first commit

CHANGELOG

@@ -0,0 +1,24 @@
+ActiveAcl rails authorization system
+
+Version 0.2.1 - December 2nd, 2006
+- fixed bug in polymorph creation
+- test suite uses sqlite3 as a default
+- updated documentation
+
+Version 0.2.0 - November 28th, 2006
+- fixed bug with autogenerated mysql indexes too long
+- API change from Permission model to Privilege model
+- refactored to gem comaptible format
+- refactored tests and removed them from the main distribution
+- testing now mysql, postgres and sqlite3
+- added dependency on loaded_plugins and plugin_migrations from pluginaweek.com
+- controller group schema changed to contain parent column
+- gem is now available
+
+Version 0.1.1 - November 14th, 2006
+- changed SQL target query to use LIMIT to help the query planner
+- added LGPL license
+- set Acl.allow default to true
+
+Version 0.1.0 - November 14th, 2006 
+ - initial release, no changes yet

Rakefile

@@ -0,0 +1,97 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+require 'rake/gempackagetask'
+require 'rake/contrib/sshpublisher'
+
+# RCOV command, run as though from the commandline.
+RCOV = "rcov" 
+
+PKG_NAME		   = "active_acl"
+PKG_VERSION		= "0.2.1"
+PKG_FILE_NAME	  = "#{PKG_NAME}-#{PKG_VERSION}"
+RUBY_FORGE_PROJECT = "activeacl"
+RUBY_FORGE_USER = "hildolfur"
+
+spec = Gem::Specification.new do |s|
+  s.name			= PKG_NAME
+  s.version		 = PKG_VERSION
+  s.platform		= Gem::Platform::RUBY
+  s.summary		 = "Provides an unintrusive, scalable and very flexible approach to fine grained access control."
+  s.files		   = FileList["{lib,tasks,generators,db}/[^.]**/[^.]*"].to_a + %w(init.rb install.rb LICENSE Rakefile README CHANGELOG)
+  s.require_path	= "lib"
+  s.autorequire	 = PKG_NAME
+  s.has_rdoc		= true
+  s.add_dependency	"rails", ">= 1.1.6"
+  s.author		  = "Gregor Melhorn"
+  s.email		   = "g.melhorn@web.de"
+  s.homepage		= "http://activeacl.rubyforge.org"
+end
+
+Rake::GemPackageTask.new(spec) do |p|
+  p.gem_spec = spec
+  p.need_tar = true
+  p.need_zip = true
+end
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+#desc "Publish the beta gem"
+#task :pgem => [:package] do
+#  Rake::SshFilePublisher.new("pluginaweek@pluginaweek.org", "/home/pluginaweek/gems.pluginaweek.org/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
+#end
+
+desc "Publish the API documentation"
+task :pdoc => [:rdoc] do
+  Rake::SshDirPublisher.new("hildolfur@rubyforge.org", "/var/www/gforge-projects/activeacl/api", "rdoc").upload
+  #Rake::RubyForgePublisher.new(RUBY_FORGE_PROJECT, RUBY_FORGE_USER).upload
+end
+
+desc "Publish the API docs and gem"
+task :publish => [:pdoc, :release]
+
+desc "Publish the release files to RubyForge."
+task :release => [:gem, :package] do
+  require 'rubyforge'
+  options = {"cookie_jar" => RubyForge::COOKIE_F}
+  options["password"] = ENV["RUBY_FORGE_PASSWORD"] if ENV["RUBY_FORGE_PASSWORD"]
+  ruby_forge = RubyForge.new("./config.yml", options)
+  ruby_forge.login
+  %w( gem tgz zip ).each do |ext|
+	file = "pkg/#{PKG_FILE_NAME}.#{ext}"
+	puts "Releasing #{File.basename(file)}..."
+	ruby_forge.add_release(RUBY_FORGE_PROJECT, PKG_NAME, PKG_VERSION, file)
+  end
+end
+
+desc "generate a coverage report"
+task :coverage do
+  sh "#{RCOV} --rails -T -Ilib -x db/**/* --output ../../../coverage/active_acl test/all_tests.rb"
+end
+
+desc "generate a coverage report saving current state"
+task :coverage_save do
+  sh "#{RCOV} --rails -T -Ilib -x db/**/* --output ../../../coverage/active_acl --save ../../../coverage/active_acl/coverage.info test/all_tests.rb"
+end
+
+desc "generate a diff coverage report on previously saved state"
+task :coverage_diff do
+  sh "#{RCOV} --rails -T -Ilib -x db/**/* --text-coverage-diff ../../../coverage/active_acl/coverage.info --output ../../../coverage/active_acl test/all_tests.rb"
+end
+
+desc 'Test the active_acl plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/unit/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the active_acl plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'GaclBase'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

config.example

@@ -0,0 +1,14 @@
+uri: http://rubyforge.org
+username: user
+is_private: false
+rubyforge:
+  group_ids:
+	activeacl: 2578
+  package_ids:
+	active_acl: 3026
+  type_ids:
+	.zip: 3000
+	.tgz: 5000
+	.gem: 1400
+  processor_ids:
+	Any: 8000

db/migrate/001_base_table_setup.rb

@@ -0,0 +1,111 @@
+class BaseTableSetup < ActiveRecord::Migration
+  def self.up
+    create_table ActiveAcl::OPTIONS[:acls_table] do |t|
+        t.column :section_id,  :int
+        t.column :allow,       :boolean, :null => false, :default => true
+        t.column :enabled,     :boolean, :null => false, :default => true
+        t.column :note,        :string, :null => true
+        t.column :updated_at,  :datetime, :null => false
+    end
+
+    add_index ActiveAcl::OPTIONS[:acls_table], :enabled
+    add_index ActiveAcl::OPTIONS[:acls_table], :section_id
+    add_index ActiveAcl::OPTIONS[:acls_table], :updated_at
+    add_index ActiveAcl::OPTIONS[:acls_table], :note, :unique
+
+    create_table ActiveAcl::OPTIONS[:acl_sections_table] do |t|
+        t.column :description, :string, :limit => 230, :null => false
+    end
+
+    add_index ActiveAcl::OPTIONS[:acl_sections_table], :description, :unique
+
+    create_table ActiveAcl::OPTIONS[:privileges_table] do |t|
+        t.column :section,        :string, :limit => 230, :null => false
+        t.column :value,          :string, :limit => 230, :null => false
+        t.column :description,    :string, :limit => 230, :null => true
+    end
+
+    add_index ActiveAcl::OPTIONS[:privileges_table], [:section, :value], :unique
+
+    create_table ActiveAcl::OPTIONS[:acls_privileges_table], :id => false do |t|
+        t.column :acl_id,         :int, :null => false
+        t.column :privilege_id,  :int, :null => false
+    end
+
+    add_index ActiveAcl::OPTIONS[:acls_privileges_table], [:acl_id, :privilege_id], :unique
+
+    create_table ActiveAcl::OPTIONS[:requester_links_table] do |t|
+      t.column :acl_id, :int, :null => false
+      t.column :requester_id, :int, :null => false
+      t.column :requester_type, :string, :null => false
+    end
+
+    add_index ActiveAcl::OPTIONS[:requester_links_table], [:acl_id, :requester_id, :requester_type], :unique => true, :name => 'requester_links_join_index_1'
+    add_index ActiveAcl::OPTIONS[:requester_links_table], [:requester_type, :requester_id], :name => 'requester_links_join_index_2'
+    add_index ActiveAcl::OPTIONS[:requester_links_table], [:requester_id]
+
+    create_table ActiveAcl::OPTIONS[:requester_group_links_table] do |t|
+      t.column :acl_id, :int, :null => false
+      t.column :requester_group_id, :int, :null => false
+      t.column :requester_group_type, :string, :null => false
+    end
+
+    add_index ActiveAcl::OPTIONS[:requester_group_links_table], [:acl_id, :requester_group_id, :requester_group_type], :unique => true, :name => 'requester_group_links_join_index_1'
