patrick-lockdown 2.0.4.1

data/README.md

@@ -0,0 +1,42 @@
+## Description
+
+**Lockdown 2.0.x does not support a Rails application that is deployed to a subdirectory, although Lockdown 1.x did.
+It looks like Lockdown is no longer maintained by Andy Stone since it has been removed from github.
+Therefore we use updated Lockdown 2.0.4, renamed it and added it to github.**
+
+Lockdown is an authorization system for RubyOnRails. It is designed to handle a simple public vs private configuration to very fine grained access controls.
+
+If you are starting a site and just have public and protected (user required) areas, use Lockdown. Lockdown includes built in user groups of public and protected. From there you can easily add/extend permissions and create new user groups as your site needs grow.
+
+If you already have a complex permission scheme, use Lockdown to simplify the management of access rules.
+
+Follow me on Twitter (@stonean) to keep up to date.
+
+## DOCS:
+
+  [http://docs.stonean.com/page/lockdown](http://docs.stonean.com/page/lockdown)
+
+## LICENSE:
+
+(The MIT License)
+
+Copyright (c) 2010 Andrew Stone
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,54 @@
+require 'rubygems'
+require 'rake'
+
+require File.join(File.dirname(__FILE__), "lib", "lockdown")
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "patrick-lockdown"
+    gem.version = Lockdown.version
+    gem.summary = "Authorization system for Rails"
+    gem.description = "Restrict access to your controller actions. "
+    gem.email = "patrick.baselier@gmail.com"
+    gem.homepage = "https://github.com/ludo/patrick-lockdown"
+    gem.authors = ["Andrew Stone", "Patrick Baselier"]
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end
+
+begin
+  require 'yard'
+  YARD::Rake::YardocTask.new do |t|
+    t.files   = FileList['lib/**/*.rb']
+    t.options = ['-r'] # optional
+  end
+rescue LoadError
+  task :yard do
+    abort "YARD is not available. In order to run yard, you must: sudo gem install yard"
+  end
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install rcov"
+  end
+end
+
+task :default => 'test'

data/lib/lockdown.rb

@@ -0,0 +1,42 @@
+# encoding: utf-8
+
+$:.unshift File.dirname(__FILE__)
+
+require 'logger'
+
+require File.join("lockdown", "errors")
+require File.join("lockdown", "helper")
+require File.join("lockdown", "configuration")
+require File.join("lockdown", "session")
+require File.join("lockdown", "delivery")
+require File.join("lockdown", "resource")
+require File.join("lockdown", "permission")
+require File.join("lockdown", "user_group")
+require File.join("lockdown", "access")
+require File.join("lockdown", "database")
+
+
+module Lockdown
+  extend Lockdown::Helper
+
+  class << self
+    attr_accessor :logger
+
+    # @return the version string for the library.
+    def version
+      '2.0.4.1'
+    end
+
+    def rails_mixin
+      require File.join("lockdown", "frameworks", "rails")
+      include Lockdown::Frameworks::Rails
+
+      require File.join("lockdown", "orms", "active_record")
+      include Lockdown::Orms::ActiveRecord
+    end
+
+  end # class block
+
+  self.logger = Logger.new(STDOUT)
+
+end # Lockdown

