revo-lockdown 1.6.2.2 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/lockdown/frameworks/rails/controller.rb +23 -8
- data/lib/lockdown/frameworks/rails.rb +1 -1
- data/lib/lockdown/rules.rb +4 -4
- data/lib/lockdown/session.rb +1 -25
- data/lib/lockdown/system.rb +1 -1
- data/lib/lockdown.rb +4 -5
- data/revo-lockdown.gemspec +83 -0
- data/spec/lockdown/frameworks/rails/controller_spec.rb +8 -1
- data/spec/lockdown/rspec_helper_spec.rb +4 -3
- data/spec/lockdown/session_spec.rb +0 -64
- data/spec/lockdown/system_spec.rb +0 -2
- metadata +6 -40
- data/lib/lockdown/database.rb +0 -127
- data/lib/lockdown/orms/active_record.rb +0 -68
- data/rails_generators/lockdown/lockdown_generator.rb +0 -274
- data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +0 -22
- data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +0 -39
- data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +0 -122
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +0 -117
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/models/permission.rb +0 -13
- data/rails_generators/lockdown/templates/app/models/profile.rb +0 -10
- data/rails_generators/lockdown/templates/app/models/user.rb +0 -95
- data/rails_generators/lockdown/templates/app/models/user_group.rb +0 -15
- data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +0 -16
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +0 -26
- data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +0 -12
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +0 -33
- data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +0 -20
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +0 -31
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +0 -29
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +0 -51
- data/rails_generators/lockdown/templates/app/views/users/index.html.erb +0 -22
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +0 -50
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +0 -33
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +0 -1
- data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +0 -17
- data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +0 -19
- data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +0 -26
- data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +0 -19
- data/rails_generators/lockdown/templates/db/migrate/create_users.rb +0 -17
- data/rails_generators/lockdown/templates/lib/lockdown/README +0 -42
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +0 -136
- data/spec/lockdown/database_spec.rb +0 -162
@@ -32,15 +32,30 @@ module Lockdown
|
|
32
32
|
|
33
33
|
def check_request_authorization
|
34
34
|
unless authorized?(path_from_hash(params))
|
35
|
-
raise SecurityError, "Authorization failed! \nparams: #{params.inspect}\nsession: #{session.inspect}"
|
35
|
+
raise SecurityError, "Lockdown Authorization failed! \nparams: #{params.inspect}\nsession: #{session.inspect}"
|
36
36
|
end
|
37
37
|
end
|
38
38
|
|
39
|
-
protected
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
39
|
+
protected
|
40
|
+
def path_allowed?(path, user)
|
41
|
+
if user
|
42
|
+
return user_groups_allowed_on_path?(path, user.user_groups)
|
43
|
+
else
|
44
|
+
return path_part_of_public_access?(path)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
def user_groups_allowed_on_path?(path, user_groups)
|
49
|
+
user_groups.each do |user_group|
|
50
|
+
user_group_sym = user_group.name.underscore.tr(' ','_').to_sym
|
51
|
+
rights = (Lockdown::System.public_access + Lockdown::System.access_rights_for_user_group(user_group_sym))
|
52
|
+
return true if rights.include?(path)
|
53
|
+
end
|
54
|
+
return false
|
55
|
+
end
|
56
|
+
|
57
|
+
def path_part_of_public_access?(path)
|
58
|
+
return Lockdown::System.public_access.include?(path)
|
44
59
|
end
|
45
60
|
|
46
61
|
def check_session_expiry
|
@@ -76,11 +91,11 @@ module Lockdown
|
|
76
91
|
|
77
92
|
path = url_parts[5]
|
78
93
|
|
79
|
-
return true if path_allowed?(path)
|
94
|
+
return true if path_allowed?(path, current_user)
|
80
95
|
|
81
96
|
begin
|
82
97
|
hash = ActionController::Routing::Routes.recognize_path(path, :method => method)
|
83
|
-
return path_allowed?(path_from_hash(hash)) if hash
|
98
|
+
return path_allowed?(path_from_hash(hash), current_user) if hash
|
84
99
|
rescue Exception => e
|
85
100
|
# continue on
|
86
101
|
end
|
data/lib/lockdown/rules.rb
CHANGED
@@ -349,18 +349,18 @@ module Lockdown
|
|
349
349
|
|
350
350
|
methods = controller.
