qcore 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +11 -0
- data/README +9 -0
- data/Rakefile +39 -0
- data/VERSION +1 -0
- data/app/controllers/admin/users_controller.rb +47 -0
- data/app/controllers/password_resets_controller.rb +48 -0
- data/app/controllers/user_sessions_controller.rb +25 -0
- data/app/controllers/users_controller.rb +37 -0
- data/app/models/notifier.rb +19 -0
- data/app/models/settings.rb +4 -0
- data/app/models/user.rb +48 -0
- data/app/models/user_session.rb +2 -0
- data/app/views/admin/users/_form.erb +17 -0
- data/app/views/admin/users/edit.html.erb +9 -0
- data/app/views/admin/users/index.html.erb +32 -0
- data/app/views/admin/users/new.html.erb +9 -0
- data/app/views/admin/users/show.html.erb +12 -0
- data/app/views/notifier/password_reset_instructions.erb +5 -0
- data/app/views/notifier/registration_email.erb +7 -0
- data/app/views/password_resets/edit.html.erb +12 -0
- data/app/views/password_resets/new.html.erb +11 -0
- data/app/views/user_sessions/new.html.erb +14 -0
- data/app/views/users/_form.erb +13 -0
- data/app/views/users/edit.html.erb +9 -0
- data/app/views/users/new.html.erb +7 -0
- data/app/views/users/show.html.erb +6 -0
- data/db/migrate/20090713104345_create_users.rb +33 -0
- data/init.rb +1 -0
- data/install.rb +1 -0
- data/lib/qcore.rb +14 -0
- data/lib/qcore/authentication.rb +63 -0
- data/lib/qcore/authorization.rb +90 -0
- data/qcore.gemspec +77 -0
- data/rails/init.rb +3 -0
- data/tasks/core_tasks.rake +68 -0
- data/test/core_test.rb +8 -0
- data/test/test_helper.rb +3 -0
- data/uninstall.rb +1 -0
- metadata +93 -0
data/.gitignore
ADDED
data/README
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'rake/rdoctask'
|
4
|
+
|
5
|
+
desc 'Default: run unit tests.'
|
6
|
+
task :default => :test
|
7
|
+
|
8
|
+
desc 'Test the core plugin.'
|
9
|
+
Rake::TestTask.new(:test) do |t|
|
10
|
+
t.libs << 'lib'
|
11
|
+
t.libs << 'test'
|
12
|
+
t.pattern = 'test/**/*_test.rb'
|
13
|
+
t.verbose = true
|
14
|
+
end
|
15
|
+
|
16
|
+
desc 'Generate documentation for the core plugin.'
|
17
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
18
|
+
rdoc.rdoc_dir = 'rdoc'
|
19
|
+
rdoc.title = 'Core'
|
20
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
21
|
+
rdoc.rdoc_files.include('README')
|
22
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
23
|
+
end
|
24
|
+
|
25
|
+
begin
|
26
|
+
require 'jeweler'
|
27
|
+
Jeweler::Tasks.new do |gemspec|
|
28
|
+
gemspec.name = "qcore"
|
29
|
+
gemspec.summary = "Qwerty Core"
|
30
|
+
gemspec.description = "Qwerty Core"
|
31
|
+
gemspec.email = "kris.leech@interkonect.com"
|
32
|
+
gemspec.homepage = "http://interkonect.com"
|
33
|
+
gemspec.authors = ["Kris Leech"]
|
34
|
+
end
|
35
|
+
Jeweler::GemcutterTasks.new
|
36
|
+
rescue LoadError
|
37
|
+
puts "Jeweler not available. Install it with: gem install jeweler"
|
38
|
+
end
|
39
|
+
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
1.2.0
|
@@ -0,0 +1,47 @@
|
|
1
|
+
class Admin::UsersController < Admin::AdminController
|
2
|
+
def index
|
3
|
+
@users = User.all
|
4
|
+
end
|
5
|
+
|
6
|
+
def show
|
7
|
+
@user = User.find(params[:id])
|
8
|
+
end
|
9
|
+
|
10
|
+
def new
|
11
|
+
@user = User.new
|
12
|
+
end
|
13
|
+
|
14
|
+
def create
|
15
|
+
@user = User.create(params[:user])
|
16
|
+
if @user
|
17
|
+
flash[:notice] = 'User created'
|
18
|
+
redirect_to admin_users_path
|
19
|
+
else
|
20
|
+
render :action => 'new'
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def edit
|
25
|
+
@user = User.find(params[:id])
|
26
|
+
end
|
27
|
+
|
28
|
+
def update
|
29
|
+
|
30
|
+
@user = User.find(params[:id])
|
31
