|l| l.chomp.split " "}.flatten
23
+ begin
24
+ require 'yard'
25
+ YARD::Rake::YardocTask.new do |t|
26
+ t.files = FileList['lib/**/*.rb']
27
+ t.options = ['-r'] # optional
28
+ end
29
+ rescue LoadError
30
+ task :yard do
31
+ abort "YARD is not available. In order to run yard, you must: sudo gem install yard"
32
+ end
33
+ end
34
+
35
+ require 'rake/testtask'
36
+ Rake::TestTask.new(:test) do |test|
37
+ test.libs << 'lib' << 'test'
38
+ test.pattern = 'test/**/test_*.rb'
39
+ test.verbose = true
20
40
  end
21
41
 
22
42
  begin
23
- require 'jeweler'
24
- Jeweler::Tasks.new do |gemspec|
25
- gemspec.name = "lockdown"
26
- gemspec.version = Lockdown.version
27
- gemspec.rubyforge_project = "lockdown"
28
- gemspec.summary = "Authorization system for Rails 2.x"
29
- gemspec.description = "Restrict access to your controller actions. Supports basic model level restrictions as well"
30
- gemspec.email = "andy@stonean.com"
31
- gemspec.homepage = "http://stonean.com/wiki/lockdown"
32
- gemspec.authors = ["Andrew Stone"]
33
- gemspec.add_development_dependency('rspec')
43
+ require 'rcov/rcovtask'
44
+ Rcov::RcovTask.new do |test|
45
+ test.libs << 'test'
46
+ test.pattern = 'test/**/test_*.rb'
47
+ test.verbose = true
34
48
  end
35
- Jeweler::GemcutterTasks.new
36
49
  rescue LoadError
37
- puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
50
+ task :rcov do
51
+ abort "RCov is not available. In order to run rcov, you must: sudo gem install rcov"
52
+ end
38
53
  end
54
+
55
+ task :default => 'test'
@@ -0,0 +1,108 @@
1
+ # encoding: utf-8
2
+
3
+ module Lockdown
4
+ module Access
5
+ # Define permision that defines how your application is accessed.
6
+ # # All methods on the site resource will be open to users who have
7
+ # # this permission.
8
+ # permission :public_pages do
9
+ # resource :site
10
+ # end
11
+ #
12
+ # # Can use multiple resource statements
13
+ # permission :public_pages do
14
+ # resource :site
15
+ # resource :posts
16
+ # end
17
+ #
18
+ # # Only methods show, edit and update on the users resource will
19
+ # # be open to users who have this permission.
20
+ # permission :my_account_pages do
21
+ # resource :users do
22
+ # only :show, :edit, :update
23
+ # end
24
+ # end
25
+ #
26
+ # # All methods except destroy on the users resource will be
27
+ # # open to users who have this permission.
28
+ # permission :manage_users do
29
+ # resource :users do
30
+ # except :destroy
31
+ # end
32
+ # end
33
+ #
34
+ # @param [String,Symbol] name permission reference.
35
+ # @yield [Lockdown::Permission.new(name)] new permission object
36
+ def permission(name, &block)
37
+ permission = Lockdown::Permission.new(name)
38
+ if block_given?
39
+ permission.instance_eval(&block)
40
+ else
41
+ permission.resource(permission.name)
42
+ end
43
+
44
+ unless Lockdown::Configuration.has_permission?(permission)
45
+ Lockdown::Configuration.permissions << permission
46
+ end
47
+
48
+ permission
49
+ end
50
+
51
+ # Define which permissions are accessible to everyone
52
+ # public_access :site, :user_registration
53
+ #
54
+ # @param *[String,Symbol] permissions that are accessible to everyone
55
+ def public_access(*permissions)
56
+ permissions.each do |name|
57
+ Lockdown::Configuration.make_permission_public(name)
58
+ end
59
+
60
+ Lockdown::Configuration.public_access = regexes(permissions)
61
+ end
62
+
63
+ # Define which permissions are accessible to everyone
64
+ # protected_access :my_account, :site_administration
65
+ #
66
+ # @param *[String,Symbol] permissions that are accessbile to authenticated users
67
+ def protected_access(*permissions)
68
+ permissions.each do |name|
69
+ Lockdown::Configuration.make_permission_protected(name)
70
+ end
71
+
72
+ Lockdown::Configuration.protected_access = regexes(permissions)
73
+ end
74
+
75
+ # Create user group by giving it a name and a list of permission names.
76
+ # @param [String, Array] user group name, permission names
