$ sudo gem install lockdown $ cdThis will create a "lockdown" directory in the lib dir add two files: init.rb and session.rb. Modify init.rb to set configuration options and define the permissions and user groups that apply to your system. Please keep the following in mind:$ lockdown .
$ cdThis will install resources such as:$ ./script/generate lockdown --all
require "lockdown/init"This is the default init.rb included with Lockdown:
require "lockdown" require File.join(File.dirname(__FILE__), "session") Lockdown::System.configure do #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Configuration Options #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Options with defaults: # # Set timeout to 1 hour: # options[:session_timeout] = (60 * 60) # # Set system to logout if unauthorized access is attempted: # options[:logout_on_access_violation] = false # # Set redirect to path on unauthorized access attempt: # options[:access_denied_path] = "/" # # Set redirect to path on successful login: # options[:successful_login_path] = "/" # # Set the system to sync the Permissions and UserGroups defined here # with the database. # options[:sync_init_rb_with_db] = true # #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Define permissions #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # set_permission(:product_management, all_methods(:products)) # # :product_management is the name of the permission which is later # referenced by the set_user_group method # # :all_methods(:products) will return an array of all controller actions # for the products controller # # if products is your standard RESTful resource you'll get: # ["products/index , "products/show", # "products/new", "products/edit", # "products/create", "products/update", # "products/destroy"] # # You can pass multiple parameters to concat permissions such as: # # set_permission(:security_management,all_methods(:users), # all_methods(:user_groups), # all_methods(:permissions) ) # # In addition to all_methods(:controller) there are: # # only_methods(:controller, :only_method_1, :only_method_2) # # all_except_methods(:controller, :except_method_1, :except_method_2) # # Some other sample permissions: # # set_permission(:sessions, all_methods(:sessions)) # set_permission(:my_account, only_methods(:users, :edit, :update, :show)) # # Define your permissions here: #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Built-in user groups #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # You can assign the above permission to one of the built-in user groups # by using the following: # # To allow public access on the permissions :sessions and :home: # set_public_access :sessions, :home # # Restrict :my_account access to only authenticated users: # set_protected_access :my_account # # Define the built-in user groups here: #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Define user groups #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # set_user_group(:catalog_management, :category_management, # :product_management) # # :catalog_management is the name of the user group # :category_management and :product_management refer to permission names # # # Define your user groups here: endAs you can see, the first line requires lockdown. This will load the Lockdown system which consists of various parts:
The controller functionality will add before filters to test each request agains the defined access_rights for the current user. If the current request is not in the access_rights list, access right is denied.
The model functionality will automatically set the updated_by/created_by fields of your model to the current_profile_id.
The view functionality intercepts the link_to method (aliases it). If the current user does not have rights to the link, the link will not show.
There is also a link_to_or_show method (same params as link_to) that will print out just the name of the link (no anchor tag) if the current user does not have access.
users/index users/show users/edit users/update users/new users/create users/destroy (delete for Merb)h2. The internals All configuration of Lockdown (Permissions and User Groups) are done in lib/lockdown/init.rb. The database functionality is merely an extension of the definitions to allow for the dynamic creation of User Groups. Permissions can not be created via the administration screens. Lockdown doesn't have a concept of Roles. Instead, Lockdown users can be associated to one or many User Groups to allow for flexibility. In addition, you can use the admin screens to add new User Groups to the database. User groups are nothing more than a grouping mechanism for Permissions to ease management. Here are the parts to Lockdown:
The profile model contains all non-user information related to person. Lockdown uses the profile record as the reference for updated_by and created_by. This allows you to remove the user record completely when you want to revoke access, but you still retain the foreign key for history.
Here are the fields you have to start with:
The user model contains all user information related to person.
Here are the fields you have to start with:
User Groups exist only to group Permissions. All functionality for your site should be covered by the user groups you define in init.rb. You can use the admin screen to create new user groups if the need arises. The database model only has one field:
Permissions are the security building blocks of your system and are defined in init.rb. A permission maps to controller(s)/action(s) in your system. Please refer back to the documenation in init.rb on how to create permissions. As permissions relate to system functionality, they cannot be created via the admin screen. The database model only has one field: