vigilante 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.travis.yml +5 -0
- data/Gemfile +27 -0
- data/Gemfile.lock +107 -0
- data/History.md +7 -0
- data/MIT-LICENSE +20 -0
- data/README.markdown +109 -0
- data/Rakefile +48 -0
- data/VERSION +1 -0
- data/app/controllers/abilities_controller.rb +18 -0
- data/app/models/ability.rb +6 -0
- data/app/models/ability_permission.rb +4 -0
- data/app/models/authorization.rb +34 -0
- data/app/models/authorization_extent.rb +34 -0
- data/app/models/permission.rb +2 -0
- data/app/models/permission_hash.rb +131 -0
- data/app/views/abilities/index.html.haml +15 -0
- data/app/views/abilities/show.html.haml +71 -0
- data/lib/config/vigilante_config.yml +19 -0
- data/lib/db/migrate/20101028091755_create_permissions.rb +13 -0
- data/lib/db/migrate/20101028091859_create_abilities.rb +14 -0
- data/lib/db/migrate/20101028091927_create_ability_permissions.rb +14 -0
- data/lib/db/migrate/20101028092014_create_authorizations.rb +16 -0
- data/lib/db/migrate/20101124131334_add_extent_flag_to_ability.rb +9 -0
- data/lib/db/migrate/20101129084538_add_authorization_extent.rb +15 -0
- data/lib/db/migrate/20101129084620_remove_extent_from_authorization.rb +11 -0
- data/lib/generators/vigilante/install/install_generator.rb +104 -0
- data/lib/generators/vigilante/install/templates/create_abilities.rb +14 -0
- data/lib/generators/vigilante/install/templates/create_ability_permissions.rb +14 -0
- data/lib/generators/vigilante/install/templates/create_authorization_extents.rb +15 -0
- data/lib/generators/vigilante/install/templates/create_authorizations.rb +13 -0
- data/lib/generators/vigilante/install/templates/create_permissions.rb +13 -0
- data/lib/generators/vigilante/install/templates/watchman_config.yml +19 -0
- data/lib/vigilante/active_record_extensions.rb +33 -0
- data/lib/vigilante/authorization.rb +169 -0
- data/lib/vigilante/controller_extension.rb +34 -0
- data/lib/vigilante/finder_helper.rb +24 -0
- data/lib/vigilante/watched_operator.rb +149 -0
- data/lib/vigilante.rb +47 -0
- data/spec/controllers/application_controller_spec.rb +8 -0
- data/spec/controllers/blogs_controller_spec.rb +8 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/controllers/application_controller.rb +5 -0
- data/spec/dummy/app/controllers/blogs_controller.rb +6 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/author.rb +3 -0
- data/spec/dummy/app/models/blog.rb +3 -0
- data/spec/dummy/app/models/post.rb +3 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config/application.rb +45 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml +22 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +26 -0
- data/spec/dummy/config/environments/production.rb +49 -0
- data/spec/dummy/config/environments/test.rb +35 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/inflections.rb +10 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/locales/en.yml +5 -0
- data/spec/dummy/config/routes.rb +58 -0
- data/spec/dummy/config/vigilante_config.yml +18 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/db/migrate/20101028091755_create_permissions.rb +13 -0
- data/spec/dummy/db/migrate/20101028091859_create_abilities.rb +14 -0
- data/spec/dummy/db/migrate/20101028091927_create_ability_permissions.rb +14 -0
- data/spec/dummy/db/migrate/20101028092014_create_authorizations.rb +16 -0
- data/spec/dummy/db/migrate/20101124131334_add_extent_flag_to_ability.rb +9 -0
- data/spec/dummy/db/migrate/20101129084538_add_authorization_extent.rb +15 -0
- data/spec/dummy/db/migrate/20101129084620_remove_extent_from_authorization.rb +11 -0
- data/spec/dummy/db/migrate/20110118120344_create_blogs.rb +14 -0
- data/spec/dummy/db/migrate/20110118120421_create_posts.rb +16 -0
- data/spec/dummy/db/migrate/20110118120448_create_authors.rb +15 -0
- data/spec/dummy/db/schema.rb +75 -0
- data/spec/dummy/db/seeds/initial_watchman_permissions.rb +37 -0
- data/spec/dummy/db/seeds.rb +6 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +26 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/public/javascripts/application.js +2 -0
- data/spec/dummy/public/javascripts/controls.js +965 -0
- data/spec/dummy/public/javascripts/dragdrop.js +974 -0