|
351
351
|
access_methods.
|
352
|
-
collect do |am|
|
352
|
+
collect do |am|
|
353
353
|
am[am.index('/') + 1..-1].to_sym if am.index('/')
|
354
354
|
end.compact.inspect
|
355
355
|
|
356
356
|
return <<-RUBY
|
357
|
-
if controller_name == "#{controller.name}"
|
357
|
+
if controller_name == "#{controller.name}"
|
358
358
|
if #{methods}.include?(action_name.to_sym)
|
359
359
|
unless instance_variable_defined?(:@#{model.name})
|
360
360
|
@#{model.name} = #{model.class_name}.find(params[#{model.param.inspect}])
|
361
361
|
end
|
362
|
-
# Need to make sure we find the model first before checking admin status.
|
363
|
-
return true if current_user_is_admin?
|
362
|
+
# Need to make sure we find the model first before checking admin status.
|
363
|
+
return true if current_user_is_admin?
|
364
364
|
unless @#{model.name}.#{model.model_method}.#{model.association}(#{model.controller_method})
|
365
365
|
raise SecurityError, "Access to #\{action_name\} denied to #{model.name}.id #\{@#{model.name}.id\}"
|
366
366
|
end
|
data/lib/lockdown/session.rb
CHANGED
@@ -7,10 +7,8 @@ module Lockdown
|
|
7
7
|
user ||= current_user
|
8
8
|
|
9
9
|
if user
|
10
|
-
session[:access_rights] = Lockdown::System.access_rights_for_user(user)
|
11
10
|
session[:current_user_id] = user.id
|
12
|
-
|
13
|
-
session[:access_rights] = Lockdown::System.public_access
|
11
|
+
session[:access_rights] = :all if user.user_group.name.downcase == Lockdown.administrator_group_symbol.to_s
|
14
12
|
end
|
15
13
|
end
|
16
14
|
|
@@ -26,28 +24,6 @@ module Lockdown
|
|
26
24
|
session[:access_rights] == :all
|
27
25
|
end
|
28
26
|
|
29
|
-
def current_user_access_in_group?(grp)
|
30
|
-
return true if current_user_is_admin?
|
31
|
-
Lockdown::System.user_groups[grp].each do |perm|
|
32
|
-
return true if access_in_perm?(perm)
|
33
|
-
end
|
34
|
-
false
|
35
|
-
end
|
36
|
-
|
37
|
-
def access_in_perm?(perm)
|
38
|
-
if Lockdown::System.permissions[perm]
|
39
|
-
Lockdown::System.permissions[perm].each do |ar|
|
40
|
-
return true if session_access_rights_include?(ar)
|
41
|
-
end
|
42
|
-
end
|
43
|
-
false
|
44
|
-
end
|
45
|
-
|
46
|
-
def session_access_rights_include?(str)
|
47
|
-
return false unless session[:access_rights]
|
48
|
-
session[:access_rights].include?(str)
|
49
|
-
end
|
50
|
-
|
51
27
|
def reset_lockdown_session
|
52
28
|
[:expiry_time, :current_user_id, :access_rights].each do |val|
|
53
29
|
session[val] = nil if session[val]
|
data/lib/lockdown/system.rb
CHANGED
data/lib/lockdown.rb
CHANGED
@@ -7,7 +7,6 @@ require File.join("lockdown", "helper")
|
|
7
7
|
require File.join("lockdown", "session")
|
8
8
|
require File.join("lockdown", "context")
|
9
9
|
require File.join("lockdown", "permission")
|
10
|
-
require File.join("lockdown", "database")
|
11
10
|
require File.join("lockdown", "rules")
|
12
11
|
require File.join("lockdown", "system")
|
13
12
|
require File.join("lockdown", "references")
|
@@ -16,7 +15,7 @@ module Lockdown
|
|
16
15
|
extend Lockdown::References
|
17
16
|
extend Lockdown::Helper
|
18
17
|
|
19
|
-
VERSION = '1.
