revo-lockdown 1.6.2.2 → 1.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. data/lib/lockdown/frameworks/rails/controller.rb +23 -8
  2. data/lib/lockdown/frameworks/rails.rb +1 -1
  3. data/lib/lockdown/rules.rb +4 -4
  4. data/lib/lockdown/session.rb +1 -25
  5. data/lib/lockdown/system.rb +1 -1
  6. data/lib/lockdown.rb +4 -5
  7. data/revo-lockdown.gemspec +83 -0
  8. data/spec/lockdown/frameworks/rails/controller_spec.rb +8 -1
  9. data/spec/lockdown/rspec_helper_spec.rb +4 -3
  10. data/spec/lockdown/session_spec.rb +0 -64
  11. data/spec/lockdown/system_spec.rb +0 -2
  12. metadata +6 -40
  13. data/lib/lockdown/database.rb +0 -127
  14. data/lib/lockdown/orms/active_record.rb +0 -68
  15. data/rails_generators/lockdown/lockdown_generator.rb +0 -274
  16. data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +0 -22
  17. data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +0 -39
  18. data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +0 -122
  19. data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +0 -117
  20. data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -2
  21. data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -2
  22. data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -2
  23. data/rails_generators/lockdown/templates/app/models/permission.rb +0 -13
  24. data/rails_generators/lockdown/templates/app/models/profile.rb +0 -10
  25. data/rails_generators/lockdown/templates/app/models/user.rb +0 -95
  26. data/rails_generators/lockdown/templates/app/models/user_group.rb +0 -15
  27. data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +0 -16
  28. data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +0 -26
  29. data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +0 -12
  30. data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +0 -33
  31. data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +0 -20
  32. data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +0 -31
  33. data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +0 -29
  34. data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +0 -51
  35. data/rails_generators/lockdown/templates/app/views/users/index.html.erb +0 -22
  36. data/rails_generators/lockdown/templates/app/views/users/new.html.erb +0 -50
  37. data/rails_generators/lockdown/templates/app/views/users/show.html.erb +0 -33
  38. data/rails_generators/lockdown/templates/config/initializers/lockit.rb +0 -1
  39. data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +0 -17
  40. data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +0 -19
  41. data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +0 -26
  42. data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +0 -19
  43. data/rails_generators/lockdown/templates/db/migrate/create_users.rb +0 -17
  44. data/rails_generators/lockdown/templates/lib/lockdown/README +0 -42
  45. data/rails_generators/lockdown/templates/lib/lockdown/init.rb +0 -136
  46. data/spec/lockdown/database_spec.rb +0 -162
data/lib/lockdown/frameworks/rails/controller.rb CHANGED
@@ -32,15 +32,30 @@ module Lockdown
32
32
 
33
33
  def check_request_authorization
34
34
  unless authorized?(path_from_hash(params))
35
- raise SecurityError, "Authorization failed! \nparams: #{params.inspect}\nsession: #{session.inspect}"
35
+ raise SecurityError, "Lockdown Authorization failed! \nparams: #{params.inspect}\nsession: #{session.inspect}"
36
36
  end
37
37
  end
38
38
 
39
- protected
40
-
41
- def path_allowed?(url)
42
- session[:access_rights] ||= Lockdown::System.public_access
43
- session[:access_rights].include?(url)
39
+ protected
40
+ def path_allowed?(path, user)
41
+ if user
42
+ return user_groups_allowed_on_path?(path, user.user_groups)
43
+ else
44
+ return path_part_of_public_access?(path)
45
+ end
46
+ end
47
+
48
+ def user_groups_allowed_on_path?(path, user_groups)
49
+ user_groups.each do |user_group|
50
+ user_group_sym = user_group.name.underscore.tr(' ','_').to_sym
51
+ rights = (Lockdown::System.public_access + Lockdown::System.access_rights_for_user_group(user_group_sym))
52
+ return true if rights.include?(path)
53
+ end
54
+ return false
55
+ end
56
+
57
+ def path_part_of_public_access?(path)
58
+ return Lockdown::System.public_access.include?(path)
44
59
  end
45
60
 
46
61
  def check_session_expiry
@@ -76,11 +91,11 @@ module Lockdown
76
91
 
77
92
  path = url_parts[5]
78
93
 
79
- return true if path_allowed?(path)
94
+ return true if path_allowed?(path, current_user)
80
95
 