77
+ def user_group(name, *permissions)
78
+ return if permissions.empty?
79
+ name = name.to_s
80
+ ug = Lockdown::Configuration.find_or_create_user_group(name)
81
+
82
+ permissions.each do |name|
83
+ if (perm = Lockdown::Configuration.permission(name))
84
+ ug.permissions << perm unless ug.permissions.include?(perm)
85
+ end
86
+ end
87
+
88
+ Lockdown::Configuration.maybe_add_user_group(ug)
89
+ end
90
+
91
+ # Method called by Lockdown::Delivery to trigger parsing of class methods
92
+ def configure
93
+ unless Lockdown::Configuration.configured
94
+ Lockdown::Database.sync_with_db unless Lockdown::Configuration.skip_sync?
95
+ Lockdown::Configuration.configured = true
96
+ end
97
+ end
98
+
99
+ private
100
+
101
+ def regexes(permissions)
102
+ permissions.collect!{|p| p.to_s}
103
+ perms = Lockdown::Configuration.permissions.select{|p| permissions.include?(p.name)}
104
+ perms.collect{|p| p.regex_pattern}.join("|")
105
+ end
106
+
107
+ end # Access
108
+ end # Lockdown
@@ -0,0 +1,201 @@
1
+ # encoding: utf-8
2
+
3
+ module Lockdown
4
+ module Configuration
5
+ class << self
6
+ # Flag to determine if configuration method has been executed
7
+ # Default false
8
+ attr_accessor :configured
9
+ # Regex string of paths that are publicly accessible.
10
+ # Default "\/"
11
+ attr_accessor :public_access
12
+ # Array of paths that are restricted to an authenticated user.
13
+ # Default ""
14
+ attr_accessor :protected_access
15
+ # Array of permission objects that defines the access to the application.
16
+ # Default []
17
+ attr_accessor :permissions
18
+ # Array of user group objects
19
+ # Default []
20
+ attr_accessor :user_groups
21
+ # Method used to get the id of the user responsible for
22
+ # the current action.
23
+ # Default :current_user_id
24
+ attr_accessor :who_did_it
25
+ # User id to associate to system actions
26
+ # Default 1
27
+ attr_accessor :default_who_did_it
28
+ # Path to redirect to if access is denied.
29
+ # Default: '/'
30
+ attr_accessor :access_denied_path
31
+ # Redirect to path on successful login
32
+ # Default "/"
33
+ attr_accessor :successful_login_path
34
+ # Logout user if attempt to access restricted resource
35
+ # Default false
36
+ attr_accessor :logout_on_access_violation
37
+ # When using the links helper, this character will be
38
+ # used to separate the links.
39
+ # Default "|"
40
+ attr_accessor :link_separator
41
+ # The model used to represent the grouping of permisssion. Common
42
+ # choices are 'Role' and 'UserGroup'.
43
+ # Default "UserGroup"
44
+ attr_accessor :user_group_model
45
+ # The model used to represent the user. Common choices
46
+ # are 'User' and 'Person'.
47
+ # Default "User"
48
+ attr_accessor :user_model
49
+ # Which environments Lockdown should not sync with db
50
+ # Default ['test']
51
+ attr_accessor :skip_db_sync_in
52
+ # Set defaults.
53
+ def reset
54
+ @configured = false
55
+ @public_access = ""
56
+ @protected_access = ""
57
+ @permissions = []
58
+ @user_groups = []
59
+
60
+ @who_did_it = :current_user_id
61
+ @default_who_did_it = 1
62
+
63
+ @access_denied_path = "/"
64
+ @successful_login_path = "/"
65
+ @logout_on_access_violation = false
66
+
67
+ @link_separator = "|"
68
+
69
+ @user_group_model = "UserGroup"
70
+ @user_model = "User"
71
+
72
+ @skip_db_sync_in = ['test']
73
+ end
74
+
75
+ # @return [String] concatentation of public_access + "|" + protected_access
76
+ def authenticated_access
77
+ public_access + "|" + protected_access
78
+ end
79
+
80
+ # @param [String,Symbol] name permission name
81
+ # @return Lockdown::Permission object
82
+ def permission(name)
83
+ name = name.to_s
84
+ perm = permissions.detect{|perm| name == perm.name}
85
+ raise Lockdown::PermissionNotFound.new("Permission: #{name} not found") unless perm
86
+ perm
87
+ end
88
+
89
+ # Defines the permission as public
90
+ # @param [String,Symbol] name permission name
91
