h1. Lockdown h3. Lockdown has not been officially released! This page is a Work-In-Progress. h2. What Lockdown is a authentication/authorization system for RubyOnRails (ver 2.x). While Merb functionality is in place, it is not complete. There will be a release solely focused on getting the Merb functionality up to par with Rails. h2. Installing For the people who don't care to know the details and just want to get the system installed:
$ sudo gem install lockdown
$ cd 
$ lockdown .
This will create a "lockdown" directory in the lib dir add two files: init.rb and session.rb. Modify init.rb to set defaults and define the rules that apply to your system. To help you with your new application, Lockdown comes with a generator called lockdown_all.
$ cd 
$ ./script/generate lockdown_all
This will install resources such as: Please refer to the generator page for more detail. I recommend reading this page to get a feel for Lockdown's functionality. h2. How it works Lockdown stores an array of access rights in the session. For example, if you have a standard REST users controller, the access rights would be:
  users/index
  users/show
  users/edit
  users/update
  users/new
  users/create
  users/destroy (delete for Merb)
The above list will be stored in the session as an array and each request is tested against this list. So this means, you should not use client side session storage. If you can, I recommend using memcache, but a database session store will suffice. To define access rights you need to modify lib/lockdown/init.rb. This is the default init.rb included with Lockdown:
require "lockdown"
require File.join(File.dirname(__FILE__), "session")

Lockdown::System.configure do

  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  # Configuration Options
  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  # Options with defaults:
  #
  # Set timeout to 1 hour:
  #       options[:session_timeout] = (60 * 60)
  #
  # Set system to logout if unauthorized access is attempted:
  #       options[:logout_on_access_violation] = false
  #
  # Set redirect to path on unauthorized access attempt:
  #       options[:access_denied_path] = "/"
  #
  # Set redirect to path on successful login:
  #       options[:successful_login_path] = "/"
  #
  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  # Define permissions
  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  #
  # set_permission(:product_management, all_methods(:products))
  #
  # :product_management is the name of the permission which is later
  # referenced by the set_user_group method
  #
  # :all_methods(:products) will return an array of all controller actions
  # for the products controller
  #
  # if products is your standard RESTful resource you'll get:
  #   ["products/index , "products/show",
  #    "products/new", "products/edit",
  #    "products/create", "products/update",
  #    "products/destroy"]
  #
  # You can pass multiple parameters to concat permissions such as:
  #      
  #	  set_permission(:security_management,all_methods(:users),
  #                                       all_methods(:user_groups),
  #                                       all_methods(:permissions) )
  #
  # In addition to all_methods(:controller) there are:
  #
  #       only_methods(:controller, :only_method_1, :only_method_2)
  #
  #       all_except_methods(:controller, :except_method_1, :except_method_2)
  #
  # Some other sample permissions:
  # 
  #  set_permission(:sessions, all_methods(:sessions))
  #  set_permission(:my_account, only_methods(:users, :edit, :update, :show))
  # 
  # Define your permissions here:

  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  # Built-in user groups
  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  #  You can assign the above permission to one of the built-in user groups
  #  by using the following:
  # 
  #  To allow public access on the permissions :sessions and :home:
  #    set_public_access :sessions, :home
  #     
  #  Restrict :my_account access to only authenticated users:
  #    set_protected_access :my_account
  #
  # Define the built-in user groups here:

  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  # Define user groups
  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  #
  #  set_user_group(:catalog_management, :category_management, 
  #                                      :product_management) 
  #
  #  :catalog_management is the name of the user group
  #  :category_management and :product_management refer to permission names
  #
  # 
  # Define your user groups here:

end 
 
h2. The internals All configuration of Lockdown (Permissions and User Groups) are done in lib/lockdown/init.rb. The database functionality is merely an extension of the definitions to allow for the dynamic creation of User Groups. Permissions can not be created via the administration screens. Lockdown doesn't have a concept of Roles. Instead, Lockdown users can be associated to one or many User Groups to allow for flexibility. In addition, you can use the admin screens to add new User Groups to the database. Here are the parts to Lockdown: h2. Forum If you are having a problem understanding how to use Lockdown, please post your question on the lockdown group. If it's documentation related, I will keep this page updated to help everyone. "http://groups.google.com/group/stonean_lockdown?hl=en":http://groups.google.com/group/stonean_lockdown?hl=en h2. How to submit patches The Clone URL: git://github.com/stonean/lockdown.git Read the "8 steps for fixing other people's code":http://drnicwilliams.com/2007/06/01/8-steps-for-fixing-other-peoples-code/ and for section "8b: Submit patch to Google Groups":http://drnicwilliams.com/2007/06/01/8-steps-for-fixing-other-peoples-code/#8b-google-groups, use the Google Group above. I'm new to git and this whole opensource project admin gig, so please be patient with my stumbling around. h2. License This code is free to use under the terms of the MIT license. h2. Contact Comments and suggestions are welcome via the "forum":http://groups.google.com/group/stonean_lockdown?hl=en