ucb_rails_security 2.0.7
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +6 -0
- data/Manifest +56 -0
- data/README +195 -0
- data/Rakefile +21 -0
- data/TODO +3 -0
- data/generators/ucb_rails_security/templates/controllers/ucb_security/base_controller.rb +17 -0
- data/generators/ucb_rails_security/templates/controllers/ucb_security/ldap_search_controller.rb +10 -0
- data/generators/ucb_rails_security/templates/controllers/ucb_security/role_users_controller.rb +27 -0
- data/generators/ucb_rails_security/templates/controllers/ucb_security/roles_controller.rb +52 -0
- data/generators/ucb_rails_security/templates/controllers/ucb_security/user_roles_controller.rb +29 -0
- data/generators/ucb_rails_security/templates/controllers/ucb_security/users_controller.rb +59 -0
- data/generators/ucb_rails_security/templates/db/migrate/xxx_create_ucb_rails_security_tables.rb +31 -0
- data/generators/ucb_rails_security/templates/helpers/ucb_security/base_helper.rb +23 -0
- data/generators/ucb_rails_security/templates/helpers/ucb_security/builder.rb +25 -0
- data/generators/ucb_rails_security/templates/helpers/ucb_security/roles_helper.rb +2 -0
- data/generators/ucb_rails_security/templates/helpers/ucb_security/users_helper.rb +2 -0
- data/generators/ucb_rails_security/templates/initializers/ucb_security_config.rb +20 -0
- data/generators/ucb_rails_security/templates/javascripts/ucb_security.js +99 -0
- data/generators/ucb_rails_security/templates/models/ldap_search.rb +48 -0
- data/generators/ucb_rails_security/templates/models/role.rb +32 -0
- data/generators/ucb_rails_security/templates/models/user.rb +106 -0
- data/generators/ucb_rails_security/templates/models/user_roles.rb +3 -0
- data/generators/ucb_rails_security/templates/stylesheets/ucb_security.css +347 -0
- data/generators/ucb_rails_security/templates/views/layouts/ucb_security/_main_navigation.html.erb +10 -0
- data/generators/ucb_rails_security/templates/views/layouts/ucb_security/application.html.erb +24 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/ldap_search/index.html.erb +62 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/role_users/_new.html.erb +11 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/role_users/edit.html.erb +37 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/roles/_users.html.erb +14 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/roles/edit.html.erb +19 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/roles/index.html.erb +34 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/roles/new.html.erb +19 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/roles/show.html.erb +27 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/user_roles/edit.html.erb +17 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/users/edit.html.erb +23 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/users/index.html.erb +43 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/users/new.html.erb +29 -0
- data/generators/ucb_rails_security/templates/views/ucb_security/users/show.html.erb +43 -0
- data/generators/ucb_rails_security/ucb_rails_security_generator.rb +191 -0
- data/init.rb +9 -0
- data/lib/helpers/rspec_helpers.rb +119 -0
- data/lib/tasks/ucb_rails_security.rake +22 -0
- data/lib/ucb_rails_security.rb +60 -0
- data/lib/ucb_rails_security_casauthentication.rb +117 -0
- data/lib/ucb_rails_security_logger.rb +33 -0
- data/lib/ucb_rs_controller_methods.rb +496 -0
- data/rdoc_includes/application_controller_rb.txt +9 -0
- data/rspec/_all_specs.rb +5 -0
- data/rspec/_setup.rb +36 -0
- data/rspec/filter_ldap_spec.rb +87 -0
- data/rspec/filter_role_spec.rb +56 -0
- data/rspec/filter_spec.rb +37 -0
- data/rspec/filter_user_spec.rb +55 -0
- data/rspec/logged_in_status_spec.rb +226 -0
- data/rspec/ucb_rails_security_casauthentication_spec.rb +83 -0
- data/rspec/ucb_rails_security_spec.rb +34 -0
- data/test/test_rails-2.0.x/test/test_helper.rb +38 -0
- data/test/test_rails-2.1.x/test/test_helper.rb +38 -0
- data/ucb_rails_security.gemspec +41 -0