data/lib/lockdown/access.rb

@@ -0,0 +1,108 @@
+# encoding: utf-8
+
+module Lockdown
+  module Access
+    # Define permision that defines how your application is accessed. 
+    #     # All methods on the site resource will be open to users who have
+    #     # this permission.
+    #     permission :public_pages do
+    #       resource :site
+    #     end
+    #
+    #     # Can use multiple resource statements
+    #     permission :public_pages do
+    #       resource :site
+    #       resource :posts
+    #     end
+    #
+    #     # Only methods show, edit and update on the users resource will 
+    #     # be open to users who have this permission.
+    #     permission :my_account_pages do
+    #       resource :users  do
+    #         only :show, :edit, :update
+    #       end
+    #     end
+    #
+    #     # All methods except destroy on the users resource will be 
+    #     # open to users who have this permission.
+    #     permission :manage_users do
+    #       resource :users  do
+    #         except :destroy
+    #       end
+    #     end
+    #
+    # @param [String,Symbol] name permission reference. 
+    # @yield [Lockdown::Permission.new(name)] new permission object
+    def permission(name, &block)
+      permission =  Lockdown::Permission.new(name)   
+      if block_given?
+        permission.instance_eval(&block) 
+      else
+        permission.resource(permission.name)
+      end
+
+      unless Lockdown::Configuration.has_permission?(permission)
+        Lockdown::Configuration.permissions << permission 
+      end
+
+      permission
+    end
+
+    # Define which permissions are accessible to everyone
+    #   public_access :site, :user_registration
+    #
+    # @param *[String,Symbol] permissions that are accessible to everyone
+    def public_access(*permissions)
+      permissions.each do |name|
+        Lockdown::Configuration.make_permission_public(name)
+      end
+
+      Lockdown::Configuration.public_access = regexes(permissions)
+    end
+
+    # Define which permissions are accessible to everyone
+    #   protected_access :my_account, :site_administration
+    #
+    # @param *[String,Symbol] permissions that are accessbile to authenticated users
+    def protected_access(*permissions)
+      permissions.each do |name|  
+        Lockdown::Configuration.make_permission_protected(name)
+      end
+
+      Lockdown::Configuration.protected_access = regexes(permissions)
+    end
+
+    # Create user group by giving it a name and a list of permission names.
+    # @param [String, Array] user group name, permission names
+    def user_group(name, *permissions)
+      return if permissions.empty?
+      name = name.to_s
+      ug = Lockdown::Configuration.find_or_create_user_group(name)
+
+      permissions.each do |name|
+        if (perm = Lockdown::Configuration.permission(name))
+          ug.permissions << perm unless ug.permissions.include?(perm)
+        end
+      end
+
+      Lockdown::Configuration.maybe_add_user_group(ug)
+    end
+
+    # Method called by Lockdown::Delivery to trigger parsing of class methods
+    def configure
+      unless Lockdown::Configuration.configured
+        Lockdown::Database.sync_with_db unless Lockdown::Configuration.skip_sync?
+        Lockdown::Configuration.configured = true
+      end
+    end
+
+    private
+
+    def regexes(permissions)
+      permissions.collect!{|p| p.to_s}
+      perms = Lockdown::Configuration.permissions.select{|p| permissions.include?(p.name)}
+      perms.collect{|p| p.regex_pattern}.join("|")
+    end
+
+  end # Access
+end # Lockdown

