Module: Lockdown::Rules
- Included in:
- System
- Defined in:
- lib/lockdown/rules.rb
Instance Attribute Summary collapse
-
#options ⇒ Object
Returns the value of attribute options.
-
#permission_objects ⇒ Object
readonly
Returns the value of attribute permission_objects.
-
#permissions ⇒ Object
Returns the value of attribute permissions.
-
#protected_access ⇒ Object
readonly
Returns the value of attribute protected_access.
-
#public_access ⇒ Object
readonly
Returns the value of attribute public_access.
-
#user_groups ⇒ Object
Returns the value of attribute user_groups.
Instance Method Summary collapse
-
#access_rights_for_permission(perm) ⇒ Object
Return array of controller/action for a permission.
-
#access_rights_for_user(usr) ⇒ Object
Return array of controller/action values user can access.
-
#access_rights_for_user_group(user_group_sym) ⇒ Object
Return array of controller/action for a user group.
-
#administrator?(usr) ⇒ Boolean
Test user for administrator rights.
-
#get_permissions ⇒ Object
Returns array of permission names as symbols.
-
#get_user_groups ⇒ Object
Returns array of user group names as symbols.
-
#make_user_administrator(usr) ⇒ Object
Pass in a user object to be associated to the administrator user group The group will be created if it doesn’t exist.
-
#permission_assigned_automatically?(permmision_symbol) ⇒ Boolean
These permissions are assigned by the system.
-
#permission_exists?(permission_symbol) ⇒ Boolean
(also: #has_permission?)
Is the permission defined?.
-
#permissions_assignable_for_user(usr) ⇒ Object
Similar to user_groups_assignable_for_user, this method should be used to restrict users from creating a user group with more power than they have been allowed.
-
#permissions_for_user_group(ug) ⇒ Object
Returns and array of permission symbols for the user group.
- #process_rules ⇒ Object
-
#protected_access?(perm_symbol) ⇒ Boolean
returns true if the permission is public.
-
#public_access?(perm_symbol) ⇒ Boolean
returns true if the permission is public.
- #set_defaults ⇒ Object
-
#set_permission(name) ⇒ Object
Creates new permission object Refer to the Permission object for the full functionality.
-
#set_protected_access(*perms) ⇒ Object
Defines protected access by the permission symbols.
-
#set_public_access(*perms) ⇒ Object
Defines public access by the permission symbols.
-
#set_user_group(name, *perms) ⇒ Object
Define a user groups by name and permission symbol(s).
-
#standard_authorized_user_rights ⇒ Object
Returns array of controller/action values all logged in users can access.
-
#user_group_exists?(user_group_symbol) ⇒ Boolean
(also: #has_user_group?)
Is the user group defined? The :administrators user group always exists.
-
#user_groups_assignable_for_user(usr) ⇒ Object
Use this for the management screen to restrict user group list to the user.
-
#user_has_user_group?(usr, sym) ⇒ Boolean
Pass in user object and symbol for name of user group.
Instance Attribute Details
#options ⇒ Object
Returns the value of attribute options.
3 4 5 |
# File 'lib/lockdown/rules.rb', line 3 def @options end |
#permission_objects ⇒ Object (readonly)
Returns the value of attribute permission_objects.
10 11 12 |
# File 'lib/lockdown/rules.rb', line 10 def @permission_objects end |
#permissions ⇒ Object
Returns the value of attribute permissions.
4 5 6 |
# File 'lib/lockdown/rules.rb', line 4 def @permissions end |
#protected_access ⇒ Object (readonly)
Returns the value of attribute protected_access.
7 8 9 |
# File 'lib/lockdown/rules.rb', line 7 def protected_access @protected_access end |
#public_access ⇒ Object (readonly)
Returns the value of attribute public_access.
8 9 10 |
# File 'lib/lockdown/rules.rb', line 8 def public_access @public_access end |
#user_groups ⇒ Object
Returns the value of attribute user_groups.
5 6 7 |
# File 'lib/lockdown/rules.rb', line 5 def user_groups @user_groups end |
Instance Method Details
#access_rights_for_permission(perm) ⇒ Object
Return array of controller/action for a permission
184 185 186 187 188 189 190 |
# File 'lib/lockdown/rules.rb', line 184 def (perm) sym = Lockdown.get_symbol(perm) [sym] rescue raise SecurityError, "Permission requested is not defined: #{sym}" end |
#access_rights_for_user(usr) ⇒ Object
Return array of controller/action values user can access.
159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
# File 'lib/lockdown/rules.rb', line 159 def access_rights_for_user(usr) return unless usr return :all if administrator?(usr) rights = user_groups = usr.send(Lockdown.user_groups_hbtm_reference) user_groups.each do |grp| (grp).each do |perm| rights += (perm) end end rights end |
#access_rights_for_user_group(user_group_sym) ⇒ Object
Return array of controller/action for a user group
175 176 177 178 179 180 181 |
# File 'lib/lockdown/rules.rb', line 175 def access_rights_for_user_group(user_group_sym) res = [] (user_group_sym).each do |perm| res << (perm) end res.flatten end |
#administrator?(usr) ⇒ Boolean
Test user for administrator rights
194 195 196 |
# File 'lib/lockdown/rules.rb', line 194 def administrator?(usr) user_has_user_group?(usr, Lockdown.administrator_group_symbol) end |
#get_permissions ⇒ Object
Returns array of permission names as symbols
98 99 100 |
# File 'lib/lockdown/rules.rb', line 98 def .keys end |
#get_user_groups ⇒ Object
Returns array of user group names as symbols
127 128 129 |
# File 'lib/lockdown/rules.rb', line 127 def get_user_groups user_groups.keys end |
#make_user_administrator(usr) ⇒ Object
Pass in a user object to be associated to the administrator user group The group will be created if it doesn’t exist
146 147 148 149 150 |
# File 'lib/lockdown/rules.rb', line 146 def make_user_administrator(usr) user_groups = usr.send(Lockdown.user_groups_hbtm_reference) user_groups << Lockdown.user_group_class. find_or_create_by_name(Lockdown.administrator_group_string) end |
#permission_assigned_automatically?(permmision_symbol) ⇒ Boolean
These permissions are assigned by the system
122 123 124 |
# File 'lib/lockdown/rules.rb', line 122 def (permmision_symbol) public_access?(permmision_symbol) || protected_access?(permmision_symbol) end |
#permission_exists?(permission_symbol) ⇒ Boolean Also known as: has_permission?
Is the permission defined?
103 104 105 |
# File 'lib/lockdown/rules.rb', line 103 def () .include?() end |
#permissions_assignable_for_user(usr) ⇒ Object
Similar to user_groups_assignable_for_user, this method should be used to restrict users from creating a user group with more power than they have been allowed.
235 236 237 238 239 240 241 242 243 244 245 246 |
# File 'lib/lockdown/rules.rb', line 235 def (usr) return [] if usr.nil? if administrator?(usr) .collect do |k| ::Permission.find_by_name(Lockdown.get_string(k)) end.compact else user_groups_assignable_for_user(usr).collect do |g| g. end.flatten.compact end end |
#permissions_for_user_group(ug) ⇒ Object
Returns and array of permission symbols for the user group
249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
# File 'lib/lockdown/rules.rb', line 249 def (ug) sym = Lockdown.get_symbol(ug) perm_array = [] if has_user_group?(sym) = user_groups[sym] || [] else = ug. end .each do |perm| perm_sym = Lockdown.get_symbol(perm) unless (perm_sym) msg = "Permission associated to User Group is invalid: #{perm}" raise SecurityError, msg end perm_array << perm_sym end perm_array end |
#process_rules ⇒ Object
274 275 276 277 |
# File 'lib/lockdown/rules.rb', line 274 def process_rules validate_user_groups end |
#protected_access?(perm_symbol) ⇒ Boolean
returns true if the permission is public
116 117 118 119 |
# File 'lib/lockdown/rules.rb', line 116 def protected_access?(perm_symbol) obj = (perm_symbol) obj.nil? ? false : obj.protected_access? end |
#public_access?(perm_symbol) ⇒ Boolean
returns true if the permission is public
110 111 112 113 |