+ def make_permission_public(name)
92
+ permission(name).is_public
93
+ end
94
+
95
+ # Defines the permission as protected
96
+ # @param [String,Symbol] name permission name
97
+ def make_permission_protected(name)
98
+ permission(name).is_protected
99
+ end
100
+
101
+ # @return Array of permission names
102
+ def permission_names
103
+ permissions.collect{|p| p.name}
104
+ end
105
+
106
+ # @param [Lockdown::Permission] permission Lockdown::Permission object
107
+ # @return [true|false] true if object exists with same name
108
+ def has_permission?(permission)
109
+ permissions.any?{|p| permission.name == p.name}
110
+ end
111
+
112
+ # @param [String|Symbol] name permission name
113
+ # @return [true|false] true if permission is either public or protected
114
+ def permission_assigned_automatically?(name)
115
+ name = name.to_s
116
+
117
+ perm = permission(name)
118
+
119
+ perm.public? || perm.protected?
120
+ end
121
+
122
+ # @param [String,Symbol] name user group name
123
+ # @return [Lockdown::UserGroup] object
124
+ def user_group(name)
125
+ name = name.to_s
126
+ user_groups.detect{|ug| name == ug.name}
127
+ end
128
+
129
+ def maybe_add_user_group(group)
130
+ @user_groups << group unless user_group_names.include?(group.name)
131
+ end
132
+
133
+ # @return [Lockdown::UserGroup]
134
+ def find_or_create_user_group(name)
135
+ name = name.to_s
136
+ user_group(name) || Lockdown::UserGroup.new(name)
137
+ end
138
+
139
+ # @return [Array] names
140
+ def user_group_names
141
+ user_groups.collect{|ug| ug.name}
142
+ end
143
+
144
+ # @param [String] name user group name
145
+ # @return [Array] permissions names
146
+ def user_group_permissions_names(name)
147
+ user_group(name).permissions.collect{|p| p.name}
148
+ end
149
+
150
+ # @return [True|False] true if user has 'Administrators' group
151
+ def administrator?(user)
152
+ user_has_user_group?(user, Lockdown.administrator_group_name)
153
+ end
154
+
155
+ # @param [User] user User object you want to make an administrator
156
+ def make_user_administrator(user)
157
+ user_groups = user.send(Lockdown.user_groups_hbtm_reference)
158
+ user_groups << Lockdown.user_group_class.
159
+ find_or_create_by_name(Lockdown.administrator_group_name)
160
+ end
161
+
162
+
163
+ # @param [User, String] user,name user model, name of user group
164
+ # @return [True|False] true if user has user group with name
165
+ def user_has_user_group?(user, name)
166
+ user_groups = user.send(Lockdown.user_groups_hbtm_reference)
167
+ user_groups.any?{|ug| name == ug.name}
168
+ end
169
+
170
+ # @return [Regex]
171
+ def access_rights_for_user(user)
172
+ return unless user
173
+ return Lockdown::Resource.regex if administrator?(user)
174
+
175
+ user_groups = user.send(Lockdown.user_groups_hbtm_reference)
176
+
177
+ permission_names = []
178
+
179
+ user_groups.each do |ug|
180
+ ug.permissions.each do |p|
181
+ permission_names << p.name
182
+ end
183
+ end
184
+
185
+ authenticated_access + "|" + access_rights_for_permissions(*permission_names)
186
+ end
187
+
188
+ # @param [Array(String)] names permission names
189
+ # @return [String] combination of regex_patterns from permissions
190
+ def access_rights_for_permissions(*names)
191
+ names.collect{|name| "(#{permission(name).regex_pattern})"}.join('|')
192
+ end
193
+
194
+ def skip_sync?
195
+ true
196
+ end
197
+ end # class block
198
+
199
+ self.reset
200
+ end # Configuration
201
+ end # Lockdown
@@ -1,3 +1,5 @@
1
+ # encoding: utf-8
2
+
1
3
  module Lockdown
2
4
  class Database
3
5
  class << self
@@ -6,32 +8,29 @@ module Lockdown
6
8
  # an interface for each the different orm implementations.
7
9
  # We'll see how it works...
8
10
  def sync_with_db
9
-
10
- @permissions = Lockdown::System.get_permissions
11
- @user_groups = Lockdown::System.get_user_groups
11
+ @permissions = Lockdown::Configuration.permission_names
12
+ @user_groups = Lockdown::Configuration.user_group_names
12
13
 
