This repository has been archived by the owner on Jul 21, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 275
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added simple roles, simple automatic role assignment hook; minor fixes:
* handle_login_error lives in sessions_controller, as it should * get_authorization takes :context => /anything extra/ (was spelled :extra) * security_components uses .camelize, not .classify (so that pluralization remains intact) * some notes on existing rails plugins, and on rule resolution / policy / authz
- Loading branch information
Philip (flip) Kromer
committed
Jun 2, 2008
1 parent
682c8f9
commit 673fcf8
Showing
21 changed files
with
424 additions
and
83 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,11 @@ | |||
class <%= migration_name %> < ActiveRecord::Migration | |||
def self.up | |||
add_column :<%= user_model_table_name %>, :roles, :text, :default => '[:user, :active]' | |||
Identity::AddOrMakeAdminUser.add_or_make_admin_user | |||
end | |||
|
|||
def self.down | |||
remove_column :users, :roles | |||
end | |||
|
|||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,34 @@ | |||
module Identity::AddOrMakeAdminUser | |||
|
|||
def self.add_or_make_admin_user | |||
puts "*"*70 | |||
admin = self.find_admin || self.make_admin | |||
admin.assign_role! :admin | |||
admin.reconcile_privileges! | |||
puts " added 'admin' role" | |||
puts "*"*70 | |||
admin | |||
end | |||
|
|||
def self.find_admin | |||
admin = User.find_by_login('admin') or return false | |||
puts " On preexisting admin:" | |||
admin | |||
end | |||
|
|||
def self.make_admin | |||
passwd = make_random_password | |||
admin_params = { | |||
:login=>'admin', | |||
:email => 'admin@this-site.com', | |||
:password => passwd, :password_confirmation => passwd } | |||
admin = User.create!(admin_params) | |||
puts " On newly created admin with password #{passwd}:" | |||
admin | |||
end | |||
|
|||
def self.make_random_password | |||
User.make_token[1..8] | |||
end | |||
|
|||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,2 @@ | |||
# I'm actually implemented in authentication/by_cookie_token | |||
require_dependency 'authentication/by_cookie_token' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,26 @@ | |||
module Identity::NilRoles | |||
# | |||
# This example gives every user two roles: :user and :active, and no other, | |||
# it satisfies the minimal | |||
# | |||
def has_role? role | |||
[:user, :active].include? role | |||
end | |||
|
|||
# | |||
# Roles are fixed | |||
# | |||
def assign_role! role | |||
raise "Can't assign or revoke roles: ever user is the same." | |||
end | |||
def revoke_role! role | |||
raise "Can't assign or revoke roles: ever user is the same." | |||
end | |||
def set_role! role, should_assign | |||
if should_assign | |||
assign_role! role | |||
else | |||
revoke_role! role | |||
end | |||
end | |||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,2 @@ | |||
# I'm actually implemented in authentication/by_password | |||
require_dependency 'authentication/by_password' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,51 @@ | |||
module Identity::SimpleRoles | |||
# Verifies that parent module is in place for us to override | |||
def self.included(recipient) | |||
recipient.serialize :roles | |||
raise "Because #{self.class} extends Identity, #{recipient.class.to_S} must include it before first before #{self.class}" unless recipient.included_modules.include?(Identity) | |||
end | |||
|
|||
# | |||
# Define any user roles here -- eg :moderator or :admin. | |||
# | |||
# This example gives every user two roles: :user and :active, and no other. | |||
# | |||
# This is just a stub called by the authorization routines. Add logic over | |||
# there if you want these roles to do anything. For more complex needs, see | |||
# notes/RailsPlugins.txt for role-based security plugins | |||
# | |||
def has_role? role | |||
[:user, :active].include? role | |||
end | |||
|
|||
# | |||
# Explicitly assign/revoke | |||
|
|||
# Adds role. No error if user already has role. | |||
# returns updated user.roles | |||
def assign_role! role, skip_save=false | |||
self.roles << role | |||
self.roles.uniq! | |||
self.save(false) unless (skip_save==:skip_save) | |||
self.roles | |||
end | |||
|
|||
# Removes role. No error if user did not have role. | |||
# returns updated user.roles | |||
def remove_role! role, skip_save=false | |||
self.roles.delete role | |||
self.save(false) unless (skip_save==:skip_save) | |||
self.roles | |||
end | |||
|
|||
# give a role and true (to assign) and false (to revoke) | |||
# returns updated user.roles | |||
def set_role! role, should_assign, skip_save=false | |||
if should_assign | |||
assign_role! role, skip_save | |||
else | |||
revoke_role! role, skip_save | |||
end | |||
end | |||
|
|||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,2 @@ | |||
module Trustification::EmailValidation | |||
end |
Oops, something went wrong.