|
18
|
+
VERSION = '1.7.0'
|
20
19
|
|
21
20
|
class << self
|
22
21
|
attr_accessor :logger
|
@@ -41,9 +40,9 @@ module Lockdown
|
|
41
40
|
# Mixin Lockdown code to the appropriate framework and ORM
|
42
41
|
def mixin
|
43
42
|
if mixin_resource?("frameworks")
|
44
|
-
unless mixin_resource?("orms")
|
45
|
-
raise NotImplementedError, "ORM unknown to Lockdown!"
|
46
|
-
end
|
43
|
+
# unless mixin_resource?("orms")
|
44
|
+
# raise NotImplementedError, "ORM unknown to Lockdown!"
|
45
|
+
# end
|
47
46
|
else
|
48
47
|
Lockdown.logger.info "=> Note:: Lockdown cannot determine framework and therefore is not active.\n"
|
49
48
|
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{revo-lockdown}
|
8
|
+
s.version = "1.7.0"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Andrew Stone", "Revo Pty. Ltd."]
|
12
|
+
s.date = %q{2010-03-02}
|
13
|
+
s.description = %q{Restrict access to your controller actions. Supports basic model level restrictions as well}
|
14
|
+
s.email = %q{andy@stonean.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"README.txt"
|
17
|
+
]
|
18
|
+
s.files = [
|
19
|
+
".gitignore",
|
20
|
+
"README.txt",
|
21
|
+
"Rakefile",
|
22
|
+
"lib/lockdown.rb",
|
23
|
+
"lib/lockdown/context.rb",
|
24
|
+
"lib/lockdown/errors.rb",
|
25
|
+
"lib/lockdown/frameworks/rails.rb",
|
26
|
+
"lib/lockdown/frameworks/rails/controller.rb",
|
27
|
+
"lib/lockdown/frameworks/rails/view.rb",
|
28
|
+
"lib/lockdown/helper.rb",
|
29
|
+
"lib/lockdown/permission.rb",
|
30
|
+
"lib/lockdown/references.rb",
|
31
|
+
"lib/lockdown/rspec_helper.rb",
|
32
|
+
"lib/lockdown/rules.rb",
|
33
|
+
"lib/lockdown/session.rb",
|
34
|
+
"lib/lockdown/system.rb",
|
35
|
+
"revo-lockdown.gemspec",
|
36
|
+
"spec/lockdown/context_spec.rb",
|
37
|
+
"spec/lockdown/frameworks/rails/controller_spec.rb",
|
38
|
+
"spec/lockdown/frameworks/rails/view_spec.rb",
|
39
|
+
"spec/lockdown/frameworks/rails_spec.rb",
|
40
|
+
"spec/lockdown/permission_spec.rb",
|
41
|
+
"spec/lockdown/rspec_helper_spec.rb",
|
42
|
+
"spec/lockdown/rules_spec.rb",
|
43
|
+
"spec/lockdown/session_spec.rb",
|
44
|
+
"spec/lockdown/system_spec.rb",
|
45
|
+
"spec/lockdown_spec.rb",
|
46
|
+
"spec/rcov.opts",
|
47
|
+
"spec/spec.opts",
|
48
|
+
"spec/spec_helper.rb"
|
49
|
+
]
|
50
|
+
s.homepage = %q{http://stonean.com/wiki/lockdown}
|
51
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
52
|
+
s.require_paths = ["lib"]
|
53
|
+
s.rubyforge_project = %q{lockdown}
|
54
|
+
s.rubygems_version = %q{1.3.5}
|
55
|
+
s.summary = %q{Authorization system for Rails 2.x}
|
56
|
+
s.test_files = [
|
57
|
+
"spec/lockdown_spec.rb",
|
58
|
+
"spec/spec_helper.rb",
|
59
|
+
"spec/lockdown/system_spec.rb",
|
60
|
+
"spec/lockdown/context_spec.rb",
|
61
|
+
"spec/lockdown/permission_spec.rb",
|
62
|
+
"spec/lockdown/session_spec.rb",
|
63
|
+
"spec/lockdown/rspec_helper_spec.rb",
|
64
|
+
"spec/lockdown/rules_spec.rb",
|
65
|
+
"spec/lockdown/frameworks/rails_spec.rb",
|
66
|
+
"spec/lockdown/frameworks/rails/view_spec.rb",
|
67
|
+
"spec/lockdown/frameworks/rails/controller_spec.rb"
|
68
|
+
]
|
69
|
+
|
70
|
+
if s.respond_to? :specification_version then
|
71
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
72
|
+
s.specification_version = 3
|
73
|
+
|
74
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
75
|
+
s.add_development_dependency(%q<rspec>, [">= 0"])
|
76
|
+
else
|
77
|
+
s.add_dependency(%q<rspec>, [">= 0"])
|
78
|
+
end
|
79
|
+
else
|
80
|
+
s.add_dependency(%q<rspec>, [">= 0"])
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
@@ -83,7 +83,8 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
|
|
83
83
|
|
84
84
|
describe "#path_allowed" do
|
85
85
|
it "should return false for an invalid path" do
|
86
|
-
@controller.
