revo-lockdown 1.6.2.2 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/lockdown/frameworks/rails/controller.rb +23 -8
- data/lib/lockdown/frameworks/rails.rb +1 -1
- data/lib/lockdown/rules.rb +4 -4
- data/lib/lockdown/session.rb +1 -25
- data/lib/lockdown/system.rb +1 -1
- data/lib/lockdown.rb +4 -5
- data/revo-lockdown.gemspec +83 -0
- data/spec/lockdown/frameworks/rails/controller_spec.rb +8 -1
- data/spec/lockdown/rspec_helper_spec.rb +4 -3
- data/spec/lockdown/session_spec.rb +0 -64
- data/spec/lockdown/system_spec.rb +0 -2
- metadata +6 -40
- data/lib/lockdown/database.rb +0 -127
- data/lib/lockdown/orms/active_record.rb +0 -68
- data/rails_generators/lockdown/lockdown_generator.rb +0 -274
- data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +0 -22
- data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +0 -39
- data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +0 -122
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +0 -117
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/models/permission.rb +0 -13
- data/rails_generators/lockdown/templates/app/models/profile.rb +0 -10
- data/rails_generators/lockdown/templates/app/models/user.rb +0 -95
- data/rails_generators/lockdown/templates/app/models/user_group.rb +0 -15
- data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +0 -16
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +0 -26
- data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +0 -12
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +0 -33
- data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +0 -20
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +0 -31
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +0 -29
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +0 -51
- data/rails_generators/lockdown/templates/app/views/users/index.html.erb +0 -22
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +0 -50
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +0 -33
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +0 -1
- data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +0 -17
- data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +0 -19
- data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +0 -26
- data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +0 -19
- data/rails_generators/lockdown/templates/db/migrate/create_users.rb +0 -17
- data/rails_generators/lockdown/templates/lib/lockdown/README +0 -42
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +0 -136
- data/spec/lockdown/database_spec.rb +0 -162
|
@@ -32,15 +32,30 @@ module Lockdown
|
|
|
32
32
|
|
|
33
33
|
def check_request_authorization
|
|
34
34
|
unless authorized?(path_from_hash(params))
|
|
35
|
-
raise SecurityError, "Authorization failed! \nparams: #{params.inspect}\nsession: #{session.inspect}"
|
|
35
|
+
raise SecurityError, "Lockdown Authorization failed! \nparams: #{params.inspect}\nsession: #{session.inspect}"
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
protected
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
39
|
+
protected
|
|
40
|
+
def path_allowed?(path, user)
|
|
41
|
+
if user
|
|
42
|
+
return user_groups_allowed_on_path?(path, user.user_groups)
|
|
43
|
+
else
|
|
44
|
+
return path_part_of_public_access?(path)
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def user_groups_allowed_on_path?(path, user_groups)
|
|
49
|
+
user_groups.each do |user_group|
|
|
50
|
+
user_group_sym = user_group.name.underscore.tr(' ','_').to_sym
|
|
51
|
+
rights = (Lockdown::System.public_access + Lockdown::System.access_rights_for_user_group(user_group_sym))
|
|
52
|
+
return true if rights.include?(path)
|
|
53
|
+
end
|
|
54
|
+
return false
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def path_part_of_public_access?(path)
|
|
58
|
+
return Lockdown::System.public_access.include?(path)
|
|
44
59
|
end
|
|
45
60
|
|
|
46
61
|
def check_session_expiry
|
|
@@ -76,11 +91,11 @@ module Lockdown
|
|
|
76
91
|
|
|
77
92
|
path = url_parts[5]
|
|
78
93
|
|
|
79
|
-
return true if path_allowed?(path)
|
|
94
|
+
return true if path_allowed?(path, current_user)
|
|
80
95
|
|
|
81
96
|
begin
|
|
82
97
|
hash = ActionController::Routing::Routes.recognize_path(path, :method => method)
|
|
83
|
-
return path_allowed?(path_from_hash(hash)) if hash
|
|
98
|
+
return path_allowed?(path_from_hash(hash), current_user) if hash
|
|
84
99
|
rescue Exception => e
|
|
85
100
|
# continue on
|
|
86
101
|
end
|
data/lib/lockdown/rules.rb
CHANGED
|
@@ -349,18 +349,18 @@ module Lockdown
|
|
|
349
349
|
|
|
350
350
|
methods = controller.