- metadata +147 -0
data/CHANGELOG
ADDED
data/Manifest
ADDED
@@ -0,0 +1,56 @@
|
|
1
|
+
CHANGELOG
|
2
|
+
Manifest
|
3
|
+
README
|
4
|
+
Rakefile
|
5
|
+
TODO
|
6
|
+
generators/ucb_rails_security/templates/controllers/ucb_security/base_controller.rb
|
7
|
+
generators/ucb_rails_security/templates/controllers/ucb_security/ldap_search_controller.rb
|
8
|
+
generators/ucb_rails_security/templates/controllers/ucb_security/role_users_controller.rb
|
9
|
+
generators/ucb_rails_security/templates/controllers/ucb_security/roles_controller.rb
|
10
|
+
generators/ucb_rails_security/templates/controllers/ucb_security/user_roles_controller.rb
|
11
|
+
generators/ucb_rails_security/templates/controllers/ucb_security/users_controller.rb
|
12
|
+
generators/ucb_rails_security/templates/db/migrate/xxx_create_ucb_rails_security_tables.rb
|
13
|
+
generators/ucb_rails_security/templates/helpers/ucb_security/base_helper.rb
|
14
|
+
generators/ucb_rails_security/templates/helpers/ucb_security/builder.rb
|
15
|
+
generators/ucb_rails_security/templates/helpers/ucb_security/roles_helper.rb
|
16
|
+
generators/ucb_rails_security/templates/helpers/ucb_security/users_helper.rb
|
17
|
+
generators/ucb_rails_security/templates/initializers/ucb_security_config.rb
|
18
|
+
generators/ucb_rails_security/templates/javascripts/ucb_security.js
|
19
|
+
generators/ucb_rails_security/templates/models/ldap_search.rb
|
20
|
+
generators/ucb_rails_security/templates/models/role.rb
|
21
|
+
generators/ucb_rails_security/templates/models/user.rb
|
22
|
+
generators/ucb_rails_security/templates/models/user_roles.rb
|
23
|
+
generators/ucb_rails_security/templates/stylesheets/ucb_security.css
|
24
|
+
generators/ucb_rails_security/templates/views/layouts/ucb_security/_main_navigation.html.erb
|
25
|
+
generators/ucb_rails_security/templates/views/layouts/ucb_security/application.html.erb
|
26
|
+
generators/ucb_rails_security/templates/views/ucb_security/ldap_search/index.html.erb
|
27
|
+
generators/ucb_rails_security/templates/views/ucb_security/role_users/_new.html.erb
|
28
|
+
generators/ucb_rails_security/templates/views/ucb_security/role_users/edit.html.erb
|
29
|
+
generators/ucb_rails_security/templates/views/ucb_security/roles/_users.html.erb
|
30
|
+
generators/ucb_rails_security/templates/views/ucb_security/roles/edit.html.erb
|
31
|
+
generators/ucb_rails_security/templates/views/ucb_security/roles/index.html.erb
|
32
|
+
generators/ucb_rails_security/templates/views/ucb_security/roles/new.html.erb
|
33
|
+
generators/ucb_rails_security/templates/views/ucb_security/roles/show.html.erb
|
34
|
+
generators/ucb_rails_security/templates/views/ucb_security/user_roles/edit.html.erb
|
35
|
+
generators/ucb_rails_security/templates/views/ucb_security/users/edit.html.erb
|
36
|
+
generators/ucb_rails_security/templates/views/ucb_security/users/index.html.erb
|
37
|
+
generators/ucb_rails_security/templates/views/ucb_security/users/new.html.erb
|
38
|
+
generators/ucb_rails_security/templates/views/ucb_security/users/show.html.erb
|
39
|
+
generators/ucb_rails_security/ucb_rails_security_generator.rb
|
40
|
+
init.rb
|
41
|
+
lib/helpers/rspec_helpers.rb
|
42
|
+
lib/tasks/ucb_rails_security.rake
|
43
|
+
lib/ucb_rails_security.rb
|
44
|
+
lib/ucb_rails_security_casauthentication.rb
|
45
|
+
lib/ucb_rails_security_logger.rb
|
46
|
+
lib/ucb_rs_controller_methods.rb
|
47
|
+
rdoc_includes/application_controller_rb.txt
|
48
|
+
rspec/_all_specs.rb
|
49
|
+
rspec/_setup.rb
|
50
|
+
rspec/filter_ldap_spec.rb
|
51
|
+
rspec/filter_role_spec.rb
|
52
|
+
rspec/filter_spec.rb
|
53
|
+
rspec/filter_user_spec.rb
|
54
|
+
rspec/logged_in_status_spec.rb
|
55
|
+
rspec/ucb_rails_security_casauthentication_spec.rb
|
56
|
+
rspec/ucb_rails_security_spec.rb
|
data/README
ADDED
@@ -0,0 +1,195 @@
|
|
1
|
+
= UC Berkeley Rails Security
|
2
|
+
UCB::Rails::Security simplifies CAS auth and ldap authz within your rails application by adding
|
3
|
+
custom filters to your rails controllers.