81
96
  begin
82
97
  hash = ActionController::Routing::Routes.recognize_path(path, :method => method)
83
- return path_allowed?(path_from_hash(hash)) if hash
98
+ return path_allowed?(path_from_hash(hash), current_user) if hash
84
99
  rescue Exception => e
85
100
  # continue on
86
101
  end
data/lib/lockdown/frameworks/rails.rb CHANGED
@@ -40,7 +40,7 @@ module Lockdown
40
40
  c.set_current_user
41
41
  c.configure_lockdown
42
42
  c.check_request_authorization
43
- c.check_model_authorization
43
+ # c.check_model_authorization
44
44
  end
45
45
 
46
46
  klass.filter_parameter_logging :password, :password_confirmation
data/lib/lockdown/rules.rb CHANGED
@@ -349,18 +349,18 @@ module Lockdown
349
349
 
350
350
  methods = controller.
351
351
  access_methods.
352
- collect do |am|
352
+ collect do |am|
353
353
  am[am.index('/') + 1..-1].to_sym if am.index('/')
354
354
  end.compact.inspect
355
355
 
356
356
  return <<-RUBY
357
- if controller_name == "#{controller.name}"
357
+ if controller_name == "#{controller.name}"
358
358
  if #{methods}.include?(action_name.to_sym)
359
359
  unless instance_variable_defined?(:@#{model.name})
360
360
  @#{model.name} = #{model.class_name}.find(params[#{model.param.inspect}])
361
361
  end
362
- # Need to make sure we find the model first before checking admin status.
363
- return true if current_user_is_admin?
362
+ # Need to make sure we find the model first before checking admin status.
363
+ return true if current_user_is_admin?
364
364
  unless @#{model.name}.#{model.model_method}.#{model.association}(#{model.controller_method})
365
365
  raise SecurityError, "Access to #\{action_name\} denied to #{model.name}.id #\{@#{model.name}.id\}"
366
366
  end
data/lib/lockdown/session.rb CHANGED
@@ -7,10 +7,8 @@ module Lockdown
7
7
  user ||= current_user
8
8
 
9
9
  if user
10
- session[:access_rights] = Lockdown::System.access_rights_for_user(user)
11
10
  session[:current_user_id] = user.id
12
- else
13
- session[:access_rights] = Lockdown::System.public_access
11
+ session[:access_rights] = :all if user.user_group.name.downcase == Lockdown.administrator_group_symbol.to_s
14
12
  end
15
13
  end
16
14
 
@@ -26,28 +24,6 @@ module Lockdown
26
24
  session[:access_rights] == :all
27
25
  end
28
26
 
29
- def current_user_access_in_group?(grp)
30
- return true if current_user_is_admin?
31
- Lockdown::System.user_groups[grp].each do |perm|
32
- return true if access_in_perm?(perm)
33
- end
34
- false
35
- end
36
-
37
- def access_in_perm?(perm)
38
- if Lockdown::System.permissions[perm]
39
- Lockdown::System.permissions[perm].each do |ar|
40
- return true if session_access_rights_include?(ar)
41
- end
42
- end
43
- false
44
- end
45
-
46
- def session_access_rights_include?(str)
47
- return false unless session[:access_rights]
48
- session[:access_rights].include?(str)
49
- end
50
-
51
27
  def reset_lockdown_session
52
28
  [:expiry_time, :current_user_id, :access_rights].each do |val|
53
29
  session[val] = nil if session[val]
data/lib/lockdown/system.rb CHANGED
@@ -11,7 +11,7 @@ module Lockdown
11
11
  # Lockdown::Rules defines process_rules
12
12
  process_rules
13
13
 
14
- Lockdown::Database.sync_with_db unless skip_sync?
14
+ # Lockdown::Database.sync_with_db unless skip_sync?
15
15
 
16
16
  @initialized = true if Lockdown.caching?
17
17
  end
data/lib/lockdown.rb CHANGED
@@ -7,7 +7,6 @@ require File.join("lockdown", "helper")
7
7
  require File.join("lockdown", "session")
8
8
  require File.join("lockdown", "context")
9
9
  require File.join("lockdown", "permission")
10
- require File.join("lockdown", "database")
11
10
  require File.join("lockdown", "rules")
12
11
  require File.join("lockdown", "system")
13
12
  require File.join("lockdown", "references")
@@ -16,7 +15,7 @@ module Lockdown
16
15
  extend Lockdown::References
17
16
  extend Lockdown::Helper
18
17
 
19
- VERSION = '1.6.2'
18
+ VERSION = '1.7.0'
20
19
 
21
20
  class << self
22
21
  attr_accessor :logger
@@ -41,9 +40,9 @@ module Lockdown
41
40
  # Mixin Lockdown code to the appropriate framework and ORM
42
41
  def mixin
43
42
  if mixin_resource?("frameworks")
44
- unless mixin_resource?("orms")
45
- raise NotImplementedError, "ORM unknown to Lockdown!"
46
- end
43
+ # unless mixin_resource?("orms")
44
+ # raise NotImplementedError, "ORM unknown to Lockdown!"
45
+ # end
47
46
  else
48
47
  Lockdown.logger.info "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
49
48
  end
data/revo-lockdown.gemspec ADDED
@@ -0,0 +1,83 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{revo-lockdown}
8
+ s.version = "1.7.0"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Andrew Stone", "Revo Pty. Ltd."]
12
+ s.date = %q{2010-03-02}
13
+ s.description = %q{Restrict access to your controller actions. Supports basic model level restrictions as well}
14
+ s.email = %q{andy@stonean.com}
15
+ s.extra_rdoc_files = [
16
+ "README.txt"
17
+ ]
18
+ s.files = [
19
+ ".gitignore",
20
+ "README.txt",
21
+ "Rakefile",
22
+ "lib/lockdown.rb",
23
+ "lib/lockdown/context.rb",
24
+ "lib/lockdown/errors.rb",
25
+ "lib/lockdown/frameworks/rails.rb",
26
+ "lib/lockdown/frameworks/rails/controller.rb",
27
+ "lib/lockdown/frameworks/rails/view.rb",
28
+ "lib/lockdown/helper.rb",
29
+ "lib/lockdown/permission.rb",
30
+ "lib/lockdown/references.rb",
31
+ "lib/lockdown/rspec_helper.rb",
32
+ "lib/lockdown/rules.rb",
33
+ "lib/lockdown/session.rb",
34
+ "lib/lockdown/system.rb",
35
+ "revo-lockdown.gemspec",
36
+ "spec/lockdown/context_spec.rb",
37
+ "spec/lockdown/frameworks/rails/controller_spec.rb",
38
+ "spec/lockdown/frameworks/rails/view_spec.rb",
39
+ "spec/lockdown/frameworks/rails_spec.rb",
40
+ "spec/lockdown/permission_spec.rb",
41
+ "spec/lockdown/rspec_helper_spec.rb",
42
+ "spec/lockdown/rules_spec.rb",
43
+ "spec/lockdown/session_spec.rb",
44
+ "spec/lockdown/system_spec.rb",
45
+ "spec/lockdown_spec.rb",
46
+ "spec/rcov.opts",
47
+ "spec/spec.opts",
48
+ "spec/spec_helper.rb"
49
+ ]
50
+ s.homepage = %q{http://stonean.com/wiki/lockdown}
51
+ s.rdoc_options = ["--charset=UTF-8"]
52
+ s.require_paths = ["lib"]
53
+ s.rubyforge_project = %q{lockdown}
54
+ s.rubygems_version = %q{1.3.5}
55
+ s.summary = %q{Authorization system for Rails 2.x}
56
+ s.test_files = [
57
+ "spec/lockdown_spec.rb",
58
+ "spec/spec_helper.rb",
59
+ "spec/lockdown/system_spec.rb",
60
+ "spec/lockdown/context_spec.rb",
61
+ "spec/lockdown/permission_spec.rb",
62
+ "spec/lockdown/session_spec.rb",
63
+ "spec/lockdown/rspec_helper_spec.rb",
64
+ "spec/lockdown/rules_spec.rb",
65
+ "spec/lockdown/frameworks/rails_spec.rb",
66
+ "spec/lockdown/frameworks/rails/view_spec.rb",
67
+ "spec/lockdown/frameworks/rails/controller_spec.rb"
68
+ ]
69
+
70
+ if s.respond_to? :specification_version then
71
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
72
+ s.specification_version = 3
73
+
74
+ if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
75
+ s.add_development_dependency(%q<rspec>, [">= 0"])
76
+ else
77
+ s.add_dependency(%q<rspec>, [">= 0"])
78
+ end
79
+ else
80
+ s.add_dependency(%q<rspec>, [">= 0"])
81
+ end
82
+ end
83
+
data/spec/lockdown/frameworks/rails/controller_spec.rb CHANGED
@@ -83,7 +83,8 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
83
83
 
84
84
  describe "#path_allowed" do
85
85
  it "should return false for an invalid path" do
86
- @controller.send(:path_allowed?,"/no/good").should be_false
86
+ @controller.stub!(:path_part_of_public_access?).and_return(false)
87
+ @controller.send(:path_allowed?, "/no/good", nil).should be_false
87
88
  end
88
89
  end
89
90
 
@@ -158,10 +159,16 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
158
159
  end
159
160
 
160
161
  it "should return false if path not in access_rights" do
162
+ @controller.stub!(:current_user_is_admin?).and_return(false)
163
+ @controller.stub!(:current_user).and_return(nil)
164
+ @controller.stub!(:path_part_of_public_access?).and_return(false)
161
165
  @controller.send(:authorized?,@a_path).should be_false
162
166
  end
163
167
 
164
168
  it "should return true if path is in access_rights" do
169
+ @controller.stub!(:current_user_is_admin?).and_return(false)
170
+ @controller.stub!(:current_user).and_return(nil)
171
+ @controller.stub!(:path_part_of_public_access?).and_return(true)
165
172
  @controller.send(:authorized?,@sample_url).should be_true
166
173
  end
167
174
 
data/spec/lockdown/rspec_helper_spec.rb CHANGED
@@ -15,14 +15,15 @@ describe Lockdown::RspecHelper do
15
15
  @controller = TestAController.new
16
16
  @controller.stub!(:session).and_return({})
17
17
 
18
- usr = mock :user,
18
+ usr_group = mock :usr_group
19
+
20
+ usr = mock :user,
21
+ :user_group => usr_group,
19
22
  :first_name => 'John',
20
23
  :last_name => 'Smith',
21
24
  :password => 'mysecret',
22
25
  :password_confirmation => 'mysecret'
23
26
 
24
- usr_group = mock :usr_group
25
-
26
27
  Lockdown.should_receive(:maybe_parse_init)
27
28
  RspecEnv.send :include, Lockdown::RspecHelper
28
29
  @rspec_env = RspecEnv.new
data/spec/lockdown/session_spec.rb CHANGED
@@ -35,34 +35,6 @@ describe Lockdown::Session do
35
35
  end
36
36
  end
37
37
 
38
- describe "#current_user_access_in_group?" do
39
- it "should return true if current user is admin" do
40
- @actions = :all
41
- @session = {:access_rights => @actions}
42
- @controller.stub!(:session).and_return(@session)
43
-
44
- @controller.send(:current_user_access_in_group?,:group).should == true
45
- end
46
-
47
- it "should return true if current_user has access" do
48
- user_groups = {:public_group => [:public_access]}
49
- hash = {:public_access => ["posts/index", "posts/show"]}
50
- Lockdown::System.stub!(:permissions).and_return(hash)
51
-
52
- Lockdown::System.stub!(:user_groups).and_return(user_groups)
53
- @controller.send(:current_user_access_in_group?,:public_group).should be_true
54
- end
55
-
56
- it "should return false if current_user has access" do
57
- user_groups = {:public_group => [:public_access]}
58
- hash = {:public_access => ["books/edit", "books/update"]}
59
- Lockdown::System.stub!(:permissions).and_return(hash)
60
-
61
- Lockdown::System.stub!(:user_groups).and_return(user_groups)
62
- @controller.send(:current_user_access_in_group?,:public_group).should be_false
63
- end
64
- end
65
-
66
38
  describe "#current_user_is_admin?" do
67
39
  it "should return true if access_rights == :all" do
68
40
  @actions = :all
@@ -73,40 +45,4 @@ describe Lockdown::Session do
73
45
  end
74
46
  end
75
47
 