data/lib/lockdown/configuration.rb

@@ -0,0 +1,209 @@
+# encoding: utf-8
+
+module Lockdown
+  module Configuration
+    class << self
+      # Flag to determine if configuration method has been executed
+      # Default false
+      attr_accessor :configured
+      # Regex string of paths that are publicly accessible.
+      # Default "\/"
+      attr_accessor :public_access
+      # Array of paths that are restricted to an authenticated user.
+      # Default ""
+      attr_accessor :protected_access
+      # Array of permission objects that defines the access to the application.
+      # Default []
+      attr_accessor :permissions
+      # Array of user group objects
+      # Default []
+      attr_accessor :user_groups
+      # Method used to get the id of the user responsible for
+      # the current action.
+      # Default :current_user_id
+      attr_accessor :who_did_it
+      # User id to associate to system actions
+      # Default 1
+      attr_accessor :default_who_did_it
+      # Path to redirect to if access is denied.
+      # Default: '/'
+      attr_accessor :access_denied_path
+      # Redirect to path on successful login
+      # Default "/"
+      attr_accessor :successful_login_path
+      # Logout user if attempt to access restricted resource
+      # Default false
+      attr_accessor :logout_on_access_violation
+      # When using the links helper, this character will be
+      # used to separate the links.
+      # Default "|"
+      attr_accessor :link_separator
+      # The model used to represent the grouping of permisssion. Common
+      # choices are 'Role' and 'UserGroup'.
+      # Default "UserGroup"
+      attr_accessor :user_group_model
+      # The model used to represent the user. Common choices
+      # are 'User' and 'Person'.
+      # Default "User"
+      attr_accessor :user_model
+      # Which environments Lockdown should not sync with db
+      # Default ['test']
+      attr_accessor :skip_db_sync_in
+      # If deploying to a subdirectory, set that here. Defaults to nil
+      # Notice: Do not add leading or trailing slashes, Lockdown will handle this
+      attr_accessor :subdirectory
+      #
+      # Set defaults.
+      def reset
+        @configured                   = false
+        @public_access                = ""
+        @protected_access             = ""
+        @permissions                  = []
+        @user_groups                  = []
+
+        @who_did_it                   = :current_user_id
+        @default_who_did_it           = 1
+
+        @access_denied_path           = "/"
+        @successful_login_path        = "/"
+        @logout_on_access_violation   = false
+
+        @link_separator               = "|"
+
+        @user_group_model             = "UserGroup"
+        @user_model                   = "User"
+
+        @skip_db_sync_in              = ['test']
+      end
+
+      # @return [String] concatentation of public_access + "|" + protected_access
+      def authenticated_access
+        public_access + "|" + protected_access
+      end
+
+      # @param [String,Symbol] name permission name
+      # @return Lockdown::Permission object
+      def permission(name)
+        name = name.to_s
+        perm = permissions.detect{|perm| name == perm.name}
+        raise Lockdown::PermissionNotFound.new("Permission: #{name} not found") unless perm
+        perm
+      end
+
+      # Defines the permission as public
+      # @param [String,Symbol] name permission name
+      def make_permission_public(name)
+        permission(name).is_public
+      end
+
+      # Defines the permission as protected
+      # @param [String,Symbol] name permission name
+      def make_permission_protected(name)
+        permission(name).is_protected
+      end
+
+      # @return Array of permission names
+      def permission_names
+        permissions.collect{|p| p.name}
+      end
+
+      # @param [Lockdown::Permission] permission Lockdown::Permission object
+      # @return [true|false] true if object exists with same name
+      def has_permission?(permission)
+        permissions.any?{|p| permission.name == p.name}
+      end
+
+      # @param [String|Symbol] name permission name
+      # @return [true|false] true if permission is either public or protected
+      def permission_assigned_automatically?(name)
+        name = name.to_s
+
+        perm = permission(name)
+
+        perm.public? || perm.protected?
+      end
+
+      # @param [String,Symbol] name user group name
+      # @return [Lockdown::UserGroup] object
+      def user_group(name)
+        name = name.to_s
+        user_groups.detect{|ug| name == ug.name}
+      end
+
+      def maybe_add_user_group(group)
+        @user_groups << group unless user_group_names.include?(group.name)
+      end
+
+      # @return [Lockdown::UserGroup]
+      def find_or_create_user_group(name)
+        name = name.to_s
+        user_group(name) || Lockdown::UserGroup.new(name)
+      end
+
+      # @return [Array] names
+      def user_group_names
+        user_groups.collect{|ug| ug.name}
+      end
+
+      # @param [String] name user group name
+      # @return [Array] permissions names
+      def user_group_permissions_names(name)
+        user_group(name).permissions.collect{|p| p.name}
+      end
+
+      # @return [True|False] true if user has 'Administrators' group
+      def administrator?(user)
+        user_has_user_group?(user, Lockdown.administrator_group_name)
+      end
+
+      # @param [User] user User object you want to make an administrator
+      def make_user_administrator(user)
+        user_groups = user.send(Lockdown.user_groups_hbtm_reference)
+        user_groups << Lockdown.user_group_class.
+          find_or_create_by_name(Lockdown.administrator_group_name)
+      end
+
+
+      # @param [User, String] user,name  user model, name of user group
+      # @return [True|False] true if user has user group with name
+      def user_has_user_group?(user, name)
+        user_groups = user.send(Lockdown.user_groups_hbtm_reference)
+        user_groups.any?{|ug| name == ug.name}
+      end
+
+      # @return [Regex]
+      def access_rights_for_user(user)
+        return unless user
+        return Lockdown::Resource.regex if administrator?(user)
+
+        user_groups = user.send(Lockdown.user_groups_hbtm_reference)
+
+        permission_names = []
+
+        user_groups.each do |ug|
+          ug.permissions.each do |p|
+            permission_names << p.name
+          end
+        end
+
+        if permission_names.empty?
+          authenticated_access
+        else
+          authenticated_access + "|" + access_rights_for_permissions(*permission_names)
+        end
+      end
+
+      # @param [Array(String)] names permission names
+      # @return [String] combination of regex_patterns from permissions
+      def access_rights_for_permissions(*names)
+        names.collect{|name| "(#{permission(name).regex_pattern})"}.join('|')
+      end
+
+      def skip_sync?
+        true
+      end
+    end # class block
+
+    self.reset
+  end # Configuration
+end # Lockdown