|
4
|
+
|
5
|
+
|
6
|
+
== Description
|
7
|
+
This plugin adds authentication/authorization to your rails application. Currently
|
8
|
+
CAS is the only supported authentication scheme. Authorization is handled by
|
9
|
+
various filters that this plugin provides. The filters can utilize: values from
|
10
|
+
a users and or roles table as well as ldap attributes of the authenticated user.
|
11
|
+
These filters are typically added to your application controller by including
|
12
|
+
the ucb_rs_controller_methods module. Example:
|
13
|
+
user has CAS authenticated
|
14
|
+
|
15
|
+
class ApplicationController < ActionController::Base
|
16
|
+
include UCB::Rails::Security::ControllerMethods
|
17
|
+
|
18
|
+
before_filter :filter_logged_in
|
19
|
+
end
|
20
|
+
|
21
|
+
This would only allow access to if the user has CAS authenticated
|
22
|
+
|
23
|
+
|
24
|
+
|
25
|
+
== Installation
|
26
|
+
These installation instructions assume that you already have a database
|
27
|
+
configured for your rails application and that you have already run the
|
28
|
+
initial <tt>rake db:migrate</tt> command to setup your <tt>schema_info</tt> table.
|
29
|
+
|
30
|
+
|
31
|
+
From RAILS_ROOT run:
|
32
|
+
|
33
|
+
script/generate ucb_rails_security
|
34
|
+
|
35
|
+
This will generate scaffolding for a rudimentary user/role administration interface.
|
36
|
+
It will also install a db:migration: <tt>xxx_create_ucb_rails_security_tables.rb</tt>,
|
37
|
+
where xxx is the next highest available migration number.
|
38
|
+
|
39
|
+
Now run: <tt>rake db:migrate</tt> to run the migrations.
|
40
|
+
|
41
|
+
|
42
|
+
|
43
|
+
== Configuration
|
44
|
+
|
45
|
+
Configuration for this plugin is handled in the file:
|
46
|
+
RAILS_ROOT/config/initializers/ucb_security_config.rb
|
47
|
+
|
48
|
+
You probably want to uncomment the first config option so
|
49
|
+
your application can use the users table. The file itself
|
50
|
+
has comments explaining the options.
|
51
|
+
|
52
|
+
|
53
|
+
Before you can use the users table, you must create a security user.
|
54
|
+
Run the following from RAILS_ROOT:
|
55
|
+
|
56
|
+
rake ucb:create_security_user UID=#{your_uid}
|
57
|
+
|
58
|
+
This adds you to the users table and gives you the 'Security' role.
|
59
|
+
By default, you must have the 'Security' role to access the administrative
|
60
|
+
interface. Now start your application server and point your browser to:
|
61
|
+
|
62
|
+
localhost:3000/ucb_security/
|
63
|
+
|
64
|
+
You should be redirected to CAS. CAS authenticate and you should now
|
65
|
+
have access to the ucb_security administrator pages.
