lockdown_vail 1.6.2.1

data/lib/lockdown/helper.rb

@@ -0,0 +1,111 @@
+require 'active_support'
+
+module Lockdown
+  module Helper
+    def class_name_from_file(str)
+      str.split(".")[0].split("/").collect{|s| camelize(s) }.join("::")
+    end
+
+    # If str_sym is a Symbol (:users), return "Users"
+    # If str_sym is a String ("Users"), return :users
+    def convert_reference_name(str_sym)
+      if str_sym.is_a?(Symbol)
+        titleize(str_sym)
+      else
+       str_sym.underscore.tr(' ','_').to_sym
+      end
+    end
+
+    def user_group_class
+      eval(user_group_model_string)
+    end
+
+    def user_groups_hbtm_reference
+      user_group_model_string.underscore.pluralize.to_sym
+    end
+
+    def user_group_id_reference
+      user_group_model_string.underscore + "_id"
+    end
+
+    def user_class
+      eval(user_model_string)
+    end
+
+    def users_hbtm_reference
+      user_model_string.underscore.pluralize.to_sym
+    end
+
+    def user_id_reference
+      user_model_string.underscore + "_id"
+    end
+
+    def user_group_model_string
+      Lockdown.system.fetch(:user_group_model) || "UserGroup"
+    end
+    
+    def user_model_string
+      Lockdown.system.fetch(:user_model) || "User"
+    end
+    
+    def get_string(value)
+      if value.respond_to?(:name)
+        string_name(value.name)
+      else
+        string_name(value)
+      end
+    end
+
+    def get_symbol(value)
+      if value.respond_to?(:name)
+        symbol_name(value.name)
+      elsif value.is_a?(String)
+        symbol_name(value)
+      else
+        value
+      end
+    end
+
+    def camelize(str)
+      str.to_s.gsub(/\/(.?)/) { "::" + $1.upcase }.gsub(/(^|_)(.)/) { $2.upcase }
+    end
+
+    def random_string(len = 10)
+      chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+      Array.new(len){||chars[rand(chars.size)]}.join
+    end
+
+    def administrator_group_string
+      string_name(administrator_group_symbol)
+    end
+
+    def administrator_group_symbol
+      :administrators
+    end
+
+    private
+
+    def string_name(str_sym)
+      str_sym.is_a?(Symbol) ? convert_reference_name(str_sym) : str_sym
+    end
+
+    def symbol_name(str_sym)
+      str_sym.is_a?(String) ? convert_reference_name(str_sym) : str_sym
+    end
+
+    def titleize(str)
+      humanize(underscore(str)).gsub(/\b([a-z])/) { $1.capitalize }
+    end
+    
+    def humanize(str)
+      str.to_s.gsub(/_id$/, "").gsub(/_/, " ").capitalize
+    end
+
+    def underscore(str)
+      str.to_s.gsub(/::/, '/').
+        gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
+        gsub(/([a-z\d])([A-Z])/,'\1_\2').
+        tr("-", "_").downcase
+    end
+  end
+end

data/lib/lockdown/orms/active_record.rb

@@ -0,0 +1,68 @@
+module Lockdown
+  module Orms
+    module ActiveRecord
+      class << self
+        def use_me?
+          Object.const_defined?("ActiveRecord") && ::ActiveRecord.const_defined?("Base")
+        end
+
+        def included(mod)
+          mod.extend Lockdown::Orms::ActiveRecord::Helper
+          mixin
+        end
+
+        def mixin
+          Lockdown.orm_parent.class_eval do
+            include Lockdown::Orms::ActiveRecord::Stamps
+          end
+        end
+      end # class block
+
+      module Helper
+        def orm_parent
+          ::ActiveRecord::Base
+        end
+
+        def database_execute(query)
+          orm_parent.connection.execute(query)
+        end
+
+        def database_query(query)
+          orm_parent.connection.execute(query)
+        end
+
+        def database_table_exists?(klass)
+          klass.table_exists?
+        end
+      end
+
+      module Stamps
+        def self.included(base)
+          base.class_eval do
+            alias_method :create_without_stamps,  :create
+            alias_method :create,  :create_with_stamps
+            alias_method :update_without_stamps,  :update
+            alias_method :update,  :update_with_stamps
+          end
+        end
+
+        def current_who_did_it
+          Thread.current[:who_did_it]
+        end
+
+        def create_with_stamps
+          pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
+          self[:created_by] = pid if self.respond_to?(:created_by) 
+          self[:updated_by] = pid if self.respond_to?(:updated_by) 
+          create_without_stamps
+        end
+                  
+        def update_with_stamps
+          pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
+          self[:updated_by] = pid if self.respond_to?(:updated_by)
+          update_without_stamps
+        end
+      end
+    end
+  end
+end