|
|
351
351
|
access_methods.
|
|
352
|
-
collect do |am|
|
|
352
|
+
collect do |am|
|
|
353
353
|
am[am.index('/') + 1..-1].to_sym if am.index('/')
|
|
354
354
|
end.compact.inspect
|
|
355
355
|
|
|
356
356
|
return <<-RUBY
|
|
357
|
-
if controller_name == "#{controller.name}"
|
|
357
|
+
if controller_name == "#{controller.name}"
|
|
358
358
|
if #{methods}.include?(action_name.to_sym)
|
|
359
359
|
unless instance_variable_defined?(:@#{model.name})
|
|
360
360
|
@#{model.name} = #{model.class_name}.find(params[#{model.param.inspect}])
|
|
361
361
|
end
|
|
362
|
-
# Need to make sure we find the model first before checking admin status.
|
|
363
|
-
return true if current_user_is_admin?
|
|
362
|
+
# Need to make sure we find the model first before checking admin status.
|
|
363
|
+
return true if current_user_is_admin?
|
|
364
364
|
unless @#{model.name}.#{model.model_method}.#{model.association}(#{model.controller_method})
|
|
365
365
|
raise SecurityError, "Access to #\{action_name\} denied to #{model.name}.id #\{@#{model.name}.id\}"
|
|
366
366
|
end
|
data/lib/lockdown/session.rb
CHANGED
|
@@ -7,10 +7,8 @@ module Lockdown
|
|
|
7
7
|
user ||= current_user
|
|
8
8
|
|
|
9
9
|
if user
|
|
10
|
-
session[:access_rights] = Lockdown::System.access_rights_for_user(user)
|
|
11
10
|
session[:current_user_id] = user.id
|
|
12
|
-
|
|
13
|
-
session[:access_rights] = Lockdown::System.public_access
|
|
11
|
+
session[:access_rights] = :all if user.user_group.name.downcase == Lockdown.administrator_group_symbol.to_s
|
|
14
12
|
end
|
|
15
13
|
end
|
|
16
14
|
|
|
@@ -26,28 +24,6 @@ module Lockdown
|
|
|
26
24
|
session[:access_rights] == :all
|
|
27
25
|
end
|
|
28
26
|
|
|
29
|
-
def current_user_access_in_group?(grp)
|
|
30
|
-
return true if current_user_is_admin?
|
|
31
|
-
Lockdown::System.user_groups[grp].each do |perm|
|
|
32
|
-
return true if access_in_perm?(perm)
|
|
33
|
-
end
|
|
34
|
-
false
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def access_in_perm?(perm)
|
|
38
|
-
if Lockdown::System.permissions[perm]
|
|
39
|
-
Lockdown::System.permissions[perm].each do |ar|
|
|
40
|
-
return true if session_access_rights_include?(ar)
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
false
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
def session_access_rights_include?(str)
|
|
47
|
-
return false unless session[:access_rights]
|
|
48
|
-
session[:access_rights].include?(str)
|
|
49
|
-
end
|
|
50
|
-
|
|
51
27
|
def reset_lockdown_session
|
|
52
28
|
[:expiry_time, :current_user_id, :access_rights].each do |val|
|
|
53
29
|
session[val] = nil if session[val]
|
data/lib/lockdown/system.rb
CHANGED
data/lib/lockdown.rb
CHANGED
|
@@ -7,7 +7,6 @@ require File.join("lockdown", "helper")
|
|
|
7
7
|
require File.join("lockdown", "session")
|
|
8
8
|
require File.join("lockdown", "context")
|
|
9
9
|
require File.join("lockdown", "permission")
|
|
10
|
-
require File.join("lockdown", "database")
|
|
11
10
|
require File.join("lockdown", "rules")
|
|
12
11
|
require File.join("lockdown", "system")
|
|
13
12
|
require File.join("lockdown", "references")
|
|
@@ -16,7 +15,7 @@ module Lockdown
|
|
|
16
15
|
extend Lockdown::References
|
|
17
16
|
extend Lockdown::Helper
|
|
18
17
|
|
|
19
|
-
VERSION = '1.