13
14
  unless ::Permission.table_exists? && Lockdown.user_group_class.table_exists?
14
15
  Lockdown.logger.info ">> Lockdown tables not found. Skipping database sync."
15
16
  return
16
17
  end
18
+
17
19
  create_new_permissions
18
20
 
19
21
  delete_extinct_permissions
20
22
 
21
23
  maintain_user_groups
22
- rescue Exception => e
23
- Lockdown.logger.error ">> Lockdown sync failed: #{e.backtrace.join("\n")}"
24
24
  end
25
25
 
26
26
  # Create permissions not found in the database
27
27
  def create_new_permissions
28
- @permissions.each do |key|
29
- next if Lockdown::System.permission_assigned_automatically?(key)
30
- str = Lockdown.get_string(key)
31
- p = ::Permission.find(:first, :conditions => ["name = ?", str])
28
+ @permissions.each do |name|
29
+ next if Lockdown::Configuration.permission_assigned_automatically?(name)
30
+ p = ::Permission.find(:first, :conditions => ["name = ?", name])
32
31
  unless p
33
- Lockdown.logger.info ">> Lockdown: Permission not found in db: #{str}, creating."
34
- ::Permission.create(:name => str)
32
+ Lockdown.logger.info ">> Lockdown: Permission not found in db: #{name}, creating."
33
+ ::Permission.create(:name => name)
35
34
  end
36
35
  end
37
36
  end
@@ -40,7 +39,7 @@ module Lockdown
40
39
  def delete_extinct_permissions
41
40
  db_perms = ::Permission.find(:all).dup
42
41
  db_perms.each do |dbp|
43
- unless @permissions.include?(Lockdown.get_symbol(dbp.name))
42
+ unless @permissions.include?(dbp.name)
44
43
  Lockdown.logger.info ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
45
44
  ug_table = Lockdown.user_groups_hbtm_reference.to_s
46
45
  if "permissions" < ug_table
@@ -56,33 +55,32 @@ module Lockdown
56
55
 
57
56
  def maintain_user_groups
58
57
  # Create user groups not found in the database
59
- @user_groups.each do |key|
60
- str = Lockdown.get_string(key)
61
- unless ug = Lockdown.user_group_class.find(:first, :conditions => ["name = ?", str])
62
- create_user_group(str, key)
58
+ @user_groups.each do |name|
59
+ unless ug = Lockdown.user_group_class.find(:first, :conditions => ["name = ?", name])
60
+ create_user_group(name)
63
61
  else
64
62
  # Remove permissions from user group not found in init.rb
65
- remove_invalid_permissions(ug, key)
63
+ remove_invalid_permissions(ug)
66
64
 
67
65
  # Add in permissions from init.rb not found in database
68
- add_valid_permissions(ug, key)
66
+ add_valid_permissions(ug)
69
67
  end
70
68
  end
71
69
  end
72
70
 
73
- def create_user_group(name_str, key)
74
- Lockdown.logger.info ">> Lockdown: #{Lockdown::System.fetch(:user_group_model)} not in the db: #{name_str}, creating."
75
- ug = Lockdown.user_group_class.create(:name => name_str)
71
+ def create_user_group(name)
72
+ Lockdown.logger.info ">> Lockdown: #{Lockdown::Configuration.user_group_model} not in the db: #{name}, creating."
73
+ ug = Lockdown.user_group_class.create(:name => name)
76
74
  #Inefficient, definitely, but shouldn't have any issues across orms.
77
75
  #
78
- Lockdown::System.permissions_for_user_group(key).each do |perm|
76
+ Lockdown::Configuration.user_group_permissions_names(name).each do |perm|
79
77
 