|
+
|
32
|
+
|
33
|
+
if @user.update_attributes(params[:user])
|
34
|
+
flash[:notice] = 'User updated'
|
35
|
+
redirect_to admin_users_path
|
36
|
+
else
|
37
|
+
render :action => 'edit'
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
|
42
|
+
def destroy
|
43
|
+
User.find(params[:id]).destroy
|
44
|
+
flash[:notice] = 'User deleted'
|
45
|
+
redirect_to admin_users_path
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
class PasswordResetsController < ApplicationController
|
2
|
+
before_filter :load_user_using_perishable_token, :only => [:edit, :update]
|
3
|
+
skip_before_filter :require_user
|
4
|
+
|
5
|
+
|
6
|
+
def new
|
7
|
+
end
|
8
|
+
|
9
|
+
def edit
|
10
|
+
end
|
11
|
+
|
12
|
+
def update
|
13
|
+
@user.password = params[:user][:password]
|
14
|
+
@user.password_confirmation = params[:user][:password_confirmation]
|
15
|
+
|
16
|
+
if @user.save
|
17
|
+
flash[:notice] = "Password successfully updated"
|
18
|
+
redirect_to account_url
|
19
|
+
else
|
20
|
+
render :action => :edit
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def create
|
25
|
+
@user = User.find_by_email(params[:email])
|
26
|
+
if @user
|
27
|
+
@user.deliver_password_reset_instructions!
|
28
|
+
flash[:notice] = "Instructions to reset your password have been emailed to you. Please check your email."
|
29
|
+
redirect_to root_url
|
30
|
+
else
|
31
|
+
flash[:notice] = "No user was found with that email address"
|
32
|
+
render :action => :new
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
37
|
+
def load_user_using_perishable_token
|
38
|
+
@user = User.find_using_perishable_token(params[:id])
|
39
|
+
unless @user
|
40
|
+
flash[:notice] = "We're sorry, but we could not locate your account." +
|
41
|
+
"If you are having issues try copying and pasting the URL " +
|
42
|
+
"from your email into your browser or restarting the " +
|
43
|
+
"reset password process."
|
44
|
+
redirect_to root_url
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
class UserSessionsController < ApplicationController
|
2
|
+
before_filter :require_user, :only => :destroy
|
3
|
+
# skip_before_filter :authorisation
|
4
|
+
# before_filter :require_no_user, :only => [:new, :create]
|
5
|
+
|
6
|
+
def new
|
7
|
+
@user_session = UserSession.new
|
8
|
+
end
|
9
|
+
|
10
|
+
def create
|
11
|
+
@user_session = UserSession.new(params[:user_session])
|
12
|
+
if @user_session.save
|
13
|
+
flash[:notice] = "Login successful!"
|
14
|
+
redirect_back_or_default root_url
|
15
|
+
else
|
16
|
+
render :action => :new
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def destroy
|
21
|
+
current_user_session.destroy
|
22
|
+
flash[:notice] = "Logout successful!"
|
23
|
+
redirect_back_or_default root_url
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
class UsersController < ApplicationController
|
2
|
+
skip_before_filter :authorisation, :only => [:new, :create]
|
3
|
+
|
4
|
+
# TODO: Add user email activation if turned on in settings
|
5
|
+
|
6
|
+
def new
|
7
|
+
@user = User.new
|
8
|
+
end
|
9
|
+
|
10
|
+
def create
|
11
|
+
@user = User.new(params[:user])
|
12
|
+
if @user.save
|
13
|
+
flash[:notice] = "Account registered!"
|
14
|
+
redirect_to root_path
|
15
|
+
else
|
16
|
+
render :action => :new
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def show
|
21
|
+
@user = @current_user
|
22
|
+
end
|
23
|
+
|
24
|
+
def edit
|
25
|
+
@user = @current_user
|
26
|
+
end
|
27
|
+
|
28
|
+
def update
|
29
|
+
@user = @current_user # makes our views "cleaner" and more consistent
|
30
|
+
if @user.update_attributes(params[:user])
|
31
|
+
flash[:notice] = "Account updated!"