|
|
18
|
+
VERSION = '1.7.0'
|
|
20
19
|
|
|
21
20
|
class << self
|
|
22
21
|
attr_accessor :logger
|
|
@@ -41,9 +40,9 @@ module Lockdown
|
|
|
41
40
|
# Mixin Lockdown code to the appropriate framework and ORM
|
|
42
41
|
def mixin
|
|
43
42
|
if mixin_resource?("frameworks")
|
|
44
|
-
unless mixin_resource?("orms")
|
|
45
|
-
raise NotImplementedError, "ORM unknown to Lockdown!"
|
|
46
|
-
end
|
|
43
|
+
# unless mixin_resource?("orms")
|
|
44
|
+
# raise NotImplementedError, "ORM unknown to Lockdown!"
|
|
45
|
+
# end
|
|
47
46
|
else
|
|
48
47
|
Lockdown.logger.info "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
|
|
49
48
|
end
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
# Generated by jeweler
|
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
|
4
|
+
# -*- encoding: utf-8 -*-
|
|
5
|
+
|
|
6
|
+
Gem::Specification.new do |s|
|
|
7
|
+
s.name = %q{revo-lockdown}
|
|
8
|
+
s.version = "1.7.0"
|
|
9
|
+
|
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
|
+
s.authors = ["Andrew Stone", "Revo Pty. Ltd."]
|
|
12
|
+
s.date = %q{2010-03-02}
|
|
13
|
+
s.description = %q{Restrict access to your controller actions. Supports basic model level restrictions as well}
|
|
14
|
+
s.email = %q{andy@stonean.com}
|
|
15
|
+
s.extra_rdoc_files = [
|
|
16
|
+
"README.txt"
|
|
17
|
+
]
|
|
18
|
+
s.files = [
|
|
19
|
+
".gitignore",
|
|
20
|
+
"README.txt",
|
|
21
|
+
"Rakefile",
|
|
22
|
+
"lib/lockdown.rb",
|
|
23
|
+
"lib/lockdown/context.rb",
|
|
24
|
+
"lib/lockdown/errors.rb",
|
|
25
|
+
"lib/lockdown/frameworks/rails.rb",
|
|
26
|
+
"lib/lockdown/frameworks/rails/controller.rb",
|
|
27
|
+
"lib/lockdown/frameworks/rails/view.rb",
|
|
28
|
+
"lib/lockdown/helper.rb",
|
|
29
|
+
"lib/lockdown/permission.rb",
|
|
30
|
+
"lib/lockdown/references.rb",
|
|
31
|
+
"lib/lockdown/rspec_helper.rb",
|
|
32
|
+
"lib/lockdown/rules.rb",
|
|
33
|
+
"lib/lockdown/session.rb",
|
|
34
|
+
"lib/lockdown/system.rb",
|
|
35
|
+
"revo-lockdown.gemspec",
|
|
36
|
+
"spec/lockdown/context_spec.rb",
|
|
37
|
+
"spec/lockdown/frameworks/rails/controller_spec.rb",
|
|
38
|
+
"spec/lockdown/frameworks/rails/view_spec.rb",
|
|
39
|
+
"spec/lockdown/frameworks/rails_spec.rb",
|
|
40
|
+
"spec/lockdown/permission_spec.rb",
|
|
41
|
+
"spec/lockdown/rspec_helper_spec.rb",
|
|
42
|
+
"spec/lockdown/rules_spec.rb",
|
|
43
|
+
"spec/lockdown/session_spec.rb",
|
|
44
|
+
"spec/lockdown/system_spec.rb",
|
|
45
|
+
"spec/lockdown_spec.rb",
|
|
46
|
+
"spec/rcov.opts",
|
|
47
|
+
"spec/spec.opts",
|
|
48
|
+
"spec/spec_helper.rb"
|
|
49
|
+
]
|
|
50
|
+
s.homepage = %q{http://stonean.com/wiki/lockdown}
|
|
51
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
|
52
|
+
s.require_paths = ["lib"]
|
|
53
|
+
s.rubyforge_project = %q{lockdown}
|
|
54
|
+
s.rubygems_version = %q{1.3.5}
|
|
55
|
+
s.summary = %q{Authorization system for Rails 2.x}
|
|
56
|
+
s.test_files = [
|
|
57
|
+
"spec/lockdown_spec.rb",
|
|
58
|
+
"spec/spec_helper.rb",
|
|
59
|
+
"spec/lockdown/system_spec.rb",
|
|
60
|
+
"spec/lockdown/context_spec.rb",
|
|
61
|
+
"spec/lockdown/permission_spec.rb",
|
|
62
|
+
"spec/lockdown/session_spec.rb",
|
|
63
|
+
"spec/lockdown/rspec_helper_spec.rb",
|
|
64
|
+
"spec/lockdown/rules_spec.rb",
|
|
65
|
+
"spec/lockdown/frameworks/rails_spec.rb",
|
|
66
|
+
"spec/lockdown/frameworks/rails/view_spec.rb",
|
|
67
|
+
"spec/lockdown/frameworks/rails/controller_spec.rb"
|
|
68
|
+
]
|
|
69
|
+
|
|
70
|
+
if s.respond_to? :specification_version then
|
|
71