76
- describe "#add_lockdown_session_values" do
77
- it "should set the access_rights from the user list" do
78
- array = ["posts/index", "posts/show"]
79
- Lockdown::System.stub!(:access_rights_for_user).and_return(array)
80
- usr = mock('user')
81
- usr.should_receive(:id).and_return(1234)
82
- @controller.send(:add_lockdown_session_values, usr)
83
- @session[:access_rights].should == array
84
- end
85
- end
86
-
87
-
88
- describe "#access_in_perm" do
89
- it "should return false if permissions nil" do
90
- Lockdown::System.stub!(:permissions).and_return({})
91
- @controller.send(:access_in_perm?,:dummy).should be_false
92
- end
93
-
94
- it "should return true if permission found" do
95
- hash = {:public => ["posts/index", "posts/show"]}
96
- Lockdown::System.stub!(:permissions).and_return(hash)
97
- @controller.send(:access_in_perm?,:public).should be_true
98
- end
99
- end
100
-
101
- describe "#session_access_rights_include?" do
102
- it "should return true for posts/index" do
103
- @controller.send(:session_access_rights_include?,'posts/index').
104
- should == true
105
- end
106
-
107
- it "should return false for pages/index" do
108
- @controller.send(:session_access_rights_include?,'pages/index').
109
- should == false
110
- end
111
- end
112
48
  end
data/spec/lockdown/system_spec.rb CHANGED
@@ -18,8 +18,6 @@ describe Lockdown::System do
18
18
 
19
19
  Lockdown::System.should_receive :process_rules
20
20
 
21
- Lockdown::Database.should_receive :sync_with_db
22
-
23
21
  Lockdown.should_receive :caching?
24
22
 
25
23
  Lockdown::System.configure do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: revo-lockdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.2.2
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Stone
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
12
 