|
86
|
+
@controller.stub!(:path_part_of_public_access?).and_return(false)
|
87
|
+
@controller.send(:path_allowed?, "/no/good", nil).should be_false
|
87
88
|
end
|
88
89
|
end
|
89
90
|
|
@@ -158,10 +159,16 @@ describe Lockdown::Frameworks::Rails::Controller::Lock do
|
|
158
159
|
end
|
159
160
|
|
160
161
|
it "should return false if path not in access_rights" do
|
162
|
+
@controller.stub!(:current_user_is_admin?).and_return(false)
|
163
|
+
@controller.stub!(:current_user).and_return(nil)
|
164
|
+
@controller.stub!(:path_part_of_public_access?).and_return(false)
|
161
165
|
@controller.send(:authorized?,@a_path).should be_false
|
162
166
|
end
|
163
167
|
|
164
168
|
it "should return true if path is in access_rights" do
|
169
|
+
@controller.stub!(:current_user_is_admin?).and_return(false)
|
170
|
+
@controller.stub!(:current_user).and_return(nil)
|
171
|
+
@controller.stub!(:path_part_of_public_access?).and_return(true)
|
165
172
|
@controller.send(:authorized?,@sample_url).should be_true
|
166
173
|
end
|
167
174
|
|
@@ -15,14 +15,15 @@ describe Lockdown::RspecHelper do
|
|
15
15
|
@controller = TestAController.new
|
16
16
|
@controller.stub!(:session).and_return({})
|
17
17
|
|
18
|
-
|
18
|
+
usr_group = mock :usr_group
|
19
|
+
|
20
|
+
usr = mock :user,
|
21
|
+
:user_group => usr_group,
|
19
22
|
:first_name => 'John',
|
20
23
|
:last_name => 'Smith',
|
21
24
|
:password => 'mysecret',
|
22
25
|
:password_confirmation => 'mysecret'
|
23
26
|
|
24
|
-
usr_group = mock :usr_group
|
25
|
-
|
26
27
|
Lockdown.should_receive(:maybe_parse_init)
|
27
28
|
RspecEnv.send :include, Lockdown::RspecHelper
|
28
29
|
@rspec_env = RspecEnv.new
|
@@ -35,34 +35,6 @@ describe Lockdown::Session do
|
|
35
35
|
end
|
36
36
|
end
|
37
37
|
|
38
|
-
describe "#current_user_access_in_group?" do
|
39
|
-
it "should return true if current user is admin" do
|
40
|
-
@actions = :all
|
41
|
-
@session = {:access_rights => @actions}
|
42
|
-
@controller.stub!(:session).and_return(@session)
|
43
|
-
|
44
|
-
@controller.send(:current_user_access_in_group?,:group).should == true
|
45
|
-
end
|
46
|
-
|
47
|
-
it "should return true if current_user has access" do
|
48
|
-
user_groups = {:public_group => [:public_access]}
|
49
|
-
hash = {:public_access => ["posts/index", "posts/show"]}
|
50
|
-
Lockdown::System.stub!(:permissions).and_return(hash)
|
51
|
-
|
52
|
-
Lockdown::System.stub!(:user_groups).and_return(user_groups)
|
53
|
-
@controller.send(:current_user_access_in_group?,:public_group).should be_true
|
54
|
-
end
|
55
|
-
|
56
|
-
it "should return false if current_user has access" do
|
57
|
-
user_groups = {:public_group => [:public_access]}
|
58
|
-
hash = {:public_access => ["books/edit", "books/update"]}
|
59
|
-
Lockdown::System.stub!(:permissions).and_return(hash)
|
60
|
-
|
61
|
-
Lockdown::System.stub!(:user_groups).and_return(user_groups)
|
62
|
-
@controller.send(:current_user_access_in_group?,:public_group).should be_false
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
38
|
describe "#current_user_is_admin?" do
|
67
39
|
it "should return true if access_rights == :all" do
|
68
40
|
@actions = :all
|
@@ -73,40 +45,4 @@ describe Lockdown::Session do
|
|
73