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
|
72
|
+
s.specification_version = 3
|
|
73
|
+
|
|
74
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
|
75
|
+
s.add_development_dependency(%q<rspec>, [">= 0"])
|
|
76
|
+
else
|
|
77
|
+
s.add_dependency(%q<rspec>, [">= 0"])
|
|
78
|
+
end
|
|
79
|
+
else
|
|
80
|
+
s.add_dependency(%q<rspec>, [">= 0"])
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
@@ -83,7 +83,8 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
|
|
|
83
83
|
|
|
84
84
|
describe "#path_allowed" do
|
|
85
85
|
it "should return false for an invalid path" do
|
|
86
|
-
@controller.
|
|
86
|
+
@controller.stub!(:path_part_of_public_access?).and_return(false)
|
|
87
|
+
@controller.send(:path_allowed?, "/no/good", nil).should be_false
|
|
87
88
|
end
|
|
88
89
|
end
|
|
89
90
|
|
|
@@ -158,10 +159,16 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
|
|
|
158
159
|
end
|
|
159
160
|
|
|
160
161
|
it "should return false if path not in access_rights" do
|
|
162
|
+
@controller.stub!(:current_user_is_admin?).and_return(false)
|
|
163
|
+
@controller.stub!(:current_user).and_return(nil)
|
|
164
|
+
@controller.stub!(:path_part_of_public_access?).and_return(false)
|
|
161
165
|
@controller.send(:authorized?,@a_path).should be_false
|
|
162
166
|
end
|
|
163
167
|
|
|
164
168
|
it "should return true if path is in access_rights" do
|
|
169
|
+
@controller.stub!(:current_user_is_admin?).and_return(false)
|
|
170
|
+
@controller.stub!(:current_user).and_return(nil)
|
|
171
|
+
@controller.stub!(:path_part_of_public_access?).and_return(true)
|
|
165
172
|
@controller.send(:authorized?,@sample_url).should be_true
|
|
166
173
|
end
|
|
167
174
|
|
|
@@ -15,14 +15,15 @@ describe Lockdown::RspecHelper do
|
|
|
15
15
|
@controller = TestAController.new
|
|
16
16
|
@controller.stub!(:session).and_return({})
|
|
17
17
|
|
|
18
|
-
|
|
18
|
+
usr_group = mock :usr_group
|
|
19
|
+
|
|
20
|
+
usr = mock :user,
|
|
21
|
+
:user_group => usr_group,
|
|
19
22
|
:first_name => 'John',
|
|
20
23
|
:last_name => 'Smith',
|
|
21
24
|
:password => 'mysecret',
|
|
22
25
|
:password_confirmation => 'mysecret'
|
|
23
26
|
|
|
24
|
-
usr_group = mock :usr_group
|
|
25
|
-
|
|
26
27
|
Lockdown.should_receive(:maybe_parse_init)
|
|
27
28
|
RspecEnv.send :include, Lockdown::RspecHelper
|
|
28
29
|
@rspec_env = RspecEnv.new
|
|
@@ -35,34 +35,6 @@ describe Lockdown::Session do
|
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
describe "#current_user_access_in_group?" do
|
|
39
|
-
it "should return true if current user is admin" do
|
|
40
|
-
@actions = :all
|
|
41
|
-
@session = {:access_rights => @actions}
|
|
42
|
-
@controller.stub!(:session).and_return(@session)
|
|
43
|
-
|
|
44
|
-
@controller.send(:current_user_access_in_group?,:group).should == true
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
it "should return true if current_user has access" do
|
|
48
|
-
user_groups = {:public_group => [:public_access]}
|
|
49
|
-
hash = {:public_access => ["posts/index", "posts/show"]}
|
|
50
|
-
Lockdown::System.stub!(:permissions).and_return(hash)
|
|
51
|
-
|
|
52
|
-
Lockdown::System.stub!(:user_groups).and_return(user_groups)
|
|
53
|
-
@controller.send(:current_user_access_in_group?,:public_group).should be_true
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
it "should return false if current_user has access" do
|
|
57
|
-
user_groups = {:public_group => [:public_access]}
|
|
58
|
-
hash = {:public_access => ["books/edit", "books/update"]}
|
|
59
|
-