|
32
|
+
redirect_to account_url
|
33
|
+
else
|
34
|
+
render :action => :edit
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
class Notifier < ActionMailer::Base
|
2
|
+
default_url_options[:host] = Settings.domain
|
3
|
+
|
4
|
+
def registration_email(user)
|
5
|
+
subject "Activate your new #{Settings.site.name} account"
|
6
|
+
from Settings.mailer.from
|
7
|
+
recipients user.email
|
8
|
+
sent_on Time.now
|
9
|
+
body :user => user
|
10
|
+
end
|
11
|
+
|
12
|
+
def password_reset_instructions(user)
|
13
|
+
subject "Password Reset Instructions for #{Settings.site.name}"
|
14
|
+
from Settings.mailer.from
|
15
|
+
recipients user.email
|
16
|
+
sent_on Time.now
|
17
|
+
body :edit_password_reset_url => edit_password_reset_url(user.perishable_token)
|
18
|
+
end
|
19
|
+
end
|
data/app/models/user.rb
ADDED
@@ -0,0 +1,48 @@
|
|
1
|
+
class User < ActiveRecord::Base
|
2
|
+
acts_as_authentic
|
3
|
+
|
4
|
+
self.skip_time_zone_conversion_for_attributes = [] # FIX BUG: https://rails.lighthouseapp.com/projects/8994/tickets/1339-arbase-should-not-be-nuking-its-children-just-because-it-lost-interest
|
5
|
+
|
6
|
+
validates_presence_of :first_name, :last_name
|
7
|
+
|
8
|
+
after_save :empty_password
|
9
|
+
|
10
|
+
# return an anonymous user
|
11
|
+
def self.anonymous
|
12
|
+
User.find_by_email('anonymous@example.com')
|
13
|
+
rescue
|
14
|
+
raise 'No anonymous user found'
|
15
|
+
end
|
16
|
+
|
17
|
+
def name
|
18
|
+
"#{first_name} #{last_name}"
|
19
|
+
end
|
20
|
+
|
21
|
+
def roles=(input)
|
22
|
+
write_attribute(:roles, input) if input.is_a? String
|
23
|
+
write_attribute(:roles, input.join(' ')) if input.is_a? Array
|
24
|
+
end
|
25
|
+
|
26
|
+
def roles
|
27
|
+
(read_attribute(:roles) || []).split(' ')
|
28
|
+
end
|
29
|
+
|
30
|
+
def has_role?(target_roles)
|
31
|
+
target_roles = [target_roles] if target_roles.is_a? String
|
32
|
+
roles.any? { |role| target_roles.include? role }
|
33
|
+
end
|
34
|
+
|
35
|
+
# email notifications
|
36
|
+
def deliver_password_reset_instructions!
|
37
|
+
reset_perishable_token!
|
38
|
+
Notifier.deliver_password_reset_instructions(self)
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
43
|
+
# after_save
|
44
|
+
def empty_password
|
45
|
+
@password = nil
|
46
|
+
@password_confirmation = nil
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
<%= f.label :first_name %><br />
|
2
|
+
<%= f.text_field :first_name %><br />
|
3
|
+
<%= f.label :last_name %><br />
|
4
|
+
<%= f.text_field :last_name %><br />
|
5
|
+
|
6
|
+
<%= f.label :email %><br />
|
7
|
+
<%= f.text_field :email %><br />
|
8
|
+
<br />
|
9
|
+
<%= f.label :password, f.object.new_record? ? nil : "Change password" %><br />
|
10
|
+
<%= f.password_field :password %><br />
|
11
|
+
<br />
|
12
|
+
<%= f.label :password_confirmation %><br />
|
13
|
+
<%= f.password_field :password_confirmation %><br />
|
14
|
+
|
15
|
+
<% %w(admin basic).each do | role | %>
|
16
|
+
<input name="user[roles][]" type="checkbox" value="<%= role %>" <%= "checked='checked'" if @user.has_role? role %> /> <%= role.capitalize %><br>
|
17
|
+
<% end %>
|
@@ -0,0 +1,32 @@
|
|
1
|
+
<h1>Users</h1>
|
2
|
+
|
3
|
+
<p>Users logged in: <%= User.logged_in.count %></p>
|
4
|
+
|
5
|
+
|
6
|
+
|
7
|
+
<table>
|
8
|
+
<tr>
|
9
|
+
<th>Name</th>
|
10
|
+
