Module: Lockdown::Configuration

Defined in:

lib/lockdown/configuration.rb

Class Attribute Summary

• .access_denied_path ⇒ Object

  Path to redirect to if access is denied.

• .configured ⇒ Object

  Flag to determine if configuration method has been executed Default false.

• .default_who_did_it ⇒ Object

  User id to associate to system actions Default 1.

• .link_separator ⇒ Object

  When using the links helper, this character will be used to separate the links.

• .logout_on_access_violation ⇒ Object

  Logout user if attempt to access restricted resource Default false.

• .permissions ⇒ Object

  Array of permission objects that defines the access to the application.

• .protected_access ⇒ Object

  Array of paths that are restricted to an authenticated user.

• .public_access ⇒ Object

  Regex string of paths that are publicly accessible.

• .skip_db_sync_in ⇒ Object

  Which environments Lockdown should not sync with db Default [‘test’].

• .subdirectory ⇒ Object

  If deploying to a subdirectory, set that here.

• .successful_login_path ⇒ Object

  Redirect to path on successful login Default “/”.

• .user_group_model ⇒ Object

  The model used to represent the grouping of permisssion.

• .user_groups ⇒ Object

  Array of user group objects Default [].

• .user_model ⇒ Object

  The model used to represent the user.

• .who_did_it ⇒ Object

  Method used to get the id of the user responsible for the current action.

Class Method Summary

• .access_rights_for_permissions(*names) ⇒ String

  Combination of regex_patterns from permissions.

• .access_rights_for_user(user) ⇒ Regex
• .administrator?(user) ⇒ True|False

  True if user has ‘Administrators’ group.

• .authenticated_access ⇒ String

  Concatentation of public_access + “|” + protected_access.

• .find_or_create_user_group(name) ⇒ Lockdown::UserGroup
• .has_permission?(permission) ⇒ true|false

  True if object exists with same name.

• .make_permission_protected(name) ⇒ Object

  Defines the permission as protected.

• .make_permission_public(name) ⇒ Object

  Defines the permission as public.

• .make_user_administrator(user) ⇒ Object
• .maybe_add_user_group(group) ⇒ Object
• .permission(name) ⇒ Object

  Lockdown::Permission object.

• .permission_assigned_automatically?(name) ⇒ true|false

  True if permission is either public or protected.

• .permission_names ⇒ Object

  Array of permission names.

• .reset ⇒ Object

  Set defaults.

• .skip_sync? ⇒ Boolean
• .user_group(name) ⇒ Lockdown::UserGroup

  Object.

• .user_group_names ⇒ Array

  Names.

• .user_group_permissions_names(name) ⇒ Array

  Permissions names.

• .user_has_user_group?(user, name) ⇒ True|False

  True if user has user group with name.

Class Attribute Details

.access_denied_path ⇒ Object

Path to redirect to if access is denied. Default: ‘/’

# File 'lib/lockdown/configuration.rb', line 30

def access_denied_path
  @access_denied_path
end

.configured ⇒ Object

Flag to determine if configuration method has been executed Default false

# File 'lib/lockdown/configuration.rb', line 8

def configured
  @configured
end

.default_who_did_it ⇒ Object

User id to associate to system actions Default 1

# File 'lib/lockdown/configuration.rb', line 27

def default_who_did_it
  @default_who_did_it
end

.link_separator ⇒ Object

When using the links helper, this character will be used to separate the links. Default “|”

# File 'lib/lockdown/configuration.rb', line 40

def link_separator
  @link_separator
end

.logout_on_access_violation ⇒ Object

Logout user if attempt to access restricted resource Default false

# File 'lib/lockdown/configuration.rb', line 36

def logout_on_access_violation
  @logout_on_access_violation
end

.permissions ⇒ Object

Array of permission objects that defines the access to the application. Default []

# File 'lib/lockdown/configuration.rb', line 17

def permissions
  @permissions
end

.protected_access ⇒ Object

Array of paths that are restricted to an authenticated user. Default “”

# File 'lib/lockdown/configuration.rb', line 14

def protected_access
  @protected_access
end

.public_access ⇒ Object

Regex string of paths that are publicly accessible. Default “/”