45
|
end
|
74
46
|
end
|
75
47
|
|
76
|
-
describe "#add_lockdown_session_values" do
|
77
|
-
it "should set the access_rights from the user list" do
|
78
|
-
array = ["posts/index", "posts/show"]
|
79
|
-
Lockdown::System.stub!(:access_rights_for_user).and_return(array)
|
80
|
-
usr = mock('user')
|
81
|
-
usr.should_receive(:id).and_return(1234)
|
82
|
-
@controller.send(:add_lockdown_session_values, usr)
|
83
|
-
@session[:access_rights].should == array
|
84
|
-
end
|
85
|
-
end
|
86
|
-
|
87
|
-
|
88
|
-
describe "#access_in_perm" do
|
89
|
-
it "should return false if permissions nil" do
|
90
|
-
Lockdown::System.stub!(:permissions).and_return({})
|
91
|
-
@controller.send(:access_in_perm?,:dummy).should be_false
|
92
|
-
end
|
93
|
-
|
94
|
-
it "should return true if permission found" do
|
95
|
-
hash = {:public => ["posts/index", "posts/show"]}
|
96
|
-
Lockdown::System.stub!(:permissions).and_return(hash)
|
97
|
-
@controller.send(:access_in_perm?,:public).should be_true
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
describe "#session_access_rights_include?" do
|
102
|
-
it "should return true for posts/index" do
|
103
|
-
@controller.send(:session_access_rights_include?,'posts/index').
|
104
|
-
should == true
|
105
|
-
end
|
106
|
-
|
107
|
-
it "should return false for pages/index" do
|
108
|
-
@controller.send(:session_access_rights_include?,'pages/index').
|
109
|
-
should == false
|
110
|
-
end
|
111
|
-
end
|
112
48
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: revo-lockdown
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Stone
|
@@ -10,7 +10,7 @@ autorequire:
|
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
12
|
|
13
|
-
date:
|
13
|
+
date: 2010-03-02 00:00:00 +11:00
|
14
14
|
default_executable:
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
@@ -37,52 +37,19 @@ files:
|
|
37
37
|
- Rakefile
|
38
38
|
- lib/lockdown.rb
|
39
39
|
- lib/lockdown/context.rb
|
40
|
-
- lib/lockdown/database.rb
|
41
40
|
- lib/lockdown/errors.rb
|
42
41
|
- lib/lockdown/frameworks/rails.rb
|
43
42
|
- lib/lockdown/frameworks/rails/controller.rb
|
44
43
|
- lib/lockdown/frameworks/rails/view.rb
|
45
44
|
- lib/lockdown/helper.rb
|
46
|
-
- lib/lockdown/orms/active_record.rb
|
47
45
|
- lib/lockdown/permission.rb
|
48
46
|
- lib/lockdown/references.rb
|
49
47
|
- lib/lockdown/rspec_helper.rb
|
50
48
|
- lib/lockdown/rules.rb
|
51
49
|
- lib/lockdown/session.rb
|
52
50
|
- lib/lockdown/system.rb
|
53
|
-
-
|
54
|
-
- rails_generators/lockdown/templates/app/controllers/permissions_controller.rb
|
55
|
-
- rails_generators/lockdown/templates/app/controllers/sessions_controller.rb
|
56
|
-
- rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb
|
57
|
-
- rails_generators/lockdown/templates/app/controllers/users_controller.rb
|
58
|
-
- rails_generators/lockdown/templates/app/helpers/permissions_helper.rb
|
59
|
-
- rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb
|
60
|
-
- rails_generators/lockdown/templates/app/helpers/users_helper.rb
|
61
|
-
- rails_generators/lockdown/templates/app/models/permission.rb
|
62
|
-
- rails_generators/lockdown/templates/app/models/profile.rb
|
63
|
-
- rails_generators/lockdown/templates/app/models/user.rb