Lockdown::System.stub!(:permissions).and_return(hash)
|
|
60
|
-
|
|
61
|
-
Lockdown::System.stub!(:user_groups).and_return(user_groups)
|
|
62
|
-
@controller.send(:current_user_access_in_group?,:public_group).should be_false
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
|
|
66
38
|
describe "#current_user_is_admin?" do
|
|
67
39
|
it "should return true if access_rights == :all" do
|
|
68
40
|
@actions = :all
|
|
@@ -73,40 +45,4 @@ describe Lockdown::Session do
|
|
|
73
45
|
end
|
|
74
46
|
end
|
|
75
47
|
|
|
76
|
-
describe "#add_lockdown_session_values" do
|
|
77
|
-
it "should set the access_rights from the user list" do
|
|
78
|
-
array = ["posts/index", "posts/show"]
|
|
79
|
-
Lockdown::System.stub!(:access_rights_for_user).and_return(array)
|
|
80
|
-
usr = mock('user')
|
|
81
|
-
usr.should_receive(:id).and_return(1234)
|
|
82
|
-
@controller.send(:add_lockdown_session_values, usr)
|
|
83
|
-
@session[:access_rights].should == array
|
|
84
|
-
end
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
describe "#access_in_perm" do
|
|
89
|
-
it "should return false if permissions nil" do
|
|
90
|
-
Lockdown::System.stub!(:permissions).and_return({})
|
|
91
|
-
@controller.send(:access_in_perm?,:dummy).should be_false
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
it "should return true if permission found" do
|
|
95
|
-
hash = {:public => ["posts/index", "posts/show"]}
|
|
96
|
-
Lockdown::System.stub!(:permissions).and_return(hash)
|
|
97
|
-
@controller.send(:access_in_perm?,:public).should be_true
|
|
98
|
-
end
|
|
99
|
-
end
|
|
100
|
-
|
|
101
|
-
describe "#session_access_rights_include?" do
|
|
102
|
-
it "should return true for posts/index" do
|
|
103
|
-
@controller.send(:session_access_rights_include?,'posts/index').
|
|
104
|
-
should == true
|
|
105
|
-
end
|
|
106
|
-
|
|
107
|
-
it "should return false for pages/index" do
|
|
108
|
-
@controller.send(:session_access_rights_include?,'pages/index').
|
|
109
|
-
should == false
|
|
110
|
-
end
|
|
111
|
-
end
|
|
112
48
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: revo-lockdown
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Stone
|
|
@@ -10,7 +10,7 @@ autorequire:
|
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
12
|
|
|
13
|
-
date:
|
|
13
|
+
date: 2010-03-02 00:00:00 +11:00
|
|
14
14
|
default_executable:
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
@@ -37,52 +37,19 @@ files:
|
|
|
37
37
|
- Rakefile
|
|
38
38
|
- lib/lockdown.rb
|
|
39
39
|
- lib/lockdown/context.rb
|
|
40
|
-
- lib/lockdown/database.rb
|
|
41
40
|
- lib/lockdown/errors.rb
|
|
42
41
|
- lib/lockdown/frameworks/rails.rb
|
|
43
42
|
- lib/lockdown/frameworks/rails/controller.rb
|
|
44
43
|
- lib/lockdown/frameworks/rails/view.rb
|
|
45
44
|
- lib/lockdown/helper.rb
|
|
46
|
-
- lib/lockdown/orms/active_record.rb
|
|
47
45
|
- lib/lockdown/permission.rb
|
|
48
46
|
- lib/lockdown/references.rb
|
|
49
47
|
- lib/lockdown/rspec_helper.rb
|
|
50
48
|
- lib/lockdown/rules.rb
|
|
51
49
|
- lib/lockdown/session.rb
|
|
52
50
|
- lib/lockdown/system.rb
|
|
53
|
-
-
|
|
54
|
-
- rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
|
|
55
|
-
- rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
|
|
56
|
-
- rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
|
|
57
|
-
- rails_generators/lockdown/templates/app/controllers/users_controller.rb
|
|
58
|
-
- rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
|
|
59
|
-
- rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
|
|