# File 'lib/lockdown/configuration.rb', line 11

def public_access
  @public_access
end

.skip_db_sync_in ⇒ Object

Which environments Lockdown should not sync with db Default [‘test’]

# File 'lib/lockdown/configuration.rb', line 51

def skip_db_sync_in
  @skip_db_sync_in
end

.subdirectory ⇒ Object

If deploying to a subdirectory, set that here. Defaults to nil Notice: Do not add leading or trailing slashes, Lockdown will handle this

# File 'lib/lockdown/configuration.rb', line 54

def subdirectory
  @subdirectory
end

.successful_login_path ⇒ Object

Redirect to path on successful login Default “/”

# File 'lib/lockdown/configuration.rb', line 33

def successful_login_path
  @successful_login_path
end

.user_group_model ⇒ Object

The model used to represent the grouping of permisssion. Common choices are ‘Role’ and ‘UserGroup’. Default “UserGroup”

# File 'lib/lockdown/configuration.rb', line 44

def user_group_model
  @user_group_model
end

.user_groups ⇒ Object

Array of user group objects Default []

# File 'lib/lockdown/configuration.rb', line 20

def user_groups
  @user_groups
end

.user_model ⇒ Object

The model used to represent the user. Common choices are ‘User’ and ‘Person’. Default “User”

# File 'lib/lockdown/configuration.rb', line 48

def user_model
  @user_model
end

.who_did_it ⇒ Object

Method used to get the id of the user responsible for the current action. Default :current_user_id

# File 'lib/lockdown/configuration.rb', line 24

def who_did_it
  @who_did_it
end

Class Method Details

.access_rights_for_permissions(*names) ⇒ String

Returns combination of regex_patterns from permissions.

Parameters:

• names (Array(String)) —

  permission names

Returns:

• (String) —

  combination of regex_patterns from permissions

# File 'lib/lockdown/configuration.rb', line 198

def access_rights_for_permissions(*names)
  names.collect{|name| "(#{permission(name).regex_pattern})"}.join('|')
end

.access_rights_for_user(user) ⇒ Regex

Returns:

• (Regex)

# File 'lib/lockdown/configuration.rb', line 175

def access_rights_for_user(user)
  return unless user
  return Lockdown::Resource.regex if administrator?(user)

  user_groups = user.send(Lockdown.user_groups_hbtm_reference)

  permission_names = []

  user_groups.each do |ug|
    ug.permissions.each do |p|
      permission_names << p.name
    end
  end

  if permission_names.empty?
    authenticated_access
  else
    authenticated_access + "|" + access_rights_for_permissions(*permission_names)
  end
end

.administrator?(user) ⇒ True|False

Returns true if user has ‘Administrators’ group.

Returns:

• (True|False) —

  true if user has ‘Administrators’ group

# File 'lib/lockdown/configuration.rb', line 155

def administrator?(user)
  user_has_user_group?(user, Lockdown.administrator_group_name)
end

.authenticated_access ⇒ String

Returns concatentation of public_access + “|” + protected_access.

Returns:

• (String) —

  concatentation of public_access + “|” + protected_access

# File 'lib/lockdown/configuration.rb', line 80

def authenticated_access
  public_access + "|" + protected_access
end

.find_or_create_user_group(name) ⇒ Lockdown::UserGroup

Returns:

• (Lockdown::UserGroup)

# File 'lib/lockdown/configuration.rb', line 138

def find_or_create_user_group(name)
  name = name.to_s
  user_group(name) || Lockdown::UserGroup.new(name)
end

.has_permission?(permission) ⇒ true|false

Returns true if object exists with same name.