data/lib/lockdown/permission.rb

@@ -0,0 +1,222 @@
+module Lockdown
+  class Controller
+    attr_accessor :name, :access_methods, :only_methods, :except_methods
+
+    def initialize(name)
+      @name = name
+      @except_methods = []
+    end
+
+    def set_access_methods
+      if @only_methods
+        @access_methods = paths_for(@name, *@only_methods)
+      else
+        @access_methods = paths_for(@name)
+      end
+
+      apply_exceptions if @except_methods.length > 0
+    end
+
+    private
+
+    def apply_exceptions
+      exceptions = paths_for(@name, *@except_methods)
+      @access_methods = @access_methods - exceptions
+    end
+
+    def paths_for(str_sym, *methods)
+      Lockdown::System.paths_for(str_sym, *methods)
+    end
+  end
+
+  class Model
+    attr_accessor :name, :controller_method, :model_method, :association, :param
+
+    def initialize(name, param = :id)
+      @name = name
+      @param = param
+    end
+
+    def class_name
+      self.name.to_s.camelize
+    end
+ 
+  end
+  
+  class Permission
+    attr_reader :name, :controllers, :models
+
+    # A Permission is a set of rules that are, through UserGroups, assigned
+    # to users to allow access to system resources.
+    #
+    # ==== Summary of controller oriented methods:
+    #
+    #   # defines which controller we're talking about
+    #   .with_controller(:controller_name)  #all_methods is the default
+    #
+    #   # only these methods on the controller
+    #   .only_methods(:meth1, :meth2)       
+    #
+    #   # all controller methods except these
+    #   .except_methods(:meth1, :meth2)
+    #
+    # ==== Summary of model oriented methods:
+    #
+    #   # defines which model we're talking about
+    #   .to_model(:model)         
+    #
+    #   # model_method is simply a public method on :model
+    #   .where(:model_method)           
+    #
+    #   # controller_method must equal model_method
+    #   .equals(:controller_method)         
+    #
+    #   # controller_method.include?(model_method)
+    #   .is_in(:controller_method)         
+    #   
+    #
+    # ==== Example:
+    #
+    #   # Define a permission called 'Manage Users' that allows users access
+    #   # all methods on the users_controller
+    #
+    #   set_permission(:manage_users).
+    #     with_controller(:users)
+    #
+    #   # Define a permission called "My Account" that only allows a user access
+    #   # to methods show and update and the current_user_id must match the id 
+    #   # of the user being modified
+    #
+    #   set_permission(:my_account).
+    #     with_controller(:users).
+    #     only_methods(:show, :update).
+    #     to_model(:user).
+    #       where(:current_user_id).
+    #       equals(:id)
+    #
+    def initialize(name_symbol)
+      @name             = name_symbol
+      @controllers      = {}
+      @models           = {}
+      @current_context  = Lockdown::RootContext.new(name_symbol)
+      @public_access    = false
+      @protected_access = false
+    end
+
+    def with_controller(name_symbol)
+      validate_context
+
+      controller = Controller.new(name_symbol)
+      @controllers[name_symbol] = controller
+      @current_context = Lockdown::ControllerContext.new(name_symbol)
+      self
+    end
+
+    alias_method :and_controller, :with_controller
+
+    def only_methods(*methods)
+      validate_context
+
+      current_controller.only_methods = methods
+      @current_context = Lockdown::RootContext.new(@name)
+      self
+    end
+
+    def except_methods(*methods)
+      validate_context
+
+      current_controller.except_methods = methods
+
+      @current_context = Lockdown::RootContext.new(@name)
+      self
+    end
+
+    def to_model(name_symbol, param = :id)
+      validate_context
+
+      @models[name_symbol] = Model.new(name_symbol, param)
+      @current_context = Lockdown::ModelContext.new(name_symbol)
+      self
+    end
+
+    def where(model_method)
+      validate_context
+
+      current_model.model_method = model_method
+      @current_context = Lockdown::ModelWhereContext.new(current_context.name)
+      self
+    end
+
+    def equals(controller_method)
+      validate_context
+
+      associate_controller_method(controller_method, :==)
+      @current_context = Lockdown::RootContext.new(@name)
+      self
+    end
+
+    def is_in(controller_method)
+      validate_context
+
+      associate_controller_method(controller_method, :include?)
+      @current_context = Lockdown::RootContext.new(@name)
+      self
+    end
+
+    alias_method :includes, :is_in
+
+    def public_access?
+      @public_access
+    end
+
+    def protected_access?
+      @protected_access
+    end
+
+    def set_as_public_access
+      if protected_access?
+        raise Lockdown::PermissionScopeCollision, "Permission: #{name} already marked as protected and trying to set as public."
+      end
+      @public_access = true
+    end
+
+    def set_as_protected_access
+      if public_access?
+        raise Lockdown::PermissionScopeCollision, "Permission: #{name} already marked as public and trying to set as protected."
+      end
+      @protected_access = true
+    end
+
+    def current_context
+      @current_context
+    end
+
+    def current_controller
+      @controllers[current_context.name]
+    end
+
+    def current_model
+      @models[current_context.name]
+    end
+
+    def ==(other)
+      name == other.name
+    end
+
+    private
+
+    def associate_controller_method(controller_method, association)
+      current_model.controller_method = controller_method
+      current_model.association = association
+      @current_context = Lockdown::RootContext.new(@name)
+    end
+
+    def validate_context
+      method_trace = caller.first;  
+      calling_method = caller.first[/#{__FILE__}:(\d+):in `(.*)'/,2]
+      unless current_context.allows?(calling_method)
+        raise Lockdown::InvalidRuleContext, "Method: #{calling_method} was called on wrong context #{current_context}. Allowed methods are: #{current_context.allowed_methods.join(',')}."
+      end
+    end
+  end
+end