<th>Email</th>
|
11
|
+
|
12
|
+
<th>Last request</th>
|
13
|
+
<th>Roles</th>
|
14
|
+
</tr>
|
15
|
+
|
16
|
+
<% @users.each do |user| %>
|
17
|
+
<tr>
|
18
|
+
<td><%= user.name %></td>
|
19
|
+
<td><%= user.email %></td>
|
20
|
+
|
21
|
+
<td><%= user.last_request_at %></td>
|
22
|
+
<td><%= user.roles.join(', ') %></td>
|
23
|
+
<td><%= link_to 'Show', admin_user_path(user), :class => 'button' %></td>
|
24
|
+
<td><%= link_to 'Edit', edit_admin_user_path(user), :class => 'button' %></td>
|
25
|
+
<td><%= link_to 'Delete', admin_user_path(user), :confirm => 'Are you sure?', :method => :delete, :class => 'button' %></td>
|
26
|
+
</tr>
|
27
|
+
<% end %>
|
28
|
+
</table>
|
29
|
+
|
30
|
+
<br />
|
31
|
+
|
32
|
+
<p><%= link_to 'New user', new_admin_user_path, :class => 'button' %></p>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<h2><%= @user.name %></h2>
|
2
|
+
<p><%= link_to 'Edit', edit_admin_user_path(@user), :class => 'button' %></p>
|
3
|
+
<p><label>Email:</label> <%= @user.email %></label></p>
|
4
|
+
|
5
|
+
|
6
|
+
<p>
|
7
|
+
<b>Last request at:</b>
|
8
|
+
<%=h @user.last_request_at %>
|
9
|
+
</p>
|
10
|
+
|
11
|
+
<%= @user.roles %>
|
12
|
+
|
@@ -0,0 +1,5 @@
|
|
1
|
+
A request to reset your password has been made. If you did not make this request, simply ignore this email. If you did make this request just click the link below:
|
2
|
+
|
3
|
+
<%= @edit_password_reset_url %>
|
4
|
+
|
5
|
+
If the above URL does not work try copying and pasting it into your browser. If you continue to have problem please feel free to contact us.
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<h1>Change My Password</h1>
|
2
|
+
|
3
|
+
<% form_for @user, :url => password_reset_path, :method => :put do |f| %>
|
4
|
+
<%= f.error_messages %>
|
5
|
+
<%= f.label :password %><br />
|
6
|
+
<%= f.password_field :password %><br />
|
7
|
+
<br />
|
8
|
+
<%= f.label :password_confirmation %><br />
|
9
|
+
<%= f.password_field :password_confirmation %><br />
|
10
|
+
<br />
|
11
|
+
<%= f.submit "Update my password and log me in" %>
|
12
|
+
<% end %>
|
@@ -0,0 +1,11 @@
|
|
1
|
+
<h1>Forgot Password</h1>
|
2
|
+
|
3
|
+
Fill out the form below and instructions to reset your password will be emailed to you:<br />
|
4
|
+
<br />
|
5
|
+
|
6
|
+
<% form_tag password_resets_path do %>
|
7
|
+
<label>Email:</label><br />
|
8
|
+
<%= text_field_tag "email" %><br />
|
9
|
+
<br />
|
10
|
+
<%= submit_tag "Reset my password" %>
|
11
|
+
<% end %>
|
@@ -0,0 +1,14 @@
|
|
1
|
+
<h1>Login</h1>
|
2
|
+
|
3
|
+
<% form_for @user_session, :url => user_session_path do |f| %>
|
4
|
+
<%= f.error_messages %>
|
5
|
+
<%= f.label :email %><br />
|
6
|
+
<%= f.text_field :email %><br />
|
7
|
+
<br />
|
8
|
+
<%= f.label :password %><br />
|
9
|
+
<%= f.password_field :password %><br />
|
10
|
+
<br />
|
11
|
+
<%= f.check_box :remember_me %><%= f.label :remember_me %><br />
|
12
|
+
<br />
|
13
|
+
<%= f.submit "Login" %>
|
14
|
+
<% end %>
|
@@ -0,0 +1,13 @@
|
|
1
|
+
<%= form.label :first_name %><br />
|
2
|
+
<%= form.text_field :first_name %><br />
|
3
|
+
<%= form.label :last_name %><br />
|
4
|
+
<%= form.text_field :last_name %><br />
|
5
|
+
|
6
|
+
<%= form.label :email %><br />
|
7
|
+
<%= form.text_field :email %><br />
|
8
|
+
<br />
|
9
|
+