+    add_index ActiveAcl::OPTIONS[:requester_group_links_table], [:requester_group_type, :requester_group_id], :name => 'requester_group_links_join_index2'
+
+    create_table ActiveAcl::OPTIONS[:target_group_links_table] do |t|
+      t.column :acl_id, :int, :null => false
+      t.column :target_group_id, :int, :null => false
+      t.column :target_group_type, :string, :null => false
+    end
+
+    add_index ActiveAcl::OPTIONS[:target_group_links_table], [:acl_id, :target_group_id, :target_group_type], :unique => true, :name => 'target_group_links_join_index_1'
+    add_index ActiveAcl::OPTIONS[:target_group_links_table], [:target_group_type, :target_group_id], :name => 'target_group_links_join_index_2'
+
+    create_table ActiveAcl::OPTIONS[:target_links_table] do |t|
+      t.column :acl_id, :int, :null => false
+      t.column :target_id, :int, :null => false
+      t.column :target_type, :string, :null => false
+    end
+
+    add_index ActiveAcl::OPTIONS[:target_links_table], [:acl_id, :target_id, :target_type], :unique => true, :name => 'target_links_join_index_1'
+    add_index ActiveAcl::OPTIONS[:target_links_table], [:target_type, :target_id], :name => 'target_links_join_index_2'
+    add_index ActiveAcl::OPTIONS[:target_links_table], [:target_id]
+
+    create_table ActiveAcl::OPTIONS[:controller_actions_table] do |t|
+      t.column :controller, :string, :null => false
+      t.column :action, :string, :null => false
+      t.column :controller_group_id, :integer, :null => false
+    end
+
+    add_index ActiveAcl::OPTIONS[:controller_actions_table], [:controller, :action], :unique
+
+    create_table ActiveAcl::OPTIONS[:controller_groups_table] do |t|
+      t.column :description, :string, :null => false
+      t.column :lft, :integer
+      t.column :rgt, :integer
+      t.column :parent_id, :integer     
+    end
+
+    add_index ActiveAcl::OPTIONS[:controller_groups_table], :description
+    add_index ActiveAcl::OPTIONS[:controller_groups_table], :lft
+    add_index ActiveAcl::OPTIONS[:controller_groups_table], :rgt
+    add_index ActiveAcl::OPTIONS[:controller_groups_table], :parent_id
+
+    # create root node
+    execute("INSERT INTO #{ActiveAcl::OPTIONS[:controller_groups_table]}(description, lft, rgt) VALUES ('controllers', 1, 2)")      
+  end
+
+  def self.down
+    drop_table ActiveAcl::OPTIONS[:acls_table]
+    drop_table ActiveAcl::OPTIONS[:acl_sections_table]
+    drop_table ActiveAcl::OPTIONS[:privileges_table]
+    drop_table ActiveAcl::OPTIONS[:acls_privileges_table]
+    drop_table ActiveAcl::OPTIONS[:requester_links_table]
+    drop_table ActiveAcl::OPTIONS[:target_links_table]
+    drop_table ActiveAcl::OPTIONS[:requester_group_links_table]
+    drop_table ActiveAcl::OPTIONS[:target_group_links_table]
+    drop_table ActiveAcl::OPTIONS[:controller_actions_table]
+    drop_table ActiveAcl::OPTIONS[:controller_groups_table]  
+  end
+end