60
|
-
- rails_generators/lockdown/templates/app/helpers/users_helper.rb
|
|
61
|
-
- rails_generators/lockdown/templates/app/models/permission.rb
|
|
62
|
-
- rails_generators/lockdown/templates/app/models/profile.rb
|
|
63
|
-
- rails_generators/lockdown/templates/app/models/user.rb
|
|
64
|
-
- rails_generators/lockdown/templates/app/models/user_group.rb
|
|
65
|
-
- rails_generators/lockdown/templates/app/views/permissions/index.html.erb
|
|
66
|
-
- rails_generators/lockdown/templates/app/views/permissions/show.html.erb
|
|
67
|
-
- rails_generators/lockdown/templates/app/views/sessions/new.html.erb
|
|
68
|
-
- rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
|
|
69
|
-
- rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
|
|
70
|
-
- rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
|
|
71
|
-
- rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
|
|
72
|
-
- rails_generators/lockdown/templates/app/views/users/edit.html.erb
|
|
73
|
-
- rails_generators/lockdown/templates/app/views/users/index.html.erb
|
|
74
|
-
- rails_generators/lockdown/templates/app/views/users/new.html.erb
|
|
75
|
-
- rails_generators/lockdown/templates/app/views/users/show.html.erb
|
|
76
|
-
- rails_generators/lockdown/templates/config/initializers/lockit.rb
|
|
77
|
-
- rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
|
|
78
|
-
- rails_generators/lockdown/templates/db/migrate/create_permissions.rb
|
|
79
|
-
- rails_generators/lockdown/templates/db/migrate/create_profiles.rb
|
|
80
|
-
- rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
|
|
81
|
-
- rails_generators/lockdown/templates/db/migrate/create_users.rb
|
|
82
|
-
- rails_generators/lockdown/templates/lib/lockdown/README
|
|
83
|
-
- rails_generators/lockdown/templates/lib/lockdown/init.rb
|
|
51
|
+
- revo-lockdown.gemspec
|
|
84
52
|
- spec/lockdown/context_spec.rb
|
|
85
|
-
- spec/lockdown/database_spec.rb
|
|
86
53
|
- spec/lockdown/frameworks/rails/controller_spec.rb
|
|
87
54
|
- spec/lockdown/frameworks/rails/view_spec.rb
|
|
88
55
|
- spec/lockdown/frameworks/rails_spec.rb
|
|
@@ -126,13 +93,12 @@ summary: Authorization system for Rails 2.x
|
|
|
126
93
|
test_files:
|
|
127
94
|
- spec/lockdown_spec.rb
|
|
128
95
|
- spec/spec_helper.rb
|
|
129
|
-
- spec/lockdown/
|
|
130
|
-
- spec/lockdown/rspec_helper_spec.rb
|
|
96
|
+
- spec/lockdown/system_spec.rb
|
|
131
97
|
- spec/lockdown/context_spec.rb
|
|
132
98
|
- spec/lockdown/permission_spec.rb
|
|
133
|
-
- spec/lockdown/system_spec.rb
|
|
134
|
-
- spec/lockdown/database_spec.rb
|
|
135
99
|
- spec/lockdown/session_spec.rb
|
|
100
|
+
- spec/lockdown/rspec_helper_spec.rb
|
|
101
|
+
- spec/lockdown/rules_spec.rb
|
|
136
102
|
- spec/lockdown/frameworks/rails_spec.rb
|
|
137
103
|
- spec/lockdown/frameworks/rails/view_spec.rb
|
|
138
104
|
- spec/lockdown/frameworks/rails/controller_spec.rb
|
data/lib/lockdown/database.rb
DELETED
|
@@ -1,127 +0,0 @@
|
|
|
1
|
-
module Lockdown
|
|
2
|
-
class Database
|
|
3
|
-
class << self
|
|
4
|
-
# This is very basic and could be handled better using orm specific
|
|
5
|
-
# functionality, but I wanted to keep it generic to avoid creating
|
|
6
|
-
# an interface for each the different orm implementations.
|
|
7
|
-
# We'll see how it works...
|
|
8
|
-
def sync_with_db
|
|
9
|
-
|
|
10
|
-
@permissions = Lockdown::System.get_permissions
|
|
11
|
-
@user_groups = Lockdown::System.get_user_groups
|
|
12
|
-
|
|
13
|
-
unless ::Permission.table_exists? && Lockdown.user_group_class.table_exists?
