radiant-downloads-extension 0.5.0

data/.gitignore

@@ -0,0 +1,2 @@
+spec/spec_report.html
+.DS_Store

data/README.markdown

@@ -0,0 +1,81 @@
+# Downloads
+
+This is a simple and fairly thin extension that makes it easy to protect file downloads using nginx's internal redirects. It works something like this:
+
+* You upload a file using the admin interface and grant access to a couple of reader groups. The file is stored outside the /public folder and can't be reached with a web browser
+* A thin public-facing controller takes download requests and checks them against group membership
+* If you're not allowed, it redirects you to reader login or just tells you off
+* If you are allowed, it returns an attachment-download response pointing to a fictional address in /secure_download but with the `X-Accel-Redirect` header set to the real address of your file
+* Your nginx configuration intercepts the `X-Accel-Redirect` header, ignores the request address and returns the file
+* Your web browser reads the request address and gets the right file name
+* Your nginx configuration also makes sure that typing in the /secure_download address doesn't give file access
+
+In other words, there is no way to get at the uploaded file without going through the authenticating controller. The original inspiration is [in Alexei Kovyrin's blog](http://blog.kovyrin.net/2006/11/01/nginx-x-accel-redirect-php-rails/).
+
+It ought to be an easy matter to make this work with Apache and sendfile, but I haven't needed to.
+
+As with other group-access-control, a download with no groups attached is considered available, but here we are more restrictive and only make it available to logged in readers. If you want to publish a document for the public, you'd be better advised to upload it as a paperclipped asset.
+
+## Status
+
+Should be reliable. It's quite well-established code. The original version used file_column so I've spent some time bringing it across to paperclip and writing proper tests.
+
+## Requirements
+
+This uses spanner's [reader](https://github.com/spanner/radiant-reader-extension) and [reader_group](https://github.com/spanner/radiant-reader_group-extension) extensions for access control. If you would like to change the basis for allowing downloads, the easiest thing is probably to override or chain `Download#available_to?`. But do tell us what you're trying to do. We like to be useful.
+
+Also requires [paperclip](http://www.thoughtbot.com/projects/paperclip) gem, or the paperclipped extension (which currently vendors paperclip).
+
+(We thought about just applying access control to paperclipped assets but the machinery there is too specialised for images: most of what goes in here will be pdfs and office documents. The separate store is tricky too.)
+
+This should be straightforwardly `multi_site` compatible. If you use our [fork of multi_site](https://github.com/spanner/radiant-multi-site-extension/) then downloads (and readers and groups) will be site-scoped.
+
+## Configuration
+
+### In nginx
+
+This is what I use:
+
+	location /secure_download/ {
+		internal;
+		root /your/site/directory/current/secure_downloads;	
+		default_type  application/pdf;
+		expires 1h;
+		add_header  Cache-Control  private;
+		break;
+	}
+
+but I'm no nginx rypy. Suggestions would be very welcome. 
+
+(And naturally a security-minded person would only put this in the SSL-enabled version of the site, with the appropriate measures to direct people there).
+
+### In capistrano
+
+Ideally we will be storing downloads in the shared directory rather than in /current, so that they persist through deployments. I can't see a good way to get at that directory without making unhelpful assumptions in the model, so instead I will assume that if you use capistrano, you're doing the right thing with symlinks on deployment:
+
+	after "deploy:setup" do
+		sudo "mkdir -p #{shared_path}/secure_downloads"
+		sudo "chown -R #{user}:#{group} #{shared_path}/secure_downloads"
+	end
+	
+	after "deploy:update" do
+		run "ln -s #{shared_path}/secure_downloads #{current_release}/secure_downloads" 
+	end
+	
+Note that secure_downloads is not inside the public site.
+
+## Usage
+
+You'll see a 'downloads' tab in admin. Add files to the list there and you can link to them like this:
+
+
+
+## Bugs and comments
+
+In [lighthouse](http://spanner.lighthouseapp.com/projects/26912-radiant-extensions), please, or for little things an email or github message is fine.
+
+## Author and copyright
+
+* Copyright spanner ltd 2007-9.
+* Released under the same terms as Rails and/or Radiant.
+* Contact will at spanner.org