80
- if Lockdown::System.permission_assigned_automatically?(perm)
81
- Lockdown.logger.info ">> Permission #{perm} cannot be assigned to #{name_str}. Already belongs to built in user group (public or protected)."
78
+ if Lockdown::Configuration.permission_assigned_automatically?(perm)
79
+ Lockdown.logger.info ">> Permission #{perm} cannot be assigned to #{name}. Already belongs to built in user group (public or protected)."
82
80
  raise InvalidPermissionAssignment, "Invalid permission assignment"
83
81
  end
84
82
 
85
- p = ::Permission.find(:first, :conditions => ["name = ?", Lockdown.get_string(perm)])
83
+ p = ::Permission.find(:first, :conditions => ["name = ?", perm])
86
84
 
87
85
  ug_table = Lockdown.user_groups_hbtm_reference.to_s
88
86
  if "permissions" < ug_table
@@ -94,29 +92,26 @@ module Lockdown
94
92
  end
95
93
  end
96
94
 
97
- def remove_invalid_permissions(ug, key)
95
+ def remove_invalid_permissions(ug)
98
96
  ug.permissions.each do |perm|
99
- perm_sym = Lockdown.get_symbol(perm)
100
- perm_string = Lockdown.get_string(perm)
101
- unless Lockdown::System.permissions_for_user_group(key).include?(perm_sym)
102
- Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} no longer associated to User Group: #{ug.name}, deleting."
97
+ unless Lockdown::Configuration.user_group_permissions_names(ug.name).include?(perm.name)
98
+ Lockdown.logger.info ">> Lockdown: Permission: #{perm.name} no longer associated to User Group: #{ug.name}, deleting."
103
99
  ug.permissions.delete(perm)
104
100
  end
105
101
  end
106
102
  end
107
103
 
108
- def add_valid_permissions(ug, key)
109
- Lockdown::System.permissions_for_user_group(key).each do |perm|
110
- perm_string = Lockdown.get_string(perm)
104
+ def add_valid_permissions(ug)
105
+ Lockdown::Configuration.user_group_permissions_names(ug.name).each do |perm_name|
111
106
  found = false
112
107
  # see if permission exists
113
108
  ug.permissions.each do |p|
114
- found = true if Lockdown.get_string(p) == perm_string
109
+ found = true if p.name == perm_name
115
110
  end
116
111
  # if not found, add it
117
112
  unless found
118
- Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} not found for User Group: #{ug.name}, adding it."
119
- p = ::Permission.find(:first, :conditions => ["name = ?", perm_string])
113
+ Lockdown.logger.info ">> Lockdown: Permission: #{perm_name} not found for User Group: #{ug.name}, adding it."
114
+ p = ::Permission.find(:first, :conditions => ["name = ?", perm_name])
120
115
  ug.permissions << p
121
116
  end
122
117
  end
@@ -0,0 +1,26 @@
1
+ # encoding: utf-8
2
+
3
+ module Lockdown
4
+ class Delivery
5
+ class << self
6
+ # @return [true|false] if the given path is allowed
7
+ def allowed?(path, access_rights = nil)
8
+ return true if path == '/'
9
+
10
+ begin
11
+ ::Authorization.configure
12
+ rescue NameError
13
+ end
14
+
15
+ access_rights ||= Lockdown::Configuration.public_access
16
+
17
+ access_rights_regex = Lockdown.regex(access_rights)
18
+
19
+ path += "/" unless path =~ /\/$/
20
+ path = "/" + path unless path =~ /^\//
21
+
22
+ access_rights_regex =~ path ? true : false
23
+ end
24
+ end # class block
25
+ end # Delivery
26
+ end # Lockdown
@@ -1,11 +1,7 @@
1
- module Lockdown
2
- class InvalidRuleAssignment < StandardError; end
3
-
4
- class InvalidRuleContext < StandardError; end
1
+ # encoding: utf-8
5
2
 
6
- class PermissionScopeCollision < StandardError; end
3
+ module Lockdown
4
+ class PermissionNotFound < StandardError; end
7
5
 
8
6
  class InvalidPermissionAssignment < StandardError; end
9
-
10
- class GroupUndefinedError < StandardError; end
11
7
  end