<%= form.label :password, form.object.new_record? ? nil : "Change password" %><br />
|
10
|
+
<%= form.password_field :password %><br />
|
11
|
+
<br />
|
12
|
+
<%= form.label :password_confirmation %><br />
|
13
|
+
<%= form.password_field :password_confirmation %><br />
|
@@ -0,0 +1,6 @@
|
|
1
|
+
<p><label>Account:</label> <%= link_to @user.account.name, account_path %></p>
|
2
|
+
<p><label>Name:</label> <%= @user.name %></p>
|
3
|
+
<p><label>email:</label> <%=h @user.email %></p>
|
4
|
+
<p><label>IP address:</label> <%=h @user.current_login_ip %></p>
|
5
|
+
|
6
|
+
<p><%= link_to 'Change password', edit_user_path, :class => 'button' %></p>
|
@@ -0,0 +1,33 @@
|
|
1
|
+
class CreateUsers < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :users do |t|
|
4
|
+
t.string :email
|
5
|
+
|
6
|
+
t.string :first_name
|
7
|
+
t.string :last_name
|
8
|
+
|
9
|
+
t.string :roles
|
10
|
+
|
11
|
+
t.string :crypted_password
|
12
|
+
t.string :password_salt
|
13
|
+
t.string :persistence_token
|
14
|
+
t.string :single_access_token, :null => false # optional, see Authlogic::Session::Params
|
15
|
+
t.string :perishable_token, :null => false # optional, see Authlogic::Session::Perishability
|
16
|
+
|
17
|
+
# optional, see Authlogic::Session::MagicColumns
|
18
|
+
t.integer :login_count, :null => false, :default => 0
|
19
|
+
t.integer :failed_login_count, :null => false, :default => 0
|
20
|
+
t.datetime :last_request_at
|
21
|
+
t.datetime :current_login_at
|
22
|
+
t.datetime :last_login_at
|
23
|
+
t.string :current_login_ip
|
24
|
+
t.string :last_login_ip
|
25
|
+
|
26
|
+
t.timestamps
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.down
|
31
|
+
drop_table :users
|
32
|
+
end
|
33
|
+
end
|
data/init.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require File.dirname(__FILE__) + "/rails/init"
|
data/install.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
# Install hook code here
|
data/lib/qcore.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), 'qcore', 'authentication')
|
2
|
+
require File.join(File.dirname(__FILE__), 'qcore', 'authorization')
|
3
|
+
|
4
|
+
module Qcore
|
5
|
+
VERSION = File.read(File.join(File.dirname(__FILE__), '..', 'VERSION'))
|
6
|
+
end
|
7
|
+
|
8
|
+
#ActionController::Base.extend Qcore::Authorization
|
9
|
+
#ActionController::Base.extend Qcore::Authentication
|
10
|
+
|
11
|
+
#class ActionController::Base
|
12
|
+
# extend Qcore::Authorization
|
13
|
+
# extend Qcore::Authentication
|
14
|
+
#end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
module Qcore
|
2
|
+
module Authentication
|
3
|
+
|
4
|
+
def qcore_authentication
|
5
|
+
send :include, InstanceMethods
|
6
|
+
send :extend, ClassMethods
|
7
|
+
|
8
|
+
protect_from_forgery # See ActionController::RequestForgeryProtection for details
|
9
|
+
|
10
|
+
helper_method :current_user_session, :current_user
|
11
|
+
filter_parameter_logging :password, :password_confirmation
|
12
|
+
|
13
|
+
end
|
14
|
+
|
15
|
+
module ClassMethods
|
16
|
+
end
|
17
|
+
|
18
|
+
module InstanceMethods
|
19
|
+
private
|
20
|
+
|
21
|
+
def record_not_found
|
22
|
+
render :template => 'pages/404', :status => 404
|
23
|
+
end
|
24
|
+
|
25
|
+
def current_user_session
|
26
|
+
return @current_user_session if defined?(@current_user_session)
|
27
|
+
@current_user_session = UserSession.find
