Module: Lockdown::Configuration

Defined in:

lib/lockdown/configuration.rb

Class Attribute Summary

• .access_denied_path ⇒ Object

  Path to redirect to if access is denied.

• .configured ⇒ Object

  Flag to determine if configuration method has been executed Default false.

• .default_who_did_it ⇒ Object

  User id to associate to system actions Default 1.

• .link_separator ⇒ Object

  When using the links helper, this character will be used to separate the links.

• .logout_on_access_violation ⇒ Object

  Logout user if attempt to access restricted resource Default false.

• .permissions ⇒ Object

  Array of permission objects that defines the access to the application.

• .protected_access ⇒ Object

  Array of paths that are restricted to an authenticated user.

• .public_access ⇒ Object

  Regex string of paths that are publicly accessible.

• .skip_db_sync_in ⇒ Object

  Which environments Lockdown should not sync with db Default [‘test’].

• .successful_login_path ⇒ Object

  Redirect to path on successful login Default “/”.

• .user_group_model ⇒ Object

  The model used to represent the grouping of permisssion.

• .user_groups ⇒ Object

  Array of user group objects Default [].

• .user_model ⇒ Object

  The model used to represent the user.

• .who_did_it ⇒ Object

  Method used to get the id of the user responsible for the current action.

Class Method Summary

• .access_rights_for_permissions(*names) ⇒ String

  Combination of regex_patterns from permissions.

• .access_rights_for_user(user) ⇒ Regex
• .administrator?(user) ⇒ True|False

  True if user has ‘Administrators’ group.

• .authenticated_access ⇒ String

  Concatentation of public_access + “|” + protected_access.

• .find_or_create_user_group(name) ⇒ Lockdown::UserGroup
• .has_permission?(permission) ⇒ true|false

  True if object exists with same name.

• .make_permission_protected(name) ⇒ Object

  Defines the permission as protected.

• .make_permission_public(name) ⇒ Object

  Defines the permission as public.

• .make_user_administrator(user) ⇒ Object
• .maybe_add_user_group(group) ⇒ Object
• .permission(name) ⇒ Object

  Lockdown::Permission object.

• .permission_assigned_automatically?(name) ⇒ true|false

  True if permission is either public or protected.

• .permission_names ⇒ Object

  Array of permission names.

• .reset ⇒ Object

  Set defaults.

• .skip_sync? ⇒ Boolean
• .user_group(name) ⇒ Lockdown::UserGroup

  Object.

• .user_group_names ⇒ Array

  Names.

• .user_group_permissions_names(name) ⇒ Array

  Permissions names.

• .user_has_user_group?(user, name) ⇒ True|False

  True if user has user group with name.

Class Attribute Details

.access_denied_path ⇒ Object

Path to redirect to if access is denied. Default: ‘/’

# File 'lib/lockdown/configuration.rb', line 30

def access_denied_path
  @access_denied_path
end

.configured ⇒ Object

Flag to determine if configuration method has been executed Default false

# File 'lib/lockdown/configuration.rb', line 8

def configured
  @configured
end

.default_who_did_it ⇒ Object

User id to associate to system actions Default 1

# File 'lib/lockdown/configuration.rb', line 27

def default_who_did_it
  @default_who_did_it
end

.link_separator ⇒ Object

When using the links helper, this character will be used to separate the links. Default “|”

# File 'lib/lockdown/configuration.rb', line 40

def link_separator
  @link_separator
end

.logout_on_access_violation ⇒ Object

Logout user if attempt to access restricted resource Default false

# File 'lib/lockdown/configuration.rb', line 36

def logout_on_access_violation
  @logout_on_access_violation
end

.permissions ⇒ Object

Array of permission objects that defines the access to the application. Default []

# File 'lib/lockdown/configuration.rb', line 17

def permissions
  @permissions
end

.protected_access ⇒ Object

Array of paths that are restricted to an authenticated user. Default “”

