Module: Lockdown::Configuration

Defined in:
lib/lockdown/configuration.rb

Class Attribute Summary (collapse)

Class Method Summary (collapse)

Class Attribute Details

+ (Object) access_denied_path

Path to redirect to if access is denied. Default: '/'



30
31
32
 
# File 'lib/lockdown/configuration.rb', line 30

def access_denied_path
  @access_denied_path
end

+ (Object) configured

Flag to determine if configuration method has been executed Default false



8
9
10
 
# File 'lib/lockdown/configuration.rb', line 8

def configured
  @configured
end

+ (Object) default_who_did_it

User id to associate to system actions Default 1



27
28
29
 
# File 'lib/lockdown/configuration.rb', line 27

def default_who_did_it
  @default_who_did_it
end

+ (Object) link_separator

When using the links helper, this character will be used to separate the links. Default "|"



40
41
42
 
# File 'lib/lockdown/configuration.rb', line 40

def link_separator
  @link_separator
end

+ (Object) logout_on_access_violation

Logout user if attempt to access restricted resource Default false



36
37
38
 
# File 'lib/lockdown/configuration.rb', line 36

def logout_on_access_violation
  @logout_on_access_violation
end

+ (Object) permissions

Array of permission objects that defines the access to the application. Default []



17
18
19
 
# File 'lib/lockdown/configuration.rb', line 17

def permissions
  @permissions
end

+ (Object) protected_access

Array of paths that are restricted to an authenticated user. Default ""



14
15
16
 
# File 'lib/lockdown/configuration.rb', line 14

def protected_access
  @protected_access
end

+ (Object) public_access

Regex string of paths that are publicly accessible. Default "/"



11
12
13
 
# File 'lib/lockdown/configuration.rb', line 11

def public_access
  @public_access
end

+ (Object) skip_db_sync_in

Which environments Lockdown should not sync with db Default ['test']



51
52
53
 
# File 'lib/lockdown/configuration.rb', line 51

def skip_db_sync_in
  @skip_db_sync_in
end

+ (Object) successful_login_path

Redirect to path on successful login Default "/"



33
34
35
 
# File 'lib/lockdown/configuration.rb', line 33

def 
  @successful_login_path
end

+ (Object) user_group_model

The model used to represent the grouping of permisssion. Common choices are 'Role' and 'UserGroup'. Default "UserGroup"



44
45
46
 
# File 'lib/lockdown/configuration.rb', line 44

def user_group_model
  @user_group_model
end

+ (Object) user_groups

Array of user group objects Default []



20
21
22
 
# File 'lib/lockdown/configuration.rb', line 20

def user_groups
  @user_groups
end

+ (Object) user_model

The model used to represent the user. Common choices are 'User' and 'Person'. Default "User"



48
49
50
 
# File 'lib/lockdown/configuration.rb', line 48

def user_model
  @user_model
end

+ (Object) who_did_it

Method used to get the id of the user responsible for the current action. Default :current_user_id



24
25
26
 
# File 'lib/lockdown/configuration.rb', line 24

def who_did_it
  @who_did_it
end

Class Method Details

+ (String) access_rights_for_permissions(*names)

Combination of regex_patterns from permissions

Parameters:

  • names (Array(String))

    permission names

Returns:

  • (String)

    combination of regex_patterns from permissions



194
195
196
 
# File 'lib/lockdown/configuration.rb', line 194

def access_rights_for_permissions(*names)
  names.collect{|name| "(#{permission(name).regex_pattern})"}.join(Lockdown::DELIMITER)
end

+ (Regex) access_rights_for_user(user)

Returns:

  • (Regex) 


171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
 
# File 'lib/lockdown/configuration.rb', line 171

def access_rights_for_user(user)
  return unless user
  return Lockdown::Resource.regex if administrator?(user)

  user_groups = user.send(Lockdown.user_groups_hbtm_reference)

  permission_names = []

  user_groups.each do |ug|
    ug.permissions.each do |p|
      permission_names << p.name
    end
  end

  if permission_names.empty?
    authenticated_access
  else
    authenticated_access + Lockdown::DELIMITER + access_rights_for_permissions(*permission_names)
  end
end

+ (True|False) administrator?(user)

True if user has 'Administrators' group

Returns:

  • (True|False)

    true if user has 'Administrators' group



151
152
153
 
# File 'lib/lockdown/configuration.rb', line 151

def administrator?(user)
  user_has_user_group?(user, Lockdown.administrator_group_name)
end

+ (String) authenticated_access

Concatentation of public_access + "|" + protected_access

Returns:

  • (String)

    concatentation of public_access + "|" + protected_access



76
77
78
 
# File 'lib/lockdown/configuration.rb', line 76

def authenticated_access
  public_access + Lockdown::DELIMITER + protected_access
end

+ (Lockdown::UserGroup) find_or_create_user_group(name)

Returns:



134
135
136
137
 
# File 'lib/lockdown/configuration.rb', line 134

def find_or_create_user_group(name)
  name = name.to_s
  user_group(name) || Lockdown::UserGroup.new(name)
end

+ (true|false) has_permission?(permission)

True if object exists with same name

Parameters:

Returns:

  • (true|false)

    true if object exists with same name



108
109
110
 
# File 'lib/lockdown/configuration.rb', line 108

def has_permission?(permission)
  permissions.any?{|p| permission.name == p.name}
end

+ (Object) make_permission_protected(name)

Defines the permission as protected

Parameters:

  • name (String, Symbol)

    permission name



97
98
99
 
# File 'lib/lockdown/configuration.rb', line 97

def make_permission_protected(name)
  permission(name).is_protected
end

+ (Object) make_permission_public(name)

Defines the permission as public

Parameters:

  • name (String, Symbol)

    permission name



91
92
93
 
# File 'lib/lockdown/configuration.rb', line 91

def make_permission_public(name)
  permission(name).is_public
end

+ (Object) make_user_administrator(user)

Parameters:

  • user (User)

    User object you want to make an administrator



156
157
158
159
160
 
# File 'lib/lockdown/configuration.rb', line 156

def make_user_administrator(user)
  user_groups = user.send(Lockdown.user_groups_hbtm_reference)
  user_groups << Lockdown.user_group_class.
    find_or_create_by_name(Lockdown.administrator_group_name)
end

+ (Object) maybe_add_user_group(group) 



129
130
131
 
# File 'lib/lockdown/configuration.rb', line 129

def maybe_add_user_group(group)
  @user_groups << group unless user_group_names.include?(group.name)
end

+ (Object) permission(name)

Lockdown::Permission object

Parameters:

  • name (String, Symbol)

    permission name

Returns:

  • Lockdown::Permission object

Raises:



82
83
84
85
86
87
 
# File 'lib/lockdown/configuration.rb', line 82

def permission(name)
  name = name.to_s
  perm = permissions.detect{|perm| name == perm.name}
  raise Lockdown::PermissionNotFound.new("Permission: #{name} not found") unless perm
  perm
end

+ (true|false) permission_assigned_automatically?(name)

True if permission is either public or protected

Parameters:

  • name (String|Symbol)

    permission name

Returns:

  • (true|false)

    true if permission is either public or protected



114
115
116
117
118
119
120
 
# File 'lib/lockdown/configuration.rb', line 114

def permission_assigned_automatically?(name)
  name = name.to_s

  perm = permission(name)

  perm.public? || perm.protected?
end

+ (Object) permission_names

Array of permission names

Returns:

  • Array of permission names



102
103
104
 
# File 'lib/lockdown/configuration.rb', line 102

def permission_names
  permissions.collect{|p| p.name}
end

+ (Object) reset

Set defaults.



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/lockdown/configuration.rb', line 53

def reset
  @configured                   = false
  @public_access                = ""
  @protected_access             = ""
  @permissions                  = []
  @user_groups                  = []

  @who_did_it                   = :current_user_id
  @default_who_did_it           = 1

  @access_denied_path           = "/"
  @successful_login_path        = "/"
  @logout_on_access_violation   = false

  @link_separator               = "|"

  @user_group_model             = "UserGroup"
  @user_model                   = "User"

  @skip_db_sync_in              = ['test']
end

+ (Boolean) skip_sync?

Returns:

  • (Boolean) 


198
199
200
 
# File 'lib/lockdown/configuration.rb', line 198

def skip_sync?
  true
end

+ (Lockdown::UserGroup) user_group(name)

Object

Parameters:

  • name (String, Symbol)

    user group name

Returns:



124
125
126
127
 
# File 'lib/lockdown/configuration.rb', line 124

def user_group(name)
  name = name.to_s
  user_groups.detect{|ug| name == ug.name}
end

+ (Array) user_group_names

Names

Returns:

  • (Array)

    names



140
141
142
 
# File 'lib/lockdown/configuration.rb', line 140

def user_group_names
  user_groups.collect{|ug| ug.name}
end

+ (Array) user_group_permissions_names(name)

Permissions names

Parameters:

  • name (String)

    user group name

Returns:

  • (Array)

    permissions names



146
147
148
 
# File 'lib/lockdown/configuration.rb', line 146

def user_group_permissions_names(name)
  user_group(name).permissions.collect{|p| p.name}
end

+ (True|False) user_has_user_group?(user, name)

True if user has user group with name

Parameters:

  • user,name (User, String)

    user model, name of user group

Returns:

  • (True|False)

    true if user has user group with name



165
166
167
168
 
# File 'lib/lockdown/configuration.rb', line 165

def user_has_user_group?(user, name)
  user_groups = user.send(Lockdown.user_groups_hbtm_reference)
  user_groups.any?{|ug| name == ug.name}
end