|
|
14
|
-
Lockdown.logger.info ">> Lockdown tables not found. Skipping database sync."
|
|
15
|
-
return
|
|
16
|
-
end
|
|
17
|
-
create_new_permissions
|
|
18
|
-
|
|
19
|
-
delete_extinct_permissions
|
|
20
|
-
|
|
21
|
-
maintain_user_groups
|
|
22
|
-
rescue Exception => e
|
|
23
|
-
Lockdown.logger.error ">> Lockdown sync failed: #{e.backtrace.join("\n")}"
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
# Create permissions not found in the database
|
|
27
|
-
def create_new_permissions
|
|
28
|
-
@permissions.each do |key|
|
|
29
|
-
next if Lockdown::System.permission_assigned_automatically?(key)
|
|
30
|
-
str = Lockdown.get_string(key)
|
|
31
|
-
p = ::Permission.find(:first, :conditions => ["name = ?", str])
|
|
32
|
-
unless p
|
|
33
|
-
Lockdown.logger.info ">> Lockdown: Permission not found in db: #{str}, creating."
|
|
34
|
-
::Permission.create(:name => str)
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
# Delete the permissions not found in init.rb
|
|
40
|
-
def delete_extinct_permissions
|
|
41
|
-
db_perms = ::Permission.find(:all).dup
|
|
42
|
-
db_perms.each do |dbp|
|
|
43
|
-
unless @permissions.include?(Lockdown.get_symbol(dbp.name))
|
|
44
|
-
Lockdown.logger.info ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
|
|
45
|
-
ug_table = Lockdown.user_groups_hbtm_reference.to_s
|
|
46
|
-
if "permissions" < ug_table
|
|
47
|
-
join_table = "permissions_#{ug_table}"
|
|
48
|
-
else
|
|
49
|
-
join_table = "#{ug_table}_permissions"
|
|
50
|
-
end
|
|
51
|
-
Lockdown.database_execute("delete from #{join_table} where permission_id = #{dbp.id}")
|
|
52
|
-
dbp.destroy
|
|
53
|
-
end
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
def maintain_user_groups
|
|
58
|
-
# Create user groups not found in the database
|
|
59
|
-
@user_groups.each do |key|
|
|
60
|
-
str = Lockdown.get_string(key)
|
|
61
|
-
unless ug = Lockdown.user_group_class.find(:first, :conditions => ["name = ?", str])
|
|
62
|
-
create_user_group(str, key)
|
|
63
|
-
else
|
|
64
|
-
# Remove permissions from user group not found in init.rb
|
|
65
|
-
remove_invalid_permissions(ug, key)
|
|
66
|
-
|
|
67
|
-
# Add in permissions from init.rb not found in database
|
|
68
|
-
add_valid_permissions(ug, key)
|
|
69
|
-
end
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
def create_user_group(name_str, key)
|
|
74
|
-
Lockdown.logger.info ">> Lockdown: #{Lockdown::System.fetch(:user_group_model)} not in the db: #{name_str}, creating."
|
|
75
|
-
ug = Lockdown.user_group_class.create(:name => name_str)
|
|
76
|
-
#Inefficient, definitely, but shouldn't have any issues across orms.
|
|
77
|
-
#
|
|
78
|
-
Lockdown::System.permissions_for_user_group(key).each do |perm|
|
|
79
|
-
|
|
80
|
-
if Lockdown::System.permission_assigned_automatically?(perm)
|
|
81
|
-
Lockdown.logger.info ">> Permission #{perm} cannot be assigned to #{name_str}. Already belongs to built in user group (public or protected)."