Parameters:

• permission (Lockdown::Permission) —

  Lockdown::Permission object

Returns:

• (true|false) —

  true if object exists with same name

# File 'lib/lockdown/configuration.rb', line 112

def has_permission?(permission)
  permissions.any?{|p| permission.name == p.name}
end

.make_permission_protected(name) ⇒ Object

Defines the permission as protected

Parameters:

• name (String, Symbol) —

  permission name

# File 'lib/lockdown/configuration.rb', line 101

def make_permission_protected(name)
  permission(name).is_protected
end

.make_permission_public(name) ⇒ Object

Defines the permission as public

Parameters:

• name (String, Symbol) —

  permission name

# File 'lib/lockdown/configuration.rb', line 95

def make_permission_public(name)
  permission(name).is_public
end

.make_user_administrator(user) ⇒ Object

Parameters:

• user (User) —

  User object you want to make an administrator

# File 'lib/lockdown/configuration.rb', line 160

def make_user_administrator(user)
  user_groups = user.send(Lockdown.user_groups_hbtm_reference)
  user_groups << Lockdown.user_group_class.
    find_or_create_by_name(Lockdown.administrator_group_name)
end

.maybe_add_user_group(group) ⇒ Object

# File 'lib/lockdown/configuration.rb', line 133

def maybe_add_user_group(group)
  @user_groups << group unless user_group_names.include?(group.name)
end

.permission(name) ⇒ Object

Returns Lockdown::Permission object.

Parameters:

• name (String, Symbol) —

  permission name

Returns:

• Lockdown::Permission object

Raises:

• (Lockdown::PermissionNotFound)

# File 'lib/lockdown/configuration.rb', line 86

def permission(name)
  name = name.to_s
  perm = permissions.detect{|perm| name == perm.name}
  raise Lockdown::PermissionNotFound.new("Permission: #{name} not found") unless perm
  perm
end

.permission_assigned_automatically?(name) ⇒ true|false

Returns true if permission is either public or protected.

Parameters:

• name (String|Symbol) —

  permission name

Returns:

• (true|false) —

  true if permission is either public or protected

# File 'lib/lockdown/configuration.rb', line 118

def permission_assigned_automatically?(name)
  name = name.to_s

  perm = permission(name)

  perm.public? || perm.protected?
end

.permission_names ⇒ Object

Returns Array of permission names.

Returns:

• Array of permission names

# File 'lib/lockdown/configuration.rb', line 106

def permission_names
  permissions.collect{|p| p.name}
end

.reset ⇒ Object

Set defaults.

# File 'lib/lockdown/configuration.rb', line 57

def reset
  @configured                   = false
  @public_access                = ""
  @protected_access             = ""
  @permissions                  = []
  @user_groups                  = []

  @who_did_it                   = :current_user_id
  @default_who_did_it           = 1

  @access_denied_path           = "/"
  @successful_login_path        = "/"
  @logout_on_access_violation   = false

  @link_separator               = "|"

  @user_group_model             = "UserGroup"
  @user_model                   = "User"

  @skip_db_sync_in              = ['test']
end

.skip_sync? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lockdown/configuration.rb', line 202

def skip_sync?
  true
end

.user_group(name) ⇒ Lockdown::UserGroup

Returns object.

Parameters:

• name (String, Symbol) —

  user group name

Returns:

• (Lockdown::UserGroup) —

  object

# File 'lib/lockdown/configuration.rb', line 128

def user_group(name)
  name = name.to_s
  user_groups.detect{|ug| name == ug.name}
end

.user_group_names ⇒ Array

Returns names.

Returns:

• (Array) —

  names

# File 'lib/lockdown/configuration.rb', line 144

def user_group_names
  user_groups.collect{|ug| ug.name}
end

.user_group_permissions_names(name) ⇒ Array

Returns permissions names.

Parameters:

• name (String) —

  user group name

Returns:

• (Array) —

  permissions names

# File 'lib/lockdown/configuration.rb', line 150

def user_group_permissions_names(name)
  user_group(name).permissions.collect{|p| p.name}
end

.user_has_user_group?(user, name) ⇒ True|False

Returns true if user has user group with name.

Parameters:

• user,name (User, String) —

  user model, name of user group

Returns:

• (True|False) —

  true if user has user group with name

# File 'lib/lockdown/configuration.rb', line 169

def user_has_user_group?(user, name)
  user_groups = user.send(Lockdown.user_groups_hbtm_reference)
  user_groups.any?{|ug| name == ug.name}
end