|
66
|
+
|
67
|
+
|
68
|
+
=== Customization
|
69
|
+
The ucb_security scaffolding includes an rudimentary administrative interface
|
70
|
+
to manage users and roles within your rails application. Most of the ucb_security
|
71
|
+
scaffolding has been installed under the namespace ucb_security:
|
72
|
+
|
73
|
+
RAILS_ROOT/apps/controller/ucb_security
|
74
|
+
RAILS_ROOT/apps/views/ucb_security
|
75
|
+
RAILS_ROOT/apps/helpers/ucb_security
|
76
|
+
RAILS_ROOT/public/stylesheets/ucb_security.css
|
77
|
+
|
78
|
+
The models, however, are installed directly beneath your models directory:
|
79
|
+
|
80
|
+
RAILS_ROOT/apps/models/user
|
81
|
+
RAILS_ROOT/apps/models/roles
|
82
|
+
RAILS_ROOT/apps/models/user_roles
|
83
|
+
|
84
|
+
Finally, the ucb_security scaffolding added custom routes to the top of
|
85
|
+
your route file:
|
86
|
+
|
87
|
+
RAILS_ROOT/config/routes.rb
|
88
|
+
|
89
|
+
|
90
|
+
Don't like how something looks? Feel free to change the views, or the stylesheet.
|
91
|
+
If you start changing the models or routes, make sure you add tests!
|
92
|
+
|
93
|
+
|
94
|
+
== Usage
|
95
|
+
=== Authentication
|
96
|
+
The simplest use of this module is to require that users be authenticated
|
97
|
+
by CAS, i.e., they have entered a valid CalNet id and passphrase.
|
98
|
+
|
99
|
+
The following controller requires a user be authenticated:
|
100
|
+
|
101
|
+
class MyController < ApplicationController
|
102
|
+
before_filter :filter_logged_in
|
103
|
+
end
|
104
|
+
|
105
|
+
If the user is already logged in (has been CAS authenticated) then
|
106
|
+
the user can access the controller.
|
107
|
+
|
108
|
+
If not logged in the user will be redirected to the CAS
|
109
|
+
authentication service. Upon successful authentication
|
110
|
+
the user will be redirected to the originally requested url.
|
111
|
+
|
112
|
+
==== Authentication Methods
|
113
|
+
The only authentication method supported is CAS [https://auth.berkeley.edu/cas/login].
|
114
|
+
|
115
|
+
More info about CAS[http://en.wikipedia.org/wiki/Single_sign_on].
|
116
|
+
|
117
|
+
|
118
|
+
=== Authorization
|
119
|
+
|
120
|
+
==== LDAP Filters
|
121
|
+
UCB::Rails::Security is closely integrated with, and in fact depends
|
122
|
+
on UCB::LDAP. Authenticated users are looked up in the LDAP directory and the
|
123
|
+
corresponding UCB::LDAP::Person instance is stored in the Rails session.
|
124
|
+
|
125
|
+
Applications have easy access to a logged in user's LDAP attributes
|
126
|
+
for general purposes, but more importantly these attributes can be
|
127
|
+
used in controller filters with minimal effort (next section).
|
128
|
+
Applications can manage access to controllers based on LDAP attributes.
|
129
|
+
|
130
|
+
This controller can only be accessed by UCB employees:
|
131
|
+
|
132
|
+
class MyController < ApplicationController
|
133
|
+
before_filter :filter_ldap_employee?
|
134
|
+
end
|
135
|
+
|
136
|
+
Note that this filter is dynamically created and queries the <tt>employee?</tt>
|
137
|
+
method of the user's UCB::LDAP::Person entry to do its work.
|
138
|
+
|
139
|
+
See UCB::Rails::Security::ControllerMethods for more information.
|
140
|
+
|
141
|
+
|
142
|
+
==== User and Role Filters
|
143
|
+
If an application has +User+ and +Role+ tables, they can be used to control authorization.
|
144
|
+
|
145
|
+
===== User Filters
|
146
|
+
This controller is restricted to users in the user table:
|
147
|
+
|
148
|
+
class MyController < ApplicationController
|
149
|
+
before_filter :filter_in_user_table
|
150
|
+
end
|
151
|
+
|
152
|
+
This controller is restricted to users that can update:
|
153
|
+
|
154
|
+
class MyController < ApplicationController
|
155
|
+
before_filter :filter_user_can_update?
|
156
|
+
end
|
157
|
+
|
158
|
+
Note that this filter is dynamically created by sending the <tt>can_update?</tt>
|
159
|
+
message to the user instance.
|
160
|
+
|
161
|
+
Any filter of the form ":filter_user_method" will return <tt>true</tt> if the
|
162
|
+
user instance returns <tt>true</tt> when sent <tt>method</tt>.
|
163
|
+
|
164
|
+
===== Role Filters
|
165
|
+
This controller is restricted to users who have the admin role:
|
166
|
+
|
167
|
+
class MyController < ApplicationController
|
168
|
+
before_filter :filter_role_admin
|
169
|
+
end
|
170
|
+
|
171
|
+
Note that this filter is dynamically created and queries the roles
|
172
|
+
for the user to see if "admin" is one of the roles.
|
173
|
+
|
174
|
+
See UCB::Rails::Security::ControllerMethods for more information.
|
175
|
+
|
176
|
+
|
177
|
+
|
178
|
+
== More Information
|
179
|
+
* UCB::Rails::Security for configuration
|
180
|
+
* UCB::Rails::Security::ControllerMethods for filters, form helpers, etc.
|
181
|
+
|
182
|
+
|
183
|
+
== Version
|
184
|
+
:include: ./version.yml
|
185
|
+
|
186
|
+
|
187
|
+
|
188
|
+
== Author
|
189
|
+
Steven Hansen (runner@berkeley.edu)
|
190
|
+
Steve Downey
|
191
|
+
|
192
|
+
|
193
|
+
|
194
|
+
|
195
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
require 'echoe'
|
4
|
+
require 'hanna/rdoctask'
|
5
|
+
|
6
|
+
Echoe.new('ucb_rails_security', '2.0.7') do |p|
|
7
|
+
p.description = "Simplifies CAS auth and ldap authz within your rails application"
|
8
|
+
p.url = "http://ucbrb.rubyforge.org/ucb_rails_security"
|
9
|
+
p.author = "Steven Hansen, Steven Downey"
|
10
|
+
p.email = "runner@berkeley.edu"
|
11
|
+
p.ignore_pattern = ["svn_user.yml", "tasks/**/**", "test/**/**", "version.yml"]
|
12
|
+
p.runtime_dependencies = ["rubycas-client", ">= 2.0.1"]
|
13
|
+
p.runtime_dependencies = ["ucb_ldap", ">= 1.3.0"]
|
14
|
+
p.project = "ucbrb"
|
15
|
+
p.rdoc_options = "-o doc --inline-source -T hanna lib/*.rb"
|
16
|
+
p.rdoc_pattern = ["README", "CHANGELOG", "lib/**/**", "rdoc_includes/**/**"]
|
17
|
+
end
|
18
|
+
|
19
|
+
Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }
|
20
|
+
|
21
|
+
|
data/TODO
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
class UcbSecurity::BaseController < ApplicationController
|
2
|
+
# Move this include into your ApplicationController to add security to your entire application
|
3
|
+
include UCB::Rails::Security::ControllerMethods
|
4
|
+
|
5
|
+
layout 'layouts/ucb_security/application'
|
6
|
+
# Only allow access to users that have the "Security" role
|
7
|
+
before_filter :filter_role_security, :except => [:not_authorized, :logout]
|
8
|
+
|
9
|
+
before_filter :append_headers
|
10
|
+
|
11
|
+
private
|
12
|
+
def append_headers
|
13
|
+
response.headers['Cache-Control'] = "no-store, no-cache, must-revalidate"
|
14
|
+
response.headers['Expires'] = "The, 01 Jan 1970 00:00:00 GMT"
|
15
|
+
response.headers['Pragma'] = "no-cache"
|
16
|
+
end
|
17
|
+
end
|
data/generators/ucb_rails_security/templates/controllers/ucb_security/ldap_search_controller.rb
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
class UcbSecurity::LdapSearchController < UcbSecurity::BaseController
|
2
|
+
|
3
|
+
def index
|
4
|
+
@ldap_people = LdapSearch.find(params[:search_term], params[:search_value])
|
5
|
+
@select_options = LdapSearch.search_term_select_list()
|
6
|
+
@search_term = params[:search_term].blank? ? "" : params[:search_term].to_sym
|
7
|
+
@search_initiated = true if params[:commit]
|
8
|
+
end
|
9
|
+
|
10
|
+
end
|
data/generators/ucb_rails_security/templates/controllers/ucb_security/role_users_controller.rb
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
class UcbSecurity::RoleUsersController < UcbSecurity::BaseController
|
2
|
+
|
3
|
+
before_filter :load_role
|
4
|
+
|
5
|
+
def edit
|
6
|
+
@unassociated_users = @role.non_users_menu_list()
|
7
|
+
@associated_users = @role.users_menu_list()
|
8
|
+
end
|
9
|
+
|
10
|
+
def update
|
11
|
+
@role.update_attributes(:user_ids => params[:user_ids])
|
12
|
+
@role.save!