# File 'lib/lockdown/rules.rb', line 110 def public_access?(perm_symbol) obj = (perm_symbol) obj.nil? ? false : obj.public_access? end |
#set_defaults ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'lib/lockdown/rules.rb', line 12 def set_defaults @permissions = {} @user_groups = {} @options = {} @permission_objects = {} @public_access = [] @protected_access = [] @options = { :session_timeout => (60 * 60), :who_did_it => :current_user_id, :default_who_did_it => 1, :logout_on_access_violation => false, :access_denied_path => "/", :successful_login_path => "/", :subdirectory => nil, :skip_db_sync_in => ["test"], :link_separator => ' | ', :user_group_model => "UserGroup", :user_model => "User" } end |
#set_permission(name) ⇒ Object
Creates new permission object
Refer to the Permission object for the full functionality
43 44 45 |
# File 'lib/lockdown/rules.rb', line 43 def (name) @permission_objects[name] = Lockdown::Permission.new(name) end |
#set_protected_access(*perms) ⇒ Object
Defines protected access by the permission symbols
Example
set_public_access(:permission_one, :permission_two)
69 70 71 72 73 74 75 76 77 78 79 |
# File 'lib/lockdown/rules.rb', line 69 def set_protected_access(*perms) perms.each do |perm_symbol| perm = (perm_symbol) if perm perm.set_as_protected_access else msg = "Permission not found: #{perm_symbol}" raise Lockdown::InvalidRuleAssignment, msg end end end |
#set_public_access(*perms) ⇒ Object
Defines public access by the permission symbols
Example
set_public_access(:permission_one, :permission_two)
52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/lockdown/rules.rb', line 52 def set_public_access(*perms) perms.each do |perm_symbol| perm = (perm_symbol) if perm perm.set_as_public_access else msg = "Permission not found: #{perm_symbol}" raise Lockdown::InvalidRuleAssignment, msg end end end |
#set_user_group(name, *perms) ⇒ Object
Define a user groups by name and permission symbol(s)
Example
set_user_group(:managment_group, :permission_one, :permission_two)
86 87 88 89 90 91 |
# File 'lib/lockdown/rules.rb', line 86 def set_user_group(name, *perms) user_groups[name] ||= [] perms.each do |perm| user_groups[name].push(perm) end end |
#standard_authorized_user_rights ⇒ Object
Returns array of controller/action values all logged in users can access.
154 155 156 |
# File 'lib/lockdown/rules.rb', line 154 def public_access + protected_access end |
#user_group_exists?(user_group_symbol) ⇒ Boolean Also known as: has_user_group?
Is the user group defined?
The :administrators user group always exists
133 134 135 136 |
# File 'lib/lockdown/rules.rb', line 133 def user_group_exists?(user_group_symbol) return true if user_group_symbol == Lockdown.administrator_group_symbol get_user_groups.include?(user_group_symbol) end |
#user_groups_assignable_for_user(usr) ⇒ Object
Use this for the management screen to restrict user group list to the user. This will prevent a user from creating a user with more power than him/her self.
209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 |
# File 'lib/lockdown/rules.rb', line 209 def user_groups_assignable_for_user(usr) return [] if usr.nil? ug_table = Lockdown.user_groups_hbtm_reference.to_s if administrator?(usr) Lockdown.user_group_class.find_by_sql <<-SQL select #{ug_table}.* from #{ug_table} order by #{ug_table}.name SQL else usr_table = Lockdown.users_hbtm_reference.to_s if usr_table < ug_table join_table = "#{usr_table}_#{ug_table}" else join_table = "#{ug_table}_#{usr_table}" end Lockdown.user_group_class.find_by_sql <<-SQL select #{ug_table}.* from #{ug_table}, #{join_table} where #{ug_table}.id = #{join_table}.#{Lockdown.user_group_id_reference} and #{join_table}.#{Lockdown.user_id_reference} = #{usr.id} order by #{ug_table}.name SQL end end |
#user_has_user_group?(usr, sym) ⇒ Boolean
Pass in user object and symbol for name of user group
199 200 201 202 203 204 |
# File 'lib/lockdown/rules.rb', line 199 def user_has_user_group?(usr, sym) user_groups = usr.send(Lockdown.user_groups_hbtm_reference) user_groups.any? do |ug| Lockdown.convert_reference_name(ug.name) == sym end end |