|
64
|
-
- rails_generators/lockdown/templates/app/models/user_group.rb
|
65
|
-
- rails_generators/lockdown/templates/app/views/permissions/index.html.erb
|
66
|
-
- rails_generators/lockdown/templates/app/views/permissions/show.html.erb
|
67
|
-
- rails_generators/lockdown/templates/app/views/sessions/new.html.erb
|
68
|
-
- rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb
|
69
|
-
- rails_generators/lockdown/templates/app/views/user_groups/index.html.erb
|
70
|
-
- rails_generators/lockdown/templates/app/views/user_groups/new.html.erb
|
71
|
-
- rails_generators/lockdown/templates/app/views/user_groups/show.html.erb
|
72
|
-
- rails_generators/lockdown/templates/app/views/users/edit.html.erb
|
73
|
-
- rails_generators/lockdown/templates/app/views/users/index.html.erb
|
74
|
-
- rails_generators/lockdown/templates/app/views/users/new.html.erb
|
75
|
-
- rails_generators/lockdown/templates/app/views/users/show.html.erb
|
76
|
-
- rails_generators/lockdown/templates/config/initializers/lockit.rb
|
77
|
-
- rails_generators/lockdown/templates/db/migrate/create_admin_user.rb
|
78
|
-
- rails_generators/lockdown/templates/db/migrate/create_permissions.rb
|
79
|
-
- rails_generators/lockdown/templates/db/migrate/create_profiles.rb
|
80
|
-
- rails_generators/lockdown/templates/db/migrate/create_user_groups.rb
|
81
|
-
- rails_generators/lockdown/templates/db/migrate/create_users.rb
|
82
|
-
- rails_generators/lockdown/templates/lib/lockdown/README
|
83
|
-
- rails_generators/lockdown/templates/lib/lockdown/init.rb
|
51
|
+
- revo-lockdown.gemspec
|
84
52
|
- spec/lockdown/context_spec.rb
|
85
|
-
- spec/lockdown/database_spec.rb
|
86
53
|
- spec/lockdown/frameworks/rails/controller_spec.rb
|
87
54
|
- spec/lockdown/frameworks/rails/view_spec.rb
|
88
55
|
- spec/lockdown/frameworks/rails_spec.rb
|
@@ -126,13 +93,12 @@ summary: Authorization system for Rails 2.x
|
|
126
93
|
test_files:
|
127
94
|
- spec/lockdown_spec.rb
|
128
95
|
- spec/spec_helper.rb
|
129
|
-
- spec/lockdown/
|
130
|
-
- spec/lockdown/rspec_helper_spec.rb
|
96
|
+
- spec/lockdown/system_spec.rb
|
131
97
|
- spec/lockdown/context_spec.rb
|
132
98
|
- spec/lockdown/permission_spec.rb
|
133
|
-
- spec/lockdown/system_spec.rb
|
134
|
-
- spec/lockdown/database_spec.rb
|
135
99
|
- spec/lockdown/session_spec.rb
|
100
|
+
- spec/lockdown/rspec_helper_spec.rb
|
101
|
+
- spec/lockdown/rules_spec.rb
|
136
102
|
- spec/lockdown/frameworks/rails_spec.rb
|
137
103
|
- spec/lockdown/frameworks/rails/view_spec.rb
|
138
104
|
- spec/lockdown/frameworks/rails/controller_spec.rb
|
data/lib/lockdown/database.rb
DELETED
@@ -1,127 +0,0 @@
|
|
1
|
-
module Lockdown
|
2
|
-
class Database
|
3
|
-
class << self
|
4
|
-
# This is very basic and could be handled better using orm specific
|
5
|
-
# functionality, but I wanted to keep it generic to avoid creating
|
6
|
-
# an interface for each the different orm implementations.
|
7
|
-
# We'll see how it works...
|
8
|
-
def sync_with_db
|
9
|
-
|
10
|
-
@permissions = Lockdown::System.get_permissions
|
11
|
-
@user_groups = Lockdown::System.get_user_groups
|
12
|
-
|
13
|
-
unless ::Permission.table_exists? && Lockdown.user_group_class.table_exists?