# File 'lib/lockdown/configuration.rb', line 14

def protected_access
  @protected_access
end

.public_access ⇒ Object

Regex string of paths that are publicly accessible. Default “/”

# File 'lib/lockdown/configuration.rb', line 11

def public_access
  @public_access
end

.skip_db_sync_in ⇒ Object

Which environments Lockdown should not sync with db Default [‘test’]

# File 'lib/lockdown/configuration.rb', line 51

def skip_db_sync_in
  @skip_db_sync_in
end

.successful_login_path ⇒ Object

Redirect to path on successful login Default “/”

# File 'lib/lockdown/configuration.rb', line 33

def successful_login_path
  @successful_login_path
end

.user_group_model ⇒ Object

The model used to represent the grouping of permisssion. Common choices are ‘Role’ and ‘UserGroup’. Default “UserGroup”

# File 'lib/lockdown/configuration.rb', line 44

def user_group_model
  @user_group_model
end

.user_groups ⇒ Object

Array of user group objects Default []

# File 'lib/lockdown/configuration.rb', line 20

def user_groups
  @user_groups
end

.user_model ⇒ Object

The model used to represent the user. Common choices are ‘User’ and ‘Person’. Default “User”

# File 'lib/lockdown/configuration.rb', line 48

def user_model
  @user_model
end

.who_did_it ⇒ Object

Method used to get the id of the user responsible for the current action. Default :current_user_id

# File 'lib/lockdown/configuration.rb', line 24

def who_did_it
  @who_did_it
end

Class Method Details

.access_rights_for_permissions(*names) ⇒ String

Returns combination of regex_patterns from permissions.

Parameters:

• names (Array(String)) —

  permission names

Returns:

• (String) —

  combination of regex_patterns from permissions

# File 'lib/lockdown/configuration.rb', line 190

def access_rights_for_permissions(*names)
  names.collect{|name| "(#{permission(name).regex_pattern})"}.join('|')
end

.access_rights_for_user(user) ⇒ Regex

Returns:

• (Regex)

# File 'lib/lockdown/configuration.rb', line 171

def access_rights_for_user(user)
  return unless user
  return Lockdown::Resource.regex if administrator?(user)

  user_groups = user.send(Lockdown.user_groups_hbtm_reference)

  permission_names = []

  user_groups.each do |ug|
    ug.permissions.each do |p|
      permission_names << p.name
    end
  end

  authenticated_access + "|" + access_rights_for_permissions(*permission_names)
end

.administrator?(user) ⇒ True|False

Returns true if user has ‘Administrators’ group.

Returns:

• (True|False) —

  true if user has ‘Administrators’ group

# File 'lib/lockdown/configuration.rb', line 151

def administrator?(user)
  user_has_user_group?(user, Lockdown.administrator_group_name)
end

.authenticated_access ⇒ String

Returns concatentation of public_access + “|” + protected_access.

Returns:

• (String) —

  concatentation of public_access + “|” + protected_access

# File 'lib/lockdown/configuration.rb', line 76

def authenticated_access
  public_access + "|" + protected_access
end

.find_or_create_user_group(name) ⇒ Lockdown::UserGroup

Returns:

• (Lockdown::UserGroup)

# File 'lib/lockdown/configuration.rb', line 134

def find_or_create_user_group(name)
  name = name.to_s
  user_group(name) || Lockdown::UserGroup.new(name)
end

.has_permission?(permission) ⇒ true|false

Returns true if object exists with same name.