|
|
82
|
-
raise InvalidPermissionAssignment, "Invalid permission assignment"
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
p = ::Permission.find(:first, :conditions => ["name = ?", Lockdown.get_string(perm)])
|
|
86
|
-
|
|
87
|
-
ug_table = Lockdown.user_groups_hbtm_reference.to_s
|
|
88
|
-
if "permissions" < ug_table
|
|
89
|
-
join_table = "permissions_#{ug_table}"
|
|
90
|
-
else
|
|
91
|
-
join_table = "#{ug_table}_permissions"
|
|
92
|
-
end
|
|
93
|
-
Lockdown.database_execute "insert into #{join_table}(permission_id, #{Lockdown.user_group_id_reference}) values(#{p.id}, #{ug.id})"
|
|
94
|
-
end
|
|
95
|
-
end
|
|
96
|
-
|
|
97
|
-
def remove_invalid_permissions(ug, key)
|
|
98
|
-
ug.permissions.each do |perm|
|
|
99
|
-
perm_sym = Lockdown.get_symbol(perm)
|
|
100
|
-
perm_string = Lockdown.get_string(perm)
|
|
101
|
-
unless Lockdown::System.permissions_for_user_group(key).include?(perm_sym)
|
|
102
|
-
Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} no longer associated to User Group: #{ug.name}, deleting."
|
|
103
|
-
ug.permissions.delete(perm)
|
|
104
|
-
end
|
|
105
|
-
end
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
def add_valid_permissions(ug, key)
|
|
109
|
-
Lockdown::System.permissions_for_user_group(key).each do |perm|
|
|
110
|
-
perm_string = Lockdown.get_string(perm)
|
|
111
|
-
found = false
|
|
112
|
-
# see if permission exists
|
|
113
|
-
ug.permissions.each do |p|
|
|
114
|
-
found = true if Lockdown.get_string(p) == perm_string
|
|
115
|
-
end
|
|
116
|
-
# if not found, add it
|
|
117
|
-
unless found
|
|
118
|
-
Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} not found for User Group: #{ug.name}, adding it."
|
|
119
|
-
p = ::Permission.find(:first, :conditions => ["name = ?", perm_string])
|
|
120
|
-
ug.permissions << p
|
|
121
|
-
end
|
|
122
|
-
end
|
|
123
|
-
end
|
|
124
|
-
|
|
125
|
-
end # class block
|
|
126
|
-
end # Database
|
|
127
|
-
end #Lockdown
|
|
@@ -1,68 +0,0 @@
|
|
|
1
|
-
module Lockdown
|
|
2
|
-
module Orms
|
|
3
|
-
module ActiveRecord
|
|
4
|
-
class << self
|
|
5
|
-
def use_me?
|
|
6
|
-
Object.const_defined?("ActiveRecord") && ::ActiveRecord.const_defined?("Base")
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
def included(mod)
|
|
10
|
-
mod.extend Lockdown::Orms::ActiveRecord::Helper
|
|
11
|
-
mixin
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def mixin
|
|
15
|
-
Lockdown.orm_parent.class_eval do
|
|
16
|
-
include Lockdown::Orms::ActiveRecord::Stamps
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
end # class block
|
|
20
|
-
|
|
21
|
-
module Helper
|
|
22
|
-
def orm_parent
|
|
23
|
-
::ActiveRecord::Base
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
def database_execute(query)
|
|
27
|
-
orm_parent.connection.execute(query)
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def database_query(query)
|
|
31
|
-
orm_parent.connection.execute(query)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
def database_table_exists?(klass)
|
|
35
|
-
klass.table_exists?
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
module Stamps
|
|
40
|
-
def self.included(base)
|
|
41
|
-
base.class_eval do
|
|
42
|
-
alias_method :create_without_stamps, :create
|
|
43
|
-
alias_method :create, :create_with_stamps
|
|
44
|
-
alias_method :update_without_stamps, :update
|
|
45
|
-
alias_method :update, :update_with_stamps
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
def current_who_did_it
|
|
50
|
-
Thread.current[:who_did_it]
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
def create_with_stamps
|
|
54
|
-
pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
|
|
55
|
-
self[:created_by] = pid if self.respond_to?(:created_by)
|
|
56
|
-
self[:updated_by] = pid if self.respond_to?(:updated_by)
|
|
57
|
-
create_without_stamps
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
def update_with_stamps
|
|
61
|
-
pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
|
|
62
|
-
self[:updated_by] = pid if self.respond_to?(:updated_by)
|
|
63
|
-
update_without_stamps
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
end
|