|
13
|
+
flash[:notice] = "Role users were successfully updated."
|
14
|
+
redirect_to(edit_ucb_security_role_users_path(@role))
|
15
|
+
rescue ActiveRecord::RecordInvalid
|
16
|
+
flash[:error] = @role.errors.each_full {}.join('<br/>')
|
17
|
+
render :action => 'edit'
|
18
|
+
end
|
19
|
+
|
20
|
+
protected
|
21
|
+
def load_role
|
22
|
+
@role = Role.find(params[:role_id])
|
23
|
+
rescue ActiveRecord::RecordNotFound
|
24
|
+
flash[:error] = "Record Not Found"
|
25
|
+
redirect_to(ucb_security_roles_url)
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
class UcbSecurity::RolesController < UcbSecurity::BaseController
|
2
|
+
|
3
|
+
before_filter :init_role, :only => [:show, :edit, :update, :destroy]
|
4
|
+
|
5
|
+
def index
|
6
|
+
@roles = Role.find(:all, :order => 'name')
|
7
|
+
end
|
8
|
+
|
9
|
+
def show
|
10
|
+
end
|
11
|
+
|
12
|
+
def new
|
13
|
+
@role = Role.new
|
14
|
+
end
|
15
|
+
|
16
|
+
def edit
|
17
|
+
end
|
18
|
+
|
19
|
+
def create
|
20
|
+
@role = Role.new(params[:role])
|
21
|
+
@role.save!
|
22
|
+
flash[:notice] = 'Role was successfully created.'
|
23
|
+
redirect_to(ucb_security_role_path(@role))
|
24
|
+
rescue ActiveRecord::RecordInvalid
|
25
|
+
flash.now[:error] = @role.errors.each_full {}.join('<br/>')
|
26
|
+
render(:action => 'new')
|
27
|
+
end
|
28
|
+
|
29
|
+
def update
|
30
|
+
@role.update_attributes!(params[:role])
|
31
|
+
flash[:notice] = 'Role was successfully updated.'
|
32
|
+
redirect_to(edit_ucb_security_role_path(@role))
|
33
|
+
rescue ActiveRecord::RecordInvalid => e
|
34
|
+
flash.now[:error] = @role.errors.each_full {}.join('<br/>')
|
35
|
+
render :action => 'edit'
|
36
|
+
end
|
37
|
+
|
38
|
+
def destroy
|
39
|
+
@role.destroy
|
40
|
+
flash[:notice] = "Record was successfully deleted"
|
41
|
+
redirect_to(ucb_security_roles_path())
|
42
|
+
end
|
43
|
+
|
44
|
+
protected
|
45
|
+
def init_role
|
46
|
+
@role = Role.find(params[:id])
|
47
|
+
rescue ActiveRecord::RecordNotFound
|
48
|
+
flash[:error] = "Record Not Found"
|
49
|
+
redirect_to(ucb_security_roles_path())
|
50
|
+
return false
|
51
|
+
end
|
52
|
+
end
|
data/generators/ucb_rails_security/templates/controllers/ucb_security/user_roles_controller.rb
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
class UcbSecurity::UserRolesController < UcbSecurity::BaseController
|
2
|
+
|
3
|
+
before_filter :load_user
|
4
|
+
|
5
|
+
def edit
|
6
|
+
@roles = Role.find(:all, :order => 'name')
|
7
|
+
end
|
8
|
+
|
9
|
+
def update
|
10
|
+
params[:user] ||= {}
|
11
|
+
params[:user][:role_ids] ||= []
|
12
|
+
|
13
|
+
@user.update_attributes!(params[:user])
|
14
|
+
flash[:notice] = 'User roles were successfully updated.'