generators/active_acl/active_acl_generator.rb

@@ -0,0 +1,25 @@
+class ActiveAclGenerator < Rails::Generator::Base
+  attr_accessor :privileges_class_name, :privileges_file_name, :privileges_view_dir
+
+  def initialize(*runtime_args)
+    super(*runtime_args)
+    @privileges_class_name = (args[0] || 'PrivilegesController')
+    @privileges_file_name = @privileges_class_name.underscore
+    @privileges_view_dir = File.join('app', 'views', @privileges_file_name.gsub('_controller', ''))
+  end
+
+  def manifest
+    record do |m|
+      # Stylesheet, controllers and public directories.
+      m.directory File.join('public', 'stylesheets')
+      m.directory File.join('app', 'controllers')
+      m.directory File.join('app', 'views')
+      m.directory privileges_view_dir
+
+      m.template 'controllers/privileges_controller.rb', File.join(RAILS_ROOT, 'app', 'controllers', "#{privileges_file_name}.rb")
+      m.file 'views/privileges/_privilege_form.rhtml', File.join(privileges_view_dir, '_privilege_form.rhtml')      
+      m.file 'views/privileges/edit.rhtml', File.join(privileges_view_dir, 'edit.rhtml')      
+      m.file 'views/privileges/list.rhtml', File.join(privileges_view_dir, 'list.rhtml')      
+    end
+  end
+end

generators/active_acl/templates/controllers/permissions_controller.rb

@@ -0,0 +1,55 @@
+class <%= privileges_class_name %> < ApplicationController  
+  verify :method => :post, :only => [ :create, :update],
+       :redirect_to => { :action => :list }
+
+  def index
+    redirect_to :action => :list
+  end
+
+  def list
+    @privileges = ActiveAcl::Privilege.find(:all, :order => 'section ASC, value ASC')
+  end
+
+  def edit
+    redirect_to :action => :list and return false unless params[:id]
+    begin
+      @privilege = ActiveAcl::Privilege.find(params[:id])
+    rescue ActiveRecord::RecordNotFound => e
+      flash[:error] = 'Privilege not found'
+      redirect_to :action => :list and return false
+    end
+  end
+
+  def update
+    redirect_to :action => :list and return false if params['commit'] == 'Cancel'
+
+    begin
+      @privilege = ActiveAcl::Privilege.find(params[:id].to_i)
+    rescue ActiveRecord::RecordNotFound => e
+      flash[:error] = 'Privilege not found'
+      redirect_to :action => :list and return false
+    end
+
+    if (@privilege.update_attributes(params[:privilege]))
+      flash[:success] = 'Privilege successfully updated'
+      redirect_to :action => :list and return false
+    else
+      flash.now[:error] = 'There was an error updating the Privilege'
+      @title = 'Edit Privilege'
+      render :action => :edit
+    end   
+  end
+
+  def delete
+    redirect_to :action => :list and return false unless params[:id]
+    begin
+      privilege = ActiveAcl::Privilege.find(params[:id])
+      privilege.destroy
+      flash[:success] = 'Privilege successfully deleted'
+    rescue ActiveRecord::RecordNotFound => e
+      flash[:error] = 'Privilege not found'
+    end
+
+    redirect_to :action => :list and return false
+  end
+end

generators/active_acl/templates/views/permissions/_permission_form.rhtml

@@ -0,0 +1,14 @@
+<table border="0">
+  <tr>
+    <td>Section:</td>
+    <td><%= text_field 'permission', 'section' %></td>    
+  </tr>
+  <tr>
+    <td>Value:</td>
+    <td><%= text_field 'permission', 'value' %></td>
+  </tr>
+  <tr>
+    <td>Description:</td>
+    <td><%= text_field 'permission', 'description' %></td>
+  </tr>
+</table>

generators/active_acl/templates/views/permissions/edit.rhtml

@@ -0,0 +1,17 @@
+<html>
+<body>
+<% if flash[:error] %>
+      <p class="error"><%=h flash[:error] %></p>
+    <% elsif flash[:notice] %>
+      <p class="notice"><%=h flash[:notice] %></p>
+    <% elsif flash[:success] %>
+      <p class="notice"><%=h flash[:success] %></p>
+    <% else %>
+      <p>&nbsp;</p>
+    <% end %>
+    <%= form_tag({ :action => 'update', :id => @permission.id }) %>
+      <%= render_partial 'permission_form' %>
+      <%= submit_tag 'Save' %> <%= submit_tag 'Cancel' %>
+    </form>
+</body>
+</html>