|
28
|
+
end
|
29
|
+
|
30
|
+
def current_user
|
31
|
+
return @current_user if defined?(@current_user)
|
32
|
+
@current_user = current_user_session && current_user_session.record
|
33
|
+
end
|
34
|
+
|
35
|
+
def require_user
|
36
|
+
unless current_user
|
37
|
+
store_location
|
38
|
+
flash[:notice] = "You must be logged in to access this page"
|
39
|
+
redirect_to new_user_session_url
|
40
|
+
return false
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def require_no_user
|
45
|
+
if current_user
|
46
|
+
store_location
|
47
|
+
flash[:notice] = "You must be logged out to access this page"
|
48
|
+
redirect_to root_url
|
49
|
+
return false
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def store_location
|
54
|
+
session[:return_to] = request.request_uri
|
55
|
+
end
|
56
|
+
|
57
|
+
def redirect_back_or_default(default)
|
58
|
+
redirect_to(session[:return_to] || default)
|
59
|
+
session[:return_to] = nil
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
@@ -0,0 +1,90 @@
|
|
1
|
+
module Qcore
|
2
|
+
module Authorization
|
3
|
+
|
4
|
+
|
5
|
+
def qcore_autherization
|
6
|
+
send :include, InstanceMethods
|
7
|
+
send :extend, ClassMethods
|
8
|
+
|
9
|
+
before_filter :authorisation
|
10
|
+
end
|
11
|
+
|
12
|
+
module ClassMethods
|
13
|
+
|
14
|
+
end
|
15
|
+
|
16
|
+
module InstanceMethods
|
17
|
+
# Autherisation for controller
|
18
|
+
# Maps user roles to controller/actions
|
19
|
+
def authorisation
|
20
|
+
crud_map = { 'index' => 'read', 'show' => 'read', 'new' => 'create', 'create' => 'create', 'edit' => 'update', 'update' => 'update', 'destroy' => 'delete'}
|
21
|
+
|
22
|
+
allowed = false
|
23
|
+
|
24
|
+
# load auth file for current environment
|
25
|
+
auth_file = File.join(RAILS_ROOT, 'config', 'authorisation.yml')
|
26
|
+
raise "authorisation.yml missing" unless File.exists? auth_file
|
27
|
+
auth = YAML::load(File.open(auth_file))[RAILS_ENV]
|
28
|
+
|
29
|
+
# TODO: replace with this (upgrade to latest settingslogic as to_hash does not return a Hash)
|
30
|
+
#auth = Settings.security.authorization.to_hash
|
31
|
+
|
32
|
+
|
33
|
+
controller_name = self.class.to_s.gsub('Controller', '').downcase # 'ReportsController' becomes 'reports'
|
34
|
+
|
35
|
+
|
36
|
+
|
37
|
+
# get hash for controller (navigate down namespacing)
|
38
|
+
controller_name.split('::').each do | c |
|
39
|
+
|
40
|
+
auth = auth[c]
|
41
|
+
|
42
|
+
break if auth.is_a? String # leaf
|
43
|
+
end
|
44
|
+
|
45
|
+
# hash of actions and roles
|
46
|
+
if auth.is_a? Hash
|
47
|
+
action_name = crud_map[self.action_name] || self.action_name
|
48
|
+
auth = auth[action_name] || auth['all']
|
49
|
+
unless auth.nil?
|
50
|
+
auth = auth.split(' ')
|
51
|
+
else
|
52
|
+
render :text => "Action (#{action_name}) not found" and return if RAILS_ENV == 'development'
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
auth = auth.split(' ') if auth.is_a? String # turn single role in to an array
|
57
|
+
|
58
|
+
# auth is now an array of roles
|
59
|
+
if auth.is_a? Array
|
60
|
+
allowed = true if auth.include? 'public'
|
61
|
+
if current_user
|
62
|
+
allowed = true if current_user.roles.any? { |r| auth.include? r }
|
63
|
+
allowed = true if current_user.roles.include? 'super'
|
64
|
+
logger.debug 'No roles' if current_user.roles.empty?