13
- date: 2009-12-11 00:00:00 +11:00
13
+ date: 2010-03-02 00:00:00 +11:00
14
14
  default_executable:
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
@@ -37,52 +37,19 @@ files:
37
37
  - Rakefile
38
38
  - lib/lockdown.rb
39
39
  - lib/lockdown/context.rb
40
- - lib/lockdown/database.rb
41
40
  - lib/lockdown/errors.rb
42
41
  - lib/lockdown/frameworks/rails.rb
43
42
  - lib/lockdown/frameworks/rails/controller.rb
44
43
  - lib/lockdown/frameworks/rails/view.rb
45
44
  - lib/lockdown/helper.rb
46
- - lib/lockdown/orms/active_record.rb
47
45
  - lib/lockdown/permission.rb
48
46
  - lib/lockdown/references.rb
49
47
  - lib/lockdown/rspec_helper.rb
50
48
  - lib/lockdown/rules.rb
51
49
  - lib/lockdown/session.rb
52
50
  - lib/lockdown/system.rb
53
- - rails_generators/lockdown/lockdown_generator.rb
54
- - rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
55
- - rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
56
- - rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
57
- - rails_generators/lockdown/templates/app/controllers/users_controller.rb
58
- - rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
59
- - rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
60
- - rails_generators/lockdown/templates/app/helpers/users_helper.rb
61
- - rails_generators/lockdown/templates/app/models/permission.rb
62
- - rails_generators/lockdown/templates/app/models/profile.rb
63
- - rails_generators/lockdown/templates/app/models/user.rb
64
- - rails_generators/lockdown/templates/app/models/user_group.rb
65
- - rails_generators/lockdown/templates/app/views/permissions/index.html.erb
66
- - rails_generators/lockdown/templates/app/views/permissions/show.html.erb
67
- - rails_generators/lockdown/templates/app/views/sessions/new.html.erb
68
- - rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
69
- - rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
70
- - rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
71
- - rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
72
- - rails_generators/lockdown/templates/app/views/users/edit.html.erb
73
- - rails_generators/lockdown/templates/app/views/users/index.html.erb
74
- - rails_generators/lockdown/templates/app/views/users/new.html.erb
75
- - rails_generators/lockdown/templates/app/views/users/show.html.erb
76
- - rails_generators/lockdown/templates/config/initializers/lockit.rb
77
- - rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
78
- - rails_generators/lockdown/templates/db/migrate/create_permissions.rb
79
- - rails_generators/lockdown/templates/db/migrate/create_profiles.rb
80
- - rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
81
- - rails_generators/lockdown/templates/db/migrate/create_users.rb
82
- - rails_generators/lockdown/templates/lib/lockdown/README
83
- - rails_generators/lockdown/templates/lib/lockdown/init.rb
51
+ - revo-lockdown.gemspec
84
52
  - spec/lockdown/context_spec.rb
85
- - spec/lockdown/database_spec.rb
86
53
  - spec/lockdown/frameworks/rails/controller_spec.rb
87
54
  - spec/lockdown/frameworks/rails/view_spec.rb
88
55
  - spec/lockdown/frameworks/rails_spec.rb
@@ -126,13 +93,12 @@ summary: Authorization system for Rails 2.x
126
93
  test_files:
127
94
  - spec/lockdown_spec.rb
128
95
  - spec/spec_helper.rb
129
- - spec/lockdown/rules_spec.rb
130
- - spec/lockdown/rspec_helper_spec.rb
96
+ - spec/lockdown/system_spec.rb
131
97
  - spec/lockdown/context_spec.rb
132
98
  - spec/lockdown/permission_spec.rb
133
- - spec/lockdown/system_spec.rb
134
- - spec/lockdown/database_spec.rb
135
99
  - spec/lockdown/session_spec.rb
100
+ - spec/lockdown/rspec_helper_spec.rb
101
+ - spec/lockdown/rules_spec.rb
136
102
  - spec/lockdown/frameworks/rails_spec.rb
137
103
  - spec/lockdown/frameworks/rails/view_spec.rb
138
104
  - spec/lockdown/frameworks/rails/controller_spec.rb
data/lib/lockdown/database.rb DELETED
@@ -1,127 +0,0 @@
1
- module Lockdown
2
- class Database
3
- class << self
4
- # This is very basic and could be handled better using orm specific
5
- # functionality, but I wanted to keep it generic to avoid creating
6
- # an interface for each the different orm implementations.
7
- # We'll see how it works...
8
- def sync_with_db
9
-
10
- @permissions = Lockdown::System.get_permissions
11
- @user_groups = Lockdown::System.get_user_groups
12
-
13
- unless ::Permission.table_exists? && Lockdown.user_group_class.table_exists?
14
- Lockdown.logger.info ">> Lockdown tables not found. Skipping database sync."
15
- return
16
- end
17
- create_new_permissions
18
-
19
- delete_extinct_permissions
20
-
21
- maintain_user_groups
22
- rescue Exception => e
23
- Lockdown.logger.error ">> Lockdown sync failed: #{e.backtrace.join("\n")}"
24
- end
25
-
26
- # Create permissions not found in the database
27
- def create_new_permissions
28
- @permissions.each do |key|
29
- next if Lockdown::System.permission_assigned_automatically?(key)
30
- str = Lockdown.get_string(key)
31
- p = ::Permission.find(:first, :conditions => ["name = ?", str])
32
- unless p
33
- Lockdown.logger.info ">> Lockdown: Permission not found in db: #{str}, creating."
34
- ::Permission.create(:name => str)