data/Rakefile

@@ -0,0 +1,137 @@
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "radiant-downloads-extension"
+    gem.summary = %Q{Controlled, secure file access for Radiant CMS with group-based access control.}
+    gem.description = %Q{Controlled, secure file access with group-based access control.}
+    gem.email = "will@spanner.org"
+    gem.homepage = "http://github.com/spanner/radiant-downloads-extension"
+    gem.authors = ["spanner"]
+    gem.add_dependency "radiant", ">= 0.9.0"
+    gem.add_dependency 'radiant-reader_group-extension'
+  end
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. This is only required if you plan to package downloads as a gem."
+end
+
+# In rails 1.2, plugins aren't available in the path until they're loaded.
+# Check to see if the rspec plugin is installed first and require
+# it if it is.  If not, use the gem version.
+
+# Determine where the RSpec plugin is by loading the boot
+unless defined? RADIANT_ROOT
+  ENV["RAILS_ENV"] = "test"
+  case
+  when ENV["RADIANT_ENV_FILE"]
+    require File.dirname(ENV["RADIANT_ENV_FILE"]) + "/boot"
+  when File.dirname(__FILE__) =~ %r{vendor/radiant/vendor/extensions}
+    require "#{File.expand_path(File.dirname(__FILE__) + "/../../../../../")}/config/boot"
+  else
+    require "#{File.expand_path(File.dirname(__FILE__) + "/../../../")}/config/boot"
+  end
+end
+
+require 'rake'
+require 'rake/rdoctask'
+require 'rake/testtask'
+
+rspec_base = File.expand_path(RADIANT_ROOT + '/vendor/plugins/rspec/lib')
+$LOAD_PATH.unshift(rspec_base) if File.exist?(rspec_base)
+require 'spec/rake/spectask'
+require 'cucumber'
+require 'cucumber/rake/task'
+
+# Cleanup the RADIANT_ROOT constant so specs will load the environment
+Object.send(:remove_const, :RADIANT_ROOT)
+
+extension_root = File.expand_path(File.dirname(__FILE__))
+
+task :default => :spec
+task :stats => "spec:statsetup"
+
+desc "Run all specs in spec directory"
+Spec::Rake::SpecTask.new(:spec) do |t|
+  t.spec_opts = ['--options', "\"#{extension_root}/spec/spec.opts\""]
+  t.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+task :features => 'spec:integration'
+
+namespace :spec do
+  desc "Run all specs in spec directory with RCov"
+  Spec::Rake::SpecTask.new(:rcov) do |t|
+    t.spec_opts = ['--options', "\"#{extension_root}/spec/spec.opts\""]
+    t.spec_files = FileList['spec/**/*_spec.rb']
+    t.rcov = true
+    t.rcov_opts = ['--exclude', 'spec', '--rails']
+  end
+  
+  desc "Print Specdoc for all specs"
+  Spec::Rake::SpecTask.new(:doc) do |t|
+    t.spec_opts = ["--format", "specdoc", "--dry-run"]
+    t.spec_files = FileList['spec/**/*_spec.rb']
+  end
+
+  [:models, :controllers, :views, :helpers].each do |sub|
+    desc "Run the specs under spec/#{sub}"
+    Spec::Rake::SpecTask.new(sub) do |t|
+      t.spec_opts = ['--options', "\"#{extension_root}/spec/spec.opts\""]
+      t.spec_files = FileList["spec/#{sub}/**/*_spec.rb"]
+    end
+  end
+  
+  desc "Run the Cucumber features"
+  Cucumber::Rake::Task.new(:integration) do |t|
+    t.fork = true
+    t.cucumber_opts = ['--format', (ENV['CUCUMBER_FORMAT'] || 'pretty')]
+    # t.feature_pattern = "#{extension_root}/features/**/*.feature"
+    t.profile = "default"
+  end
+
+  # Setup specs for stats
+  task :statsetup do
+    require 'code_statistics'
+    ::STATS_DIRECTORIES << %w(Model\ specs spec/models)
+    ::STATS_DIRECTORIES << %w(View\ specs spec/views)
+    ::STATS_DIRECTORIES << %w(Controller\ specs spec/controllers)
+    ::STATS_DIRECTORIES << %w(Helper\ specs spec/views)
+    ::CodeStatistics::TEST_TYPES << "Model specs"
+    ::CodeStatistics::TEST_TYPES << "View specs"
+    ::CodeStatistics::TEST_TYPES << "Controller specs"
+    ::CodeStatistics::TEST_TYPES << "Helper specs"
+    ::STATS_DIRECTORIES.delete_if {|a| a[0] =~ /test/}
+  end
+
+  namespace :db do
+    namespace :fixtures do
+      desc "Load fixtures (from spec/fixtures) into the current environment's database.  Load specific fixtures using FIXTURES=x,y"
+      task :load => :environment do
+        require 'active_record/fixtures'
+        ActiveRecord::Base.establish_connection(RAILS_ENV.to_sym)
+        (ENV['FIXTURES'] ? ENV['FIXTURES'].split(/,/) : Dir.glob(File.join(RAILS_ROOT, 'spec', 'fixtures', '*.{yml,csv}'))).each do |fixture_file|
+          Fixtures.create_fixtures('spec/fixtures', File.basename(fixture_file, '.*'))
+        end
+      end
+    end
+  end
+end
+
+desc 'Generate documentation for the downloads extension.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'DownloadsExtension'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+# For extensions that are in transition
+desc 'Test the downloads extension.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+# Load any custom rakefiles for extension
+Dir[File.dirname(__FILE__) + '/tasks/*.rake'].sort.each { |f| require f }