|
15
|
+
redirect_to(edit_ucb_security_user_roles_path(@user))
|
16
|
+
rescue ActiveRecord::RecordInvalid
|
17
|
+
@roles = Role.find(:all, :order => 'name')
|
18
|
+
flash.now[:error] = @user.errors.each_full {}.join('<br/>')
|
19
|
+
render(:action => 'edit')
|
20
|
+
end
|
21
|
+
|
22
|
+
protected
|
23
|
+
def load_user
|
24
|
+
@user = User.find(params[:user_id])
|
25
|
+
rescue ActiveRecord::RecordNotFound
|
26
|
+
flash[:error] = "Record Not Found"
|
27
|
+
redirect_to(ucb_security_users_path())
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
class UcbSecurity::UsersController < UcbSecurity::BaseController
|
2
|
+
before_filter :init_user, :only => [:show, :edit, :update, :destroy]
|
3
|
+
|
4
|
+
def index
|
5
|
+
@users = User.find(:all, :order => "last_name, first_name")
|
6
|
+
end
|
7
|
+
|
8
|
+
def show
|
9
|
+
end
|
10
|
+
|
11
|
+
def new
|
12
|
+
@user = User.new_from_ldap_uid(params[:ldap_uid])
|
13
|
+
rescue UCB::LDAP::Person::RecordNotFound => e
|
14
|
+
flash[:error] = e.message
|
15
|
+
redirect_to(ucb_security_users_path())
|
16
|
+
end
|
17
|
+
|
18
|
+
def edit
|
19
|
+
end
|
20
|
+
|
21
|
+
def create
|
22
|
+
@user = User.new(params[:user])
|
23
|
+
@user.save!
|
24
|
+
flash[:notice] = 'User was successfully created.'
|
25
|
+
redirect_to(ucb_security_user_path(@user))
|
26
|
+
rescue ActiveRecord::RecordInvalid
|
27
|
+
flash.now[:error] = @user.errors.each_full {}.join('<br/>')
|
28
|
+
render(:action => 'new')
|
29
|
+
end
|
30
|
+
|
31
|
+
def update
|
32
|
+
@user.update_attributes!(params[:user])
|
33
|
+
flash[:notice] = 'User was successfully updated.'
|
34
|
+
redirect_to(edit_ucb_security_user_path(@user))
|
35
|
+
rescue ActiveRecord::RecordInvalid
|
36
|
+
flash.now[:error] = @user.errors.each_full {}.join('<br/>')
|
37
|
+
render(:action => 'edit')
|
38
|
+
end
|
39
|
+
|
40
|
+
def destroy
|
41
|
+
if @user.current_user?(ldap_uid())
|
42
|
+
flash[:error] = "You cannot delete yourself!"