|
65
|
+
else
|
66
|
+
logger.debug 'Not logged in'
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
logger.debug "**********"
|
71
|
+
logger.debug "controller: #{self.controller_name} action: #{self.action_name}"
|
72
|
+
logger.debug "controller: #{controller_name}"
|
73
|
+
logger.debug "action roles: #{auth.inspect} "
|
74
|
+
logger.debug "user roles: #{current_user.roles.inspect}" if current_user
|
75
|
+
logger.debug "allowed: #{allowed}"
|
76
|
+
logger.debug "**********"
|
77
|
+
|
78
|
+
unless allowed
|
79
|
+
if current_user
|
80
|
+
render :text => 'Not allowed' and return
|
81
|
+
else
|
82
|
+
store_location
|
83
|
+
flash[:notice] = 'Please login to continue'
|
84
|
+
redirect_to login_path and return
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
data/qcore.gemspec
ADDED
@@ -0,0 +1,77 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{qcore}
|
8
|
+
s.version = "1.2.0"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Kris Leech"]
|
12
|
+
s.date = %q{2010-08-26}
|
13
|
+
s.description = %q{Qwerty Core}
|
14
|
+
s.email = %q{kris.leech@interkonect.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"README"
|
17
|
+
]
|
18
|
+
s.files = [
|
19
|
+
".gitignore",
|
20
|
+
"README",
|
21
|
+
"Rakefile",
|
22
|
+
"VERSION",
|
23
|
+
"app/controllers/admin/users_controller.rb",
|
24
|
+
"app/controllers/password_resets_controller.rb",
|
25
|
+
"app/controllers/user_sessions_controller.rb",
|
26
|
+
"app/controllers/users_controller.rb",
|
27
|
+
"app/models/notifier.rb",
|
28
|
+
"app/models/settings.rb",
|
29
|
+
"app/models/user.rb",
|
30
|
+
"app/models/user_session.rb",
|
31
|
+
"app/views/admin/users/_form.erb",
|
32
|
+
"app/views/admin/users/edit.html.erb",
|
33
|
+
"app/views/admin/users/index.html.erb",
|
34
|
+
"app/views/admin/users/new.html.erb",
|
35
|
+
"app/views/admin/users/show.html.erb",
|
36
|
+
"app/views/notifier/password_reset_instructions.erb",
|
37
|
+
"app/views/notifier/registration_email.erb",
|
38
|
+
"app/views/password_resets/edit.html.erb",
|
39
|
+
"app/views/password_resets/new.html.erb",
|
40
|
+
"app/views/user_sessions/new.html.erb",
|
41
|
+
"app/views/users/_form.erb",
|
42
|
+
"app/views/users/edit.html.erb",
|
43
|
+
"app/views/users/new.html.erb",
|
44
|
+
"app/views/users/show.html.erb",
|
45
|
+
"db/migrate/20090713104345_create_users.rb",
|
46
|
+
"init.rb",
|
47
|
+
"install.rb",
|
48
|
+
"lib/qcore.rb",
|
49
|
+
"lib/qcore/authentication.rb",
|
50
|
+
"lib/qcore/authorization.rb",
|
51
|
+
"qcore.gemspec",
|
52
|
+
"rails/init.rb",
|
53
|
+
"tasks/core_tasks.rake",
|
54
|
+
"test/core_test.rb",
|
55
|
+
"test/test_helper.rb",
|
56
|
+
"uninstall.rb"
|
57
|
+
]
|
58
|
+
s.homepage = %q{http://interkonect.com}
|
59
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
60
|
+
s.require_paths = ["lib"]
|
61
|
+
s.rubygems_version = %q{1.3.5}
|
62
|
+
s.summary = %q{Qwerty Core}
|
63
|
+
s.test_files = [
|
64
|
+
"test/core_test.rb",
|
65
|
+
"test/test_helper.rb"
|
66
|
+
]
|
67
|
+
|
68
|
+
if s.respond_to? :specification_version then
|
69
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
70
|
+
s.specification_version = 3
|
71
|
+
|
72
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
73
|
+
else
|
74
|
+
end
|
75
|
+
else
|
76
|
+
end
|
77
|
+
end
|
data/rails/init.rb
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
namespace :qwerty do
|
4
|
+
|
5
|
+
namespace :core do
|
6
|
+
task :install => [:environment, :copy_files] do
|
7
|
+
|
8
|
+
# todo: insert routes, insert environment code, copy public files
|
9
|
+
|
10
|
+
Rake::Task['db:drop'].invoke
|
11
|
+
Rake::Task['db:create'].invoke
|
12
|
+
Rake::Task['db:migrate'].invoke
|
13
|
+
|
14
|
+
end
|
15
|
+
|
16
|
+
|
17
|
+
task :seed => [:environment] do
|
18
|
+
u=User.create(
|
19
|
+
:first_name => 'Kris',
|
20
|
+
:last_name => 'Leech',
|
21
|
+
:email => 'kris.leech@interkonect.com',
|
22
|
+
:password => 'chester',
|
23
|
+
:password_confirmation => 'chester'
|
24
|
+
)
|
25
|