|
14
|
-
Lockdown.logger.info ">> Lockdown tables not found. Skipping database sync."
|
15
|
-
return
|
16
|
-
end
|
17
|
-
create_new_permissions
|
18
|
-
|
19
|
-
delete_extinct_permissions
|
20
|
-
|
21
|
-
maintain_user_groups
|
22
|
-
rescue Exception => e
|
23
|
-
Lockdown.logger.error ">> Lockdown sync failed: #{e.backtrace.join("\n")}"
|
24
|
-
end
|
25
|
-
|
26
|
-
# Create permissions not found in the database
|
27
|
-
def create_new_permissions
|
28
|
-
@permissions.each do |key|
|
29
|
-
next if Lockdown::System.permission_assigned_automatically?(key)
|
30
|
-
str = Lockdown.get_string(key)
|
31
|
-
p = ::Permission.find(:first, :conditions => ["name = ?", str])
|
32
|
-
unless p
|
33
|
-
Lockdown.logger.info ">> Lockdown: Permission not found in db: #{str}, creating."
|
34
|
-
::Permission.create(:name => str)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
# Delete the permissions not found in init.rb
|
40
|
-
def delete_extinct_permissions
|
41
|
-
db_perms = ::Permission.find(:all).dup
|
42
|
-
db_perms.each do |dbp|
|
43
|
-
unless @permissions.include?(Lockdown.get_symbol(dbp.name))
|
44
|
-
Lockdown.logger.info ">> Lockdown: Permission no longer in init.rb: #{dbp.name}, deleting."
|
45
|
-
ug_table = Lockdown.user_groups_hbtm_reference.to_s
|
46
|
-
if "permissions" < ug_table
|
47
|
-
join_table = "permissions_#{ug_table}"
|
48
|
-
else
|
49
|
-
join_table = "#{ug_table}_permissions"
|
50
|
-
end
|
51
|
-
Lockdown.database_execute("delete from #{join_table} where permission_id = #{dbp.id}")
|
52
|
-
dbp.destroy
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
def maintain_user_groups
|
58
|
-
# Create user groups not found in the database
|
59
|
-
@user_groups.each do |key|
|
60
|
-
str = Lockdown.get_string(key)
|
61
|
-
unless ug = Lockdown.user_group_class.find(:first, :conditions => ["name = ?", str])
|
62
|
-
create_user_group(str, key)
|
63
|
-
else
|
64
|
-
# Remove permissions from user group not found in init.rb
|
65
|
-
remove_invalid_permissions(ug, key)
|
66
|
-
|
67
|
-
# Add in permissions from init.rb not found in database
|
68
|
-
add_valid_permissions(ug, key)
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
72
|
-
|
73
|
-
def create_user_group(name_str, key)
|
74
|
-
Lockdown.logger.info ">> Lockdown: #{Lockdown::System.fetch(:user_group_model)} not in the db: #{name_str}, creating."
|
75
|
-
ug = Lockdown.user_group_class.create(:name => name_str)
|
76
|
-
#Inefficient, definitely, but shouldn't have any issues across orms.
|
77
|
-
#
|
78
|
-
Lockdown::System.permissions_for_user_group(key).each do |perm|
|
79
|
-
|
80
|
-
if Lockdown::System.permission_assigned_automatically?(perm)
|
81
|
-
Lockdown.logger.info ">> Permission #{perm} cannot be assigned to #{name_str}. Already belongs to built in user group (public or protected)."
|
82
|
-
raise InvalidPermissionAssignment, "Invalid permission assignment"
|
83
|
-
end
|
84
|
-
|
85
|
-
p = ::Permission.find(:first, :conditions => ["name = ?", Lockdown.get_string(perm)])
|
86
|
-
|
87
|
-
ug_table = Lockdown.user_groups_hbtm_reference.to_s
|
88
|
-
if "permissions" < ug_table
|
89
|
-
join_table = "permissions_#{ug_table}"
|
90
|
-
else
|
91
|
-
join_table = "#{ug_table}_permissions"
|
92
|
-
end
|
93
|
-
Lockdown.database_execute "insert into #{join_table}(permission_id, #{Lockdown.user_group_id_reference}) values(#{p.id}, #{ug.id})"
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
97
|
-
def remove_invalid_permissions(ug, key)
|
98
|
-
ug.permissions.each do |perm|
|
99
|
-
perm_sym = Lockdown.get_symbol(perm)
|
100
|
-
perm_string = Lockdown.get_string(perm)
|
101
|
-
unless Lockdown::System.permissions_for_user_group(key).include?(perm_sym)
|
102
|
-
Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} no longer associated to User Group: #{ug.name}, deleting."