data/lib/lockdown/references.rb

@@ -0,0 +1,19 @@
+module Lockdown
+  module References
+    def helper
+      Lockdown::Helper
+    end
+
+    def rules
+      Lockdown::Rules
+    end
+
+    def session
+      Lockdown::Session
+    end
+
+    def system
+      Lockdown::System
+    end
+  end
+end

data/lib/lockdown/rspec_helper.rb

@@ -0,0 +1,114 @@
+module Lockdown
+  module RspecHelper
+    def self.included(mod)
+      Lockdown.maybe_parse_init
+    end
+
+    def login_admin
+      login_user(:admin)
+    end
+
+    def login_with_groups(*user_group_symbols)
+      user_group_symbols = [user_group_symbols] unless Array === user_group_symbols
+      session[:user_groups] = user_group_symbols
+    end
+
+    alias login_with_group login_with_groups 
+
+    def login_with_permissions(*permissions_symbols)
+      access_rights = Lockdown::System.standard_authorized_user_rights
+      permissions_symbols.each do |ps|
+        access_rights << Lockdown::System.access_rights_for_permission(ps)
+      end
+      login_user
+      controller.session[:access_rights] = access_rights.flatten.uniq
+    end
+    
+    alias login_with_permission login_with_permissions    
+
+    def login_standard
+      login_user
+    end
+
+    def public_user
+      setup_public_user
+    end
+
+
+    private
+
+    def login_user(user_type = :standard)
+      initialize_user(user_type)
+
+      create_user_session
+
+      controller.stub!(:current_user).and_return(@current_user)
+    end
+
+    def setup_public_user
+      controller.session[:access_rights] = Lockdown::System.public_access
+    end
+
+    def all_actions(hash = {})
+      methods = controller.send :action_methods
+
+      if excepts = hash.delete(:except)
+        excepts = Array.new(excepts)
+        methods.reject!{|m| excepts.include?(m.to_sym)}
+      end
+
+      Lockdown::System.paths_for(controller.controller_name,methods.to_a).sort
+    end
+
+    def only_actions(*actions)
+      Lockdown::System.paths_for(controller.controller_name,actions).sort
+    end
+
+    def allowed_actions
+      if rights = controller.session[:access_rights]
+        if rights == :all
+          all_actions
+        else
+          name = controller.controller_name
+          rights.collect{|r| r if r =~ /^#{name}\// || r == name}.compact.sort
+        end
+      else
+        []
+      end
+    end
+
+    def initialize_user(user_type)
+      @current_user = mock_user
+
+      if user_type == :admin
+        set_user_group(Lockdown.administrator_group_symbol)
+      end
+    end
+
+    # You may want to override this method
+    def mock_user
+      mock_model  User,
+                  :user_groups => [],
+                  :first_name => 'John',
+                  :last_name  => 'Smith',
+                  :password   => "mysecret",
+                  :password_confirmation   => "mysecret"
+    end
+
+    def create_user_session
+      controller.send :add_lockdown_session_values, @current_user
+    end
+
+    # Lockdown.convert_reference_name converts :users to "Users" 
+    def set_user_group(sym)
+      user_group = mock_user_group
+      user_group.stub!(:name).and_return( Lockdown.convert_reference_name(sym) )
+      @current_user.stub!(Lockdown.user_groups_hbtm_reference).and_return([user_group])
+    end
+
+    # You may want to override this method
+    def mock_user_group
+      mock_model(UserGroup)
+    end
+  end
+end