+
u.roles = ['admin']
|
26
|
+
u.save
|
27
|
+
|
28
|
+
p = ActiveSupport::SecureRandom.hex(16)
|
29
|
+
u=User.create(
|
30
|
+
:first_name => 'Anonymous',
|
31
|
+
:last_name => 'Person',
|
32
|
+
:email => 'anonymous@example.com',
|
33
|
+
:password => p,
|
34
|
+
:password_confirmation => p
|
35
|
+
)
|
36
|
+
u.save
|
37
|
+
end
|
38
|
+
|
39
|
+
|
40
|
+
|
41
|
+
task :copy_files => [:environment] do
|
42
|
+
plugins = %w(core cms)
|
43
|
+
plugins.each do |plugin|
|
44
|
+
plugin_path = File.join(RAILS_ROOT, 'vendor', 'plugins', plugin)
|
45
|
+
|
46
|
+
folders = ['db/migrate']
|
47
|
+
|
48
|
+
folders.each do |folder|
|
49
|
+
puts 'copying from ' + folder
|
50
|
+
source_path = plugin_path + '/' + folder
|
51
|
+
destination_path = RAILS_ROOT + '/' + folder
|
52
|
+
if File.exists? source_path
|
53
|
+
FileUtils.mkdir_p destination_path unless File.exists? destination_path
|
54
|
+
Dir.glob(source_path + '/*') do |source_file|
|
55
|
+
unless File.exists? destination_path + '/' + File.basename(source_file)
|
56
|
+
`cp #{source_file} #{destination_path}`
|
57
|
+
puts 'file copied'
|
58
|
+
else
|
59
|
+
puts 'file already exists'
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
data/test/core_test.rb
ADDED
data/test/test_helper.rb
ADDED
data/uninstall.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
# Uninstall hook code here
|
metadata
ADDED
@@ -0,0 +1,93 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: qcore
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.2.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Kris Leech
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2010-08-26 00:00:00 +01:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description: Qwerty Core
|
17
|
+
email: kris.leech@interkonect.com
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions: []
|
21
|
+
|
22
|
+
extra_rdoc_files:
|
23
|
+
- README
|
24
|
+
files:
|
25
|
+
- .gitignore
|
26
|
+
- README
|
27
|
+
- Rakefile
|
28
|
+
- VERSION
|
29
|
+
- app/controllers/admin/users_controller.rb
|
30
|
+
- app/controllers/password_resets_controller.rb
|
31
|
+
- app/controllers/user_sessions_controller.rb
|
32
|
+
- app/controllers/users_controller.rb
|
33
|
+
- app/models/notifier.rb
|
34
|
+
- app/models/settings.rb
|
35
|
+
- app/models/user.rb
|
36
|
+
- app/models/user_session.rb
|
37
|
+
- app/views/admin/users/_form.erb
|
38
|
+
- app/views/admin/users/edit.html.erb
|
39
|
+
- app/views/admin/users/index.html.erb
|
40
|
+
- app/views/admin/users/new.html.erb
|
41
|
+
- app/views/admin/users/show.html.erb
|
42
|
+
- app/views/notifier/password_reset_instructions.erb
|
43
|
+
- app/views/notifier/registration_email.erb
|
44
|
+
- app/views/password_resets/edit.html.erb
|
45
|
+
- app/views/password_resets/new.html.erb
|
46
|
+
- app/views/user_sessions/new.html.erb
|
47
|
+
- app/views/users/_form.erb
|
48
|
+
- app/views/users/edit.html.erb
|
49
|
+
- app/views/users/new.html.erb
|
50
|
+
- app/views/users/show.html.erb
|
51
|
+
- db/migrate/20090713104345_create_users.rb
|
52
|
+
- init.rb
|
53
|
+
- install.rb
|
54
|
+
- lib/qcore.rb
|
55
|
+
- lib/qcore/authentication.rb
|
56
|
+
- lib/qcore/authorization.rb
|
57
|
+
- qcore.gemspec
|
58
|
+
- rails/init.rb
|
59
|
+
- tasks/core_tasks.rake
|
60
|
+
- test/core_test.rb
|
61
|
+
- test/test_helper.rb
|
62
|
+
- uninstall.rb
|
63
|
+
has_rdoc: true
|
64
|
+
homepage: http://interkonect.com
|
65
|
+
licenses: []
|
66
|
+
|
67
|
+
post_install_message:
|
68
|
+
rdoc_options:
|
69
|
+
- --charset=UTF-8
|
70
|
+
require_paths:
|
71
|
+
- lib
|
72
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: "0"
|
77
|
+
version:
|
78
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: "0"
|
83
|
+
version:
|
84
|
+
requirements: []
|
85
|
+
|
86
|
+
rubyforge_project:
|
87
|
+
rubygems_version: 1.3.5
|
88
|
+
signing_key:
|
89
|
+
specification_version: 3
|
90
|
+
summary: Qwerty Core
|
91
|
+
test_files:
|
92
|
+
- test/core_test.rb
|
93
|
+
- test/test_helper.rb
|