|
103
|
-
ug.permissions.delete(perm)
|
104
|
-
end
|
105
|
-
end
|
106
|
-
end
|
107
|
-
|
108
|
-
def add_valid_permissions(ug, key)
|
109
|
-
Lockdown::System.permissions_for_user_group(key).each do |perm|
|
110
|
-
perm_string = Lockdown.get_string(perm)
|
111
|
-
found = false
|
112
|
-
# see if permission exists
|
113
|
-
ug.permissions.each do |p|
|
114
|
-
found = true if Lockdown.get_string(p) == perm_string
|
115
|
-
end
|
116
|
-
# if not found, add it
|
117
|
-
unless found
|
118
|
-
Lockdown.logger.info ">> Lockdown: Permission: #{perm_string} not found for User Group: #{ug.name}, adding it."
|
119
|
-
p = ::Permission.find(:first, :conditions => ["name = ?", perm_string])
|
120
|
-
ug.permissions << p
|
121
|
-
end
|
122
|
-
end
|
123
|
-
end
|
124
|
-
|
125
|
-
end # class block
|
126
|
-
end # Database
|
127
|
-
end #Lockdown
|
@@ -1,68 +0,0 @@
|
|
1
|
-
module Lockdown
|
2
|
-
module Orms
|
3
|
-
module ActiveRecord
|
4
|
-
class << self
|
5
|
-
def use_me?
|
6
|
-
Object.const_defined?("ActiveRecord") && ::ActiveRecord.const_defined?("Base")
|
7
|
-
end
|
8
|
-
|
9
|
-
def included(mod)
|
10
|
-
mod.extend Lockdown::Orms::ActiveRecord::Helper
|
11
|
-
mixin
|
12
|
-
end
|
13
|
-
|
14
|
-
def mixin
|
15
|
-
Lockdown.orm_parent.class_eval do
|
16
|
-
include Lockdown::Orms::ActiveRecord::Stamps
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end # class block
|
20
|
-
|
21
|
-
module Helper
|
22
|
-
def orm_parent
|
23
|
-
::ActiveRecord::Base
|
24
|
-
end
|
25
|
-
|
26
|
-
def database_execute(query)
|
27
|
-
orm_parent.connection.execute(query)
|
28
|
-
end
|
29
|
-
|
30
|
-
def database_query(query)
|
31
|
-
orm_parent.connection.execute(query)
|
32
|
-
end
|
33
|
-
|
34
|
-
def database_table_exists?(klass)
|
35
|
-
klass.table_exists?
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
module Stamps
|
40
|
-
def self.included(base)
|
41
|
-
base.class_eval do
|
42
|
-
alias_method :create_without_stamps, :create
|
43
|
-
alias_method :create, :create_with_stamps
|
44
|
-
alias_method :update_without_stamps, :update
|
45
|
-
alias_method :update, :update_with_stamps
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
def current_who_did_it
|
50
|
-
Thread.current[:who_did_it]
|
51
|
-
end
|
52
|
-
|
53
|
-
def create_with_stamps
|
54
|
-
pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
|
55
|
-
self[:created_by] = pid if self.respond_to?(:created_by)
|
56
|
-
self[:updated_by] = pid if self.respond_to?(:updated_by)
|
57
|
-
create_without_stamps
|
58
|
-
end
|
59
|
-
|
60
|
-
def update_with_stamps
|
61
|
-
pid = current_who_did_it || Lockdown::System.fetch(:default_who_did_it)
|
62
|
-
self[:updated_by] = pid if self.respond_to?(:updated_by)
|
63
|
-
update_without_stamps
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
67
|
-
end
|
68
|
-
end
|