- data/spec/dummy/public/javascripts/effects.js +1123 -0
- data/spec/dummy/public/javascripts/prototype.js +6001 -0
- data/spec/dummy/public/javascripts/rails.js +175 -0
- data/spec/dummy/public/stylesheets/.gitkeep +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/models/ability_permission_spec.rb +6 -0
- data/spec/models/ability_spec.rb +20 -0
- data/spec/models/author_spec.rb +7 -0
- data/spec/models/authorization_extent_spec.rb +94 -0
- data/spec/models/authorization_spec.rb +104 -0
- data/spec/models/permission_hash_spec.rb +162 -0
- data/spec/models/permission_spec.rb +5 -0
- data/spec/spec_helper.rb +49 -0
- data/spec/vigilante_spec.rb +5 -0
- metadata +236 -0
@@ -0,0 +1,16 @@
|
|
1
|
+
class CreateAuthorizations < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :authorizations do |t|
|
4
|
+
t.integer :operator_id
|
5
|
+
t.integer :ability_id
|
6
|
+
t.string :extent
|
7
|
+
t.string :extent_type
|
8
|
+
|
9
|
+
t.timestamps
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.down
|
14
|
+
drop_table :authorizations
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class AddAuthorizationExtent < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :authorization_extents do |t|
|
4
|
+
t.integer :authorization_id
|
5
|
+
t.string :extent_type
|
6
|
+
t.integer :extent_objid
|
7
|
+
|
8
|
+
t.timestamps
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.down
|
13
|
+
drop_table :authorization_extents
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class RemoveExtentFromAuthorization < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
remove_column :authorizations, :extent
|
4
|
+
remove_column :authorizations, :extent_type
|
5
|
+
end
|
6
|
+
|
7
|
+
def self.down
|
8
|
+
add_column :authorizations, :extent, :string
|
9
|
+
add_column :authorizations, :extent_type, :string
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class CreatePosts < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :posts do |t|
|
4
|
+
t.string :title
|
5
|
+
t.string :description
|
6
|
+
t.integer :blog_id
|
7
|
+
t.integer :author_id
|
8
|
+
|
9
|
+
t.timestamps
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.down
|
14
|
+
drop_table :posts
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# This file is auto-generated from the current state of the database. Instead
|
2
|
+
# of editing this file, please use the migrations feature of Active Record to
|
3
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
4
|
+
#
|
5
|
+
# Note that this schema.rb definition is the authoritative source for your
|
6
|
+
# database schema. If you need to create the application database on another
|
7
|
+
# system, you should be using db:schema:load, not running all the migrations
|
8
|
+
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
9
|
+
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
10
|
+
#
|
11
|
+
# It's strongly recommended to check this file into your version control system.
|
12
|
+
|
13
|
+
ActiveRecord::Schema.define(:version => 20110118120448) do
|
14
|
+
|
15
|
+
create_table "abilities", :force => true do |t|
|
16
|
+
t.string "name"
|
17
|
+
t.string "description"
|
18
|
+
t.datetime "created_at"
|
19
|
+
t.datetime "updated_at"
|
20
|
+
t.boolean "needs_extent"
|
21
|
+
end
|
22
|
+
|
23
|
+
create_table "ability_permissions", :force => true do |t|
|
24
|
+
t.integer "ability_id"
|
25
|
+
t.integer "permission_id"
|
26
|
+
t.datetime "created_at"
|
27
|
+
t.datetime "updated_at"
|
28
|
+
end
|
29
|
+
|
30
|
+
create_table "authorization_extents", :force => true do |t|
|
31
|
+
t.integer "authorization_id"
|
32
|
+
t.string "extent_type"
|
33
|
+
t.integer "extent_objid"
|
34
|
+
t.datetime "created_at"
|
35
|
+
t.datetime "updated_at"
|
36
|
+
end
|
37
|
+
|
38
|
+
create_table "authorizations", :force => true do |t|
|
39
|
+
t.integer "operator_id"
|
40
|
+
t.integer "ability_id"
|
41
|
+
t.datetime "created_at"
|
42
|
+
t.datetime "updated_at"
|
43
|
+
end
|
44
|
+
|
45
|
+
create_table "authors", :force => true do |t|
|
46
|
+
t.string "name"
|
47
|
+
t.string "description"
|
48
|
+
t.string "hobbies"
|
49
|
+
t.datetime "created_at"
|
50
|
+
t.datetime "updated_at"
|
51
|
+
end
|
52
|
+
|
53
|
+
create_table "blogs", :force => true do |t|
|
54