|
43
|
+
redirect_to(ucb_security_users_path()) and return nil
|
44
|
+
else
|
45
|
+
@user.destroy
|
46
|
+
flash[:notice] = "User was successfully destroyed"
|
47
|
+
redirect_to(ucb_security_users_path())
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
protected
|
52
|
+
def init_user
|
53
|
+
@user = User.find(params[:id])
|
54
|
+
rescue ActiveRecord::RecordNotFound
|
55
|
+
flash[:error] = "Record Not Found"
|
56
|
+
redirect_to(ucb_security_users_path())
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
data/generators/ucb_rails_security/templates/db/migrate/xxx_create_ucb_rails_security_tables.rb
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
class CreateUcbRailsSecurityTables < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table "users", :force => true do |t|
|
4
|
+
t.string :ldap_uid
|
5
|
+
t.string :first_name
|
6
|
+
t.string :last_name
|
7
|
+
t.string :email
|
8
|
+
t.string :phone
|
9
|
+
t.string :department
|
10
|
+
t.timestamps
|
11
|
+
end
|
12
|
+
|
13
|
+
create_table "roles", :force => true do |t|
|
14
|
+
t.string :name
|
15
|
+
t.string :description
|
16
|
+
t.timestamps
|
17
|
+
end
|
18
|
+
|
19
|
+
create_table "user_roles", :force => true, :id => false do |t|
|
20
|
+
t.integer :user_id
|
21
|
+
t.integer :role_id
|
22
|
+
t.timestamps
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def self.down
|
27
|
+
drop_table :users
|
28
|
+
drop_table :roles
|
29
|
+
drop_table :user_roles
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module UcbSecurity::BaseHelper
|
2
|
+
|
3
|
+
def role_checkbox
|
4
|
+
raise "This method has been deprecated"
|
5
|
+
end
|
6
|
+
|
7
|
+
def in_user_table?
|
8
|
+
id_from_uid ? true : false
|
9
|
+
end
|
10
|
+
|
11
|
+
def id_from_uid
|
12
|
+
@user_uids[@entry.uid]
|
13
|
+
end
|
14
|
+
|
15
|
+
def display_message
|
16
|
+
return "<div class='error'>#{flash[:error]}</div>" if flash[:error]
|
17
|
+
return "<div class='notice'>#{flash[:notice]}</div>" if flash[:notice]
|
18
|
+
end
|
19
|
+
|
20
|
+
def title(title)
|
21
|
+
@title = title
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
class UcbSecurity::Builder < ActionView::Helpers::FormBuilder
|
2
|
+
|
3
|
+
def text_field(label, method, options = {}, html_options = {})
|
4
|
+
field = super(method, html_options)
|
5
|
+
format_field(label, method, options, field)
|
6
|
+
end
|
7
|
+
|
8
|
+
def text_area(label, method, options = {}, html_options = {})
|
9
|
+
field = super(method, html_options)
|
10
|
+
format_field(label, method, options, field)
|
11
|
+
end
|
12
|
+
|
13
|
+
def text(label, method, options = {}, html_options = {})
|
14
|
+
format_field(label, method, options, "#{@object.send(method)}")
|
15
|
+
end
|
16
|
+
|
17
|
+
def format_field(label, method, options, field)
|
18
|
+
label = "* ".concat(label) if options[:required] == true
|
19
|
+
|
20
|
+
@template.content_tag(:p,
|
21
|
+
"#{@template.content_tag(:label, label, :for => "#{@object_name}_#{method}")} #{field}"
|
22
|
+
)
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
|
2
|
+
# Uncomment this if your Application uses a user table
|
3
|
+
#
|
4
|
+
# UCB::Rails::Security::using_user_table = true
|
5
|
+
|
6
|
+
|
7
|
+
# When a user logs of CAS, the CAS logout page will display a link for
|
8
|
+
# the user to return to the original application. By default, UCB::Rails::Security
|
9
|
+
# uses http://appdomain.com/ucb_security
|
10
|
+
# Uncommening the below config would change it to: http://appdomain.com
|
11
|
+
#
|
12
|
+
# UCB::Rails::Security::CASAuthentication.home_url = ''
|
13
|
+
|
14
|
+
|
15
|
+
# By default, UCB::Rails::Security will return ldap test entries for all
|
16
|
+
# Rails environments except production. Uncommenting the below will change
|
17
|
+
# the behaviour to return test ids for all environments. You can also add
|
18
|
+
# this config option to a specific environment file to confine the config.
|
19
|
+
#
|
20
|
+
# UCB::Rails::Security::CASAuthentication.allow_test_entries = true
|