Parameters:

• permission (Lockdown::Permission) —

  Lockdown::Permission object

Returns:

• (true|false) —

  true if object exists with same name

# File 'lib/lockdown/configuration.rb', line 108

def has_permission?(permission)
  permissions.any?{|p| permission.name == p.name}
end

.make_permission_protected(name) ⇒ Object

Defines the permission as protected

Parameters:

• name (String, Symbol) —

  permission name

# File 'lib/lockdown/configuration.rb', line 97

def make_permission_protected(name)
  permission(name).is_protected
end

.make_permission_public(name) ⇒ Object

Defines the permission as public

Parameters:

• name (String, Symbol) —

  permission name

# File 'lib/lockdown/configuration.rb', line 91

def make_permission_public(name)
  permission(name).is_public
end

.make_user_administrator(user) ⇒ Object

Parameters:

• user (User) —

  User object you want to make an administrator

# File 'lib/lockdown/configuration.rb', line 156

def make_user_administrator(user)
  user_groups = user.send(Lockdown.user_groups_hbtm_reference)
  user_groups << Lockdown.user_group_class.
    find_or_create_by_name(Lockdown.administrator_group_name)
end

.maybe_add_user_group(group) ⇒ Object

# File 'lib/lockdown/configuration.rb', line 129

def maybe_add_user_group(group)
  @user_groups << group unless user_group_names.include?(group.name)
end

.permission(name) ⇒ Object

Returns Lockdown::Permission object.

Parameters:

• name (String, Symbol) —

  permission name

Returns:

• Lockdown::Permission object

Raises:

• (Lockdown::PermissionNotFound)

# File 'lib/lockdown/configuration.rb', line 82

def permission(name)
  name = name.to_s
  perm = permissions.detect{|perm| name == perm.name}
  raise Lockdown::PermissionNotFound.new("Permission: #{name} not found") unless perm
  perm
end

.permission_assigned_automatically?(name) ⇒ true|false

Returns true if permission is either public or protected.

Parameters:

• name (String|Symbol) —

  permission name

Returns:

• (true|false) —

  true if permission is either public or protected

# File 'lib/lockdown/configuration.rb', line 114

def permission_assigned_automatically?(name)
  name = name.to_s

  perm = permission(name)

  perm.public? || perm.protected?
end

.permission_names ⇒ Object

Returns Array of permission names.

Returns:

• Array of permission names

# File 'lib/lockdown/configuration.rb', line 102

def permission_names
  permissions.collect{|p| p.name}
end

.reset ⇒ Object

Set defaults.

# File 'lib/lockdown/configuration.rb', line 53

def reset
  @configured                   = false
  @public_access                = ""
  @protected_access             = ""
  @permissions                  = []
  @user_groups                  = []

  @who_did_it                   = :current_user_id
  @default_who_did_it           = 1

  @access_denied_path           = "/"
  @successful_login_path        = "/"
  @logout_on_access_violation   = false

  @link_separator               = "|"

  @user_group_model             = "UserGroup"
  @user_model                   = "User"

  @skip_db_sync_in              = ['test']
end

.skip_sync? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lockdown/configuration.rb', line 194

def skip_sync?
  true
end

.user_group(name) ⇒ Lockdown::UserGroup

Returns object.

Parameters:

• name (String, Symbol) —

  user group name

Returns:

• (Lockdown::UserGroup) —

  object

# File 'lib/lockdown/configuration.rb', line 124

def user_group(name)
  name = name.to_s
  user_groups.detect{|ug| name == ug.name}
end

.user_group_names ⇒ Array

Returns names.

Returns:

• (Array) —

  names

# File 'lib/lockdown/configuration.rb', line 140

def user_group_names
  user_groups.collect{|ug| ug.name}
end

.user_group_permissions_names(name) ⇒ Array

Returns permissions names.

Parameters:

• name (String) —

  user group name

Returns:

• (Array) —

  permissions names

# File 'lib/lockdown/configuration.rb', line 146

def user_group_permissions_names(name)
  user_group(name).permissions.collect{|p| p.name}
end

.user_has_user_group?(user, name) ⇒ True|False

Returns true if user has user group with name.

Parameters:

• user,name (User, String) —

  user model, name of user group

Returns:

• (True|False) —

  true if user has user group with name

# File 'lib/lockdown/configuration.rb', line 165

def user_has_user_group?(user, name)
  user_groups = user.send(Lockdown.user_groups_hbtm_reference)
  user_groups.any?{|ug| name == ug.name}
end