35
- end
36
- end
37
- end
38
-
39
- # Delete the permissions not found in init.rb
40
- def delete_extinct_permissions
41
- db_perms = ::Permission.find(:all).dup
42
- db_perms.each do |dbp|
43
- unless @permissions.include?(Lockdown.get_symbol(dbp.name))
44
- Lockdown.logger.info ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
45
- ug_table = Lockdown.user_groups_hbtm_reference.to_s
46
- if "permissions" < ug_table
47
- join_table = "permissions_#{ug_table}"
48
- else
49
- join_table = "#{ug_table}_permissions"
50
- end
51
- Lockdown.database_execute("delete from #{join_table} where permission_id = #{dbp.id}")
52
- dbp.destroy
53
- end
54
- end
55
- end
56
-
57
- def maintain_user_groups
58
- # Create user groups not found in the database
59
- @user_groups.each do |key|
60
- str = Lockdown.get_string(key)
61
- unless ug = Lockdown.user_group_class.find(:first, :conditions => ["name = ?", str])
62
- create_user_group(str, key)
63
- else
64
- # Remove permissions from user group not found in init.rb
65
- remove_invalid_permissions(ug, key)
66
-
67
- # Add in permissions from init.rb not found in database
68
- add_valid_permissions(ug, key)
69
- end
70
- end
71
- end
72
-
73
- def create_user_group(name_str, key)
74
- Lockdown.logger.info ">> Lockdown: #{Lockdown::System.fetch(:user_group_model)} not in the db: #{name_str}, creating."
75
- ug = Lockdown.user_group_class.create(:name => name_str)
76
- #Inefficient, definitely, but shouldn't have any issues across orms.
77
- #
78
- Lockdown::System.permissions_for_user_group(key).each do |perm|
79
-
80
- if Lockdown::System.permission_assigned_automatically?(perm)
81
- Lockdown.logger.info ">> Permission #{perm} cannot be assigned to #{name_str}. Already belongs to built in user group (public or protected)."
82
- raise InvalidPermissionAssignment, "Invalid permission assignment"
83
- end
84
-
85
- p = ::Permission.find(:first, :conditions => ["name = ?", Lockdown.get_string(perm)])
86
-
87
- ug_table = Lockdown.user_groups_hbtm_reference.to_s
88
- if "permissions" < ug_table
89
- join_table = "permissions_#{ug_table}"
90
- else
91
- join_table = "#{ug_table}_permissions"
92
- end
93
- Lockdown.database_execute "insert into #{join_table}(permission_id, #{Lockdown.user_group_id_reference}) values(#{p.id}, #{ug.id})"
94
- end
95
- end
96
-
97
- def remove_invalid_permissions(ug, key)
98
- ug.permissions.each do |perm|
99
- perm_sym = Lockdown.get_symbol(perm)
100
- perm_string = Lockdown.get_string(perm)
101
- unless Lockdown::System.permissions_for_user_group(key).include?(perm_sym)
102
- Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} no longer associated to User Group: #{ug.name}, deleting."
103
- ug.permissions.delete(perm)
104
- end
105
- end
106
- end
107
-
108
- def add_valid_permissions(ug, key)
109
- Lockdown::System.permissions_for_user_group(key).each do |perm|
110
- perm_string = Lockdown.get_string(perm)
111
- found = false
112
- # see if permission exists
113
- ug.permissions.each do |p|
114
- found = true if Lockdown.get_string(p) == perm_string
115
- end
116
- # if not found, add it
117
- unless found
118
- Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} not found for User Group: #{ug.name}, adding it."
119
- p = ::Permission.find(:first, :conditions => ["name = ?", perm_string])
120
- ug.permissions << p
121
- end
122
- end
123
- end
124
-
125
- end # class block
126
- end # Database
127
- end #Lockdown
data/lib/lockdown/orms/active_record.rb DELETED
@@ -1,68 +0,0 @@
1
- module Lockdown
2
- module Orms
3
- module ActiveRecord
4
- class << self
5
- def use_me?
6
- Object.const_defined?("ActiveRecord") && ::ActiveRecord.const_defined?("Base")
7
- end
8
-
9
- def included(mod)
10
- mod.extend Lockdown::Orms::ActiveRecord::Helper
11
- mixin
12
- end
13
-
14
- def mixin
15
- Lockdown.orm_parent.class_eval do
16
- include Lockdown::Orms::ActiveRecord::Stamps
17
- end
18
- end
19
- end # class block
20
-
21
- module Helper
22
- def orm_parent
23
- ::ActiveRecord::Base
24
- end
25
-
26
- def database_execute(query)
27
- orm_parent.connection.execute(query)
28
- end
29
-
30
- def database_query(query)
31
- orm_parent.connection.execute(query)
32
- end
33
-
34
- def database_table_exists?(klass)
35
- klass.table_exists?
36
- end
37
- end
38
-
39
- module Stamps
40
- def self.included(base)
41
- base.class_eval do
42
- alias_method :create_without_stamps, :create
43
- alias_method :create, :create_with_stamps
44
- alias_method :update_without_stamps, :update
45
- alias_method :update, :update_with_stamps
46
- end
47
- end
48
-
49
- def current_who_did_it
50
- Thread.current[:who_did_it]
51
- end
52
-
53
- def create_with_stamps
54
- pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
55
- self[:created_by] = pid if self.respond_to?(:created_by)
56
- self[:updated_by] = pid if self.respond_to?(:updated_by)
57
- create_without_stamps
58
- end
59
-
60
- def update_with_stamps
61
- pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
62
- self[:updated_by] = pid if self.respond_to?(:updated_by)
63
- update_without_stamps
64
- end
65
- end
66
- end
67
- end
68
- end