|
+
t.string "title"
|
55
|
+
t.string "description"
|
56
|
+
t.datetime "created_at"
|
57
|
+
t.datetime "updated_at"
|
58
|
+
end
|
59
|
+
|
60
|
+
create_table "permissions", :force => true do |t|
|
61
|
+
t.string "allowed_action"
|
62
|
+
t.datetime "created_at"
|
63
|
+
t.datetime "updated_at"
|
64
|
+
end
|
65
|
+
|
66
|
+
create_table "posts", :force => true do |t|
|
67
|
+
t.string "title"
|
68
|
+
t.string "description"
|
69
|
+
t.integer "blog_id"
|
70
|
+
t.integer "author_id"
|
71
|
+
t.datetime "created_at"
|
72
|
+
t.datetime "updated_at"
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
perm_allowed_all = Permission.find_or_create_by_allowed_action('*[all]')
|
4
|
+
perm_read_all = Permission.find_or_create_by_allowed_action('*[index,show]')
|
5
|
+
perm_blog_all = Permission.find_or_create_by_allowed_action('blogs[all]')
|
6
|
+
perm_blog_read = Permission.find_or_create_by_allowed_action('blogs[index,show]')
|
7
|
+
|
8
|
+
ab_all = Ability.find_or_create_by_name(:name => 'can-manage-all') do |ab|
|
9
|
+
ab.permissions << perm_allowed_all
|
10
|
+
end
|
11
|
+
|
12
|
+
ab_read_all = Ability.find_or_create_by_name(:name => 'can-read-all') do |ab|
|
13
|
+
ab.permissions << perm_read_all
|
14
|
+
end
|
15
|
+
|
16
|
+
ab_blog_all = Ability.find_or_create_by_name(:name => 'can-manage-blogs') do |ab|
|
17
|
+
ab.permissions << perm_blog_all
|
18
|
+
end
|
19
|
+
ab_blog_all.update_attribute(:needs_extent, true)
|
20
|
+
|
21
|
+
|
22
|
+
ab_blog_read = Ability.find_or_create_by_name(:name => 'can-see-blogs') do |ab|
|
23
|
+
ab.permissions << perm_blog_read
|
24
|
+
end
|
25
|
+
ab_blog_read.update_attribute(:needs_extent, true)
|
26
|
+
|
27
|
+
|
28
|
+
### Assign the permissions to an operator/user
|
29
|
+
# If we have them
|
30
|
+
|
31
|
+
#op = Operator.find_by_email('admin@test.com')
|
32
|
+
#op.authorizations << Authorization.create(:operator_id => op.id, :ability_id => ab_all.id)
|
33
|
+
#
|
34
|
+
#op = Operator.find_by_email('blog_admin@test.com')
|
35
|
+
## can adminster blog with ids 1 and 2
|
36
|
+
#op.authorizations << Authorization.create(:operator_id => op.id, :ability_id => ab_all.id, :context => '1')
|
37
|
+
#op.authorizations << Authorization.create(:operator_id => op.id, :ability_id => ab_read_all.id, :context => '2')
|
@@ -0,0 +1,6 @@
|
|
1
|
+
# This file should contain all the record creation needed to seed the database with its default values.
|
2
|
+
# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
|
3
|
+
|
4
|
+
Dir[File.join(Rails.root.to_s, 'db', 'seeds', '*.rb')].sort.each { |seed| load seed }
|
5
|
+
|
6
|
+
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>The page you were looking for doesn't exist (404)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/404.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>The page you were looking for doesn't exist.</h1>
|
23
|
+
<p>You may have mistyped the address or the page may have moved.</p>
|
24
|
+
</div>
|
25
|
+
</body>
|
26
|
+
</html>
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>The change you wanted was rejected (422)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/422.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>The change you wanted was rejected.</h1>
|
23
|
+
<p>Maybe you tried to change something you didn't have access to.</p>
|
24
|
+
</div>
|
25
|
+
</body>
|
26
|
+
</html>
|
@@ -0,0 +1,26 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>We're sorry, but something went wrong (500)</title>
|
5
|
+
<style type="text/css">
|
6
|
+
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
+
div.dialog {
|
8
|
+
width: 25em;
|
9
|
+
padding: 0 4em;
|
10
|
+
margin: 4em auto 0 auto;
|
11
|
+
border: 1px solid #ccc;
|
12
|
+
border-right-color: #999;
|
13
|
+
border-bottom-color: #999;
|
14
|
+
}
|
15
|
+
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
+
</style>
|
17
|
+
</head>
|
18
|
+
|
19
|
+
<body>
|
20
|
+
<!-- This file lives in public/500.html -->
|
21
|
+
<div class="dialog">
|
22
|
+
<h1>We're sorry, but something went wrong.</h1>
|
23
|
+
<p>We've been notified about this issue and we'll take a look at it shortly.</p>
|
24
|
+
</div>
|
25
|
+
</body>
|
26
|
+
</html>
|
File without changes
|