data/app/controllers/admin/downloads_controller.rb

@@ -0,0 +1,3 @@
+class Admin::DownloadsController < Admin::ResourceController
+
+end

data/app/controllers/downloads_controller.rb

@@ -0,0 +1,21 @@
+class DownloadsController < ReaderActionController
+  
+  before_filter :require_reader, :only => [:show]
+  
+  def show
+    @download = Download.find(params[:id])
+    if @download.available_to?(current_reader)
+      response.headers['X-Accel-Redirect'] = @download.document.url
+      response.headers["Content-Type"] = @download.document_content_type
+      response.headers['Content-Disposition'] = "attachment; filename=#{@download.document_file_name}" 
+      response.headers['Content-Length'] = @download.document_file_size
+      render :nothing => true
+    else
+      flash[:error] = "Sorry: you don't have permission to download that file."
+      render :template => 'reader/permission_denied'
+    end
+  end
+  
+end
+
+

data/app/models/download.rb

@@ -0,0 +1,33 @@
+class Download < ActiveRecord::Base
+
+  is_site_scoped if defined? ActiveRecord::SiteNotFound
+  belongs_to :created_by, :class_name => 'User'
+  belongs_to :updated_by, :class_name => 'User'
+  has_and_belongs_to_many :groups
+  default_scope :order => 'updated_at DESC, created_at DESC'
+
+  has_attached_file :document,
+                    :url => "/download_control/:id/:basename:no_original_style.:extension",
+                    :path => ":rails_root/secure_downloads/:id/:basename:no_original_style.:extension"
+
+  validates_attachment_presence :document
+  
+  def has_group?(group=nil)
+    return true if groups and group.nil?
+    return false if group.nil?
+    return groups.include?(group)
+  end
+  
+  def available_to?(reader=nil)
+    permitted_groups = self.groups  
+    return true if permitted_groups.empty?
+    return false if reader.nil?
+    return true if reader.is_admin?
+    return reader.in_any_of_these_groups?(permitted_groups)
+  end
+  
+  def document_ok?
+    self.document.exists?
+  end
+    
+end

data/app/views/admin/downloads/_form.html.haml

@@ -0,0 +1,47 @@
+.form-area
+  = render_region :form_top
+  = hidden_field 'download', 'lock_version'
+
+  - render_region :form do |form|
+    - form.edit_title do
+      %p.title
+        = f.label :name
+        = f.text_field 'name', :maxlength => 100, :class => "textbox"
+
+    - form.edit_description do
+      %p.description
+        = f.label :description, "Description or introduction"
+        = f.text_area 'description', :size => '40x6', :style => 'width: 100%; height: 160px;', :class => "textarea"
+
+    - form.edit_document do
+      %p.document
+        = f.label :document, @download.document? ? "Replace document" : "Upload document"
+        = f.file_field :document
+        - if @download.document?
+          %small
+            Current file: 
+            = link_to @download.document_file_name, download_url(@download)
+
+      - form.edit_access do
+        %p.access
+          = f.label :groups, "Available to"
+          - Group.find(:all).each do |group|
+            %span.checkbox
+              = check_box_tag "download[group_ids][]", group.id, @download.has_group?(group)
+              = group.name
+          %br
+          %span.formnote
+            If no group is ticked, any logged-in reader can download this file.
+
+  = javascript_tag "$('download_name').activate()"
+
+  - render_region :form_bottom do |form_bottom|
+    - form_bottom.edit_timestamp do
+      = updated_stamp @download  
+    - form_bottom.edit_buttons do
+      %p.buttons
+        = save_model_button @download
+        = save_model_and_continue_editing_button @download
+        or
+        = link_to "Cancel", admin_downloads_url
+

data/app/views/admin/downloads/edit.html.haml

@@ -0,0 +1,7 @@
+- include_stylesheet('admin/downloads')
+- render_region :main do |main|
+  - main.edit_header do
+    %h1 Edit Download
+  - main.edit_form do
+    - form_for :download, :url => admin_download_path(@download), :html => { :method => "put", :multipart => true } do |f|
+      = render :partial => 'form', :locals => { :f => f }

data/app/views/admin/downloads/index.html.haml

@@ -0,0 +1,32 @@
+- include_stylesheet 'admin/downloads'
+
+%h1 Authorised Downloads
+
+%table#downloads.index{:cellpadding => "0", :cellspacing => "0", :border => "0"}
+  %thead
+    %tr
+      %th.download Title
+      %th.file File
+      %th.groups Visible to groups
+      %th.actions
+  %tbody
+    - if @downloads.empty?
+      %tr
+        %td.note{:colspan => "4"} 
+          No downloads for you, sonny
+    - else
+      - @downloads.each do |dl|
+        %tr{:class => "node level-1"}
+          %td.download
+            = link_to dl.name, edit_admin_download_url(dl)
+          %td.file
+            = link_to dl.document_file_name, download_url(dl)
+            = number_to_human_size(dl.document_file_size)
+          %td.groups
+            = dl.groups.map {|g| link_to g.name, admin_group_url(g) }.join(', ')
+          %td.remove
+            =  link_to( image('remove', :alt => 'Remove Download'), :action => 'destroy', :id => dl, :confirm => "are you sure you want to completely remove #{dl.name}?")
+
+
+%p
+  = link_to(image('new-file', :alt => 'New download'), :action => 'new')

data/app/views/admin/downloads/new.html.haml

@@ -0,0 +1,7 @@
+- include_stylesheet('admin/downloads')
+- render_region :main do |main|
+  - main.edit_header do
+    %h1 New Download
+  - main.edit_form do
+    - form_for :download, :url => admin_downloads_path, :html => { :multipart => true } do |f|
+      = render :partial => "form", :locals => { :f => f }

data/db/migrate/001_create_downloads.rb

@@ -0,0 +1,28 @@
+class CreateDownloads < ActiveRecord::Migration
+  def self.up
+    create_table :downloads do |t|
+      t.column :name, :string
+      t.column :description, :text
+      t.column :document_file_name, :string
+      t.column :document_content_type, :string
+      t.column :document_file_size, :integer
+      t.column :document_updated_at, :datetime
+      t.column :created_at, :datetime
+      t.column :updated_at, :datetime
+      t.column :created_by_id, :integer
+      t.column :updated_by_id, :integer
+      t.column :lock_version, :integer
+      t.column :site_id, :integer
+    end
+
+    create_table :downloads_groups, :id => false do |t|
+      t.column :download_id, :integer
+      t.column :group_id, :integer
+    end
+  end
+
+  def self.down
+    drop_table :downloads
+    drop_table :downloads_groups
+  end
+end

data/downloads_extension.rb

@@ -0,0 +1,39 @@
+# Uncomment this if you reference any of your controllers in activate
+# require_dependency 'application'
+
+class DownloadsExtension < Radiant::Extension
+  version "0.5"
+  description "Controlled file access using nginx's local redirects. Requires reader and reader_group extensions."
+  url "http://www.spanner.org/radiant/downloads"
+  
+  define_routes do |map|
+    map.resources :downloads, :only => :show
+    map.namespace :admin, :path_prefix => 'admin/readers' do |admin|
+      admin.resources :downloads
+    end
+  end
+  
+  extension_config do |config|
+    config.gem 'paperclip'
+    config.extension 'reader'
+    config.extension 'reader_group'
+  end
+  
+  def activate
+    Group.send :include, DownloadGroup
+    Page.send :include, DownloadTags
+    UserActionObserver.instance.send :add_observer!, Download 
+
+    if respond_to?(:tab)
+      tab("Content") do
+        add_item("Downloads", "/admin/readers/downloads")
+      end
+    else
+      admin.tabs.add "Downloads", "/admin/readers/downloads", :visibility => [:all]
+    end
+  end  
+  
+  def deactivate
+  end
+  
+end