lib/generators/cbac/copy_files/tasks/cbac.rake in cbac-0.6.2 vs lib/generators/cbac/copy_files/tasks/cbac.rake in cbac-0.6.3
- old
+ new
@@ -1,345 +1,345 @@
-#TODO: zip (or something) the directory resulting from a snapshot and delete it
-#TODO: unzip (or something) the provided snapshot and load from it, then delete temp dir
-#TODO: add staging area to extracted snapshot, inserted snapshot, clearing code, etc.
-
-#TODO: add comments to pristine lines, in a Comment() style
-
-# WARNING: Non-changes are not saved as known_permissions when using pristine or such. THIS IS NOT A BUG! Think of the following scenario:
-# 1) Developers grant permission X
-# 2) User deploys. Permission X is granted in the database.
-# 3) User revokes permission X
-# 4) Developers revoke permission X
-# 5) User upgrades. No change in permission X detected, (since devteam and user agree) so the user is not prompted to accept the change.
-# 6) User grants permission X again
-# 7) User upgrades again. At this point, we want the user to be warned that the devteam thinks granting this permission is not a good idea.
-# This is only possible if the non-change in #5 is not registered as KnownChange
-
-# Get a privilege set that fulfills the provided conditions
- def get_privilege_set(conditions)
- Cbac::PrivilegeSetRecord.first(:conditions => conditions)
- end
-
-# Get a Hash containing all entries from the provided table
- def select_all(table)
- ActiveRecord::Base.connection.select_all("SELECT * FROM %s;" % table)
- end
-
-# Generate a usable filename for dumping records of the specified type
- def get_filename(type)
- "#{ENV['SNAPSHOT_NAME']}/cbac_#{type}.yml"
- end
-
- def load_objects_from_yaml(type)
- filename = get_filename(type)
-
- Yaml.load_file(filename)
- end
-
-# Dump the specified permissions to a YAML file
- def dump_permissions_to_yaml_file(permissions)
- permissions.each do |cp|
- privilege_set_name = get_privilege_set(:id => cp['privilege_set_id']).name
- cp['privilege_set_id'] = "<%= Cbac::PrivilegeSetRecord.find(:first, :conditions => {:name => '#{privilege_set_name}'}).id %>"
- end
- dump_objects_to_yaml_file(permissions, "permissions")
- end
-
-# Dump a set of objects to a YAML file. Filename is determined by type-string
- def dump_objects_to_yaml_file(objects, type)
- filename = get_filename(type)
-
- puts "Writing #{type} to disk"
-
- File.open(filename, "w") do |output_file|
- index = "0000"
- output_file.write objects.inject({}) { |hash, record|
- hash["#{type.singularize}_#{index.succ!}"] = record
- hash
- }.to_yaml
- end
- end
-
- def get_cbac_pristine_adapter
- adapter_class = Class.new
- adapter_class.send :include, Cbac::CbacPristine
- adapter_class.new
- end
-
- namespace :cbac do
- desc 'Initialize CBAC tables with bootstrap data. Allows ADMINUSER to log in and visit CBAC administration pages. Also, if a Privilege Set called "login" exists, this privilege is granted to "everyone"'
- task :bootstrap => :environment do
- adapter = get_cbac_pristine_adapter
- if adapter.database_contains_cbac_data?
- if ENV['FORCE'] == "true"
- puts "FORCE specified: emptying CBAC tables"
- adapter.clear_cbac_tables
- else
- puts "CBAC bootstrap failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
- exit
- end
- end
-
- adminuser = ENV['ADMINUSER'] || 1
- login_privilege_set = get_privilege_set(:name => "login")
- everybody_context_role = ContextRole.roles[:everybody]
- if !login_privilege_set.nil? and !everybody_context_role.nil?
- puts "Login privilege exists. Allowing context role 'everybody' to use login privilege"
- login_permission = Cbac::Permission.new(:context_role => 'everybody', :privilege_set_id => login_privilege_set.id)
- throw "Failed to save Login Permission" unless login_permission.save
- end
-
- puts "Creating Generic Role: administrators"
- admin_role = Cbac::GenericRole.new(:name => "administrator", :remarks => "System administrators - may edit CBAC permissions")
- throw "Failed to save new Generic Role" unless admin_role.save
-
- puts "Creating Administrator Membership for user #{adminuser}"
- membership = Cbac::Membership.new(:user_id => adminuser, :generic_role_id => admin_role.id)
- throw "Failed to save new Administrator Membership" unless membership.save
-
- begin
- admin_privilege_set_id = get_privilege_set({:name => 'cbac_administration'}).id
- rescue
- throw "No PrivilegeSet cbac_administration defined. Aborting."
- end
- cbac_admin_permission = Cbac::Permission.new(:generic_role_id => admin_role.id, :privilege_set_id => admin_privilege_set_id)
- throw "Failed to save Cbac_Administration Permission" unless cbac_admin_permission.save
-
- puts <<EOF
-**********************************************************
-* Succesfully bootstrapped CBAC. The specified user (# #{adminuser} ) *
-* may now visit the cbac administration pages, which are *
-* located at the URL /cbac/permissions/index by default *
-**********************************************************
-EOF
- end
-
- desc 'Extract a snapshot of the current authorization settings, which can later be restored using the restore_snapshot task. Parameter SNAPSHOT_NAME determines where the snapshot is stored'
- task :extract_snapshot => :environment do
- if ENV['SNAPSHOT_NAME'].nil?
- puts "Missing argument SNAPSHOT_NAME. Substituting timestamp for SNAPSHOT_NAME"
- require 'date'
- ENV['SNAPSHOT_NAME'] = DateTime.now.strftime("%Y%m%d%H%M%S")
- end
-
- if File::exists?(ENV['SNAPSHOT_NAME']) # Directory already exists!
- if ENV['FORCE'] == "true"
- puts "FORCE specified - overwriting older snapshot with same name."
- else
- puts "A snapshot with the given name (#{ENV['SNAPSHOT_NAME']}) already exists, and overwriting is dangerous. Specify FORCE=true to override this check"
- exit
- end
- else # Directory does not exist yet
- FileUtils.mkdir(ENV['SNAPSHOT_NAME'])
- end
-
- puts "Extracting CBAC permissions to #{ENV['SNAPSHOT_NAME']}"
-
- # Don't need privilege sets since they are loaded from a config file.
- staged_changes = select_all "cbac_staged_permissions"
- dump_objects_to_yaml_file(staged_changes, "staged_permissions")
-
- staged_roles = select_all "cbac_staged_roles"
- dump_objects_to_yaml_file(staged_roles, "staged_roles")
-
- permissions = select_all "cbac_permissions"
- dump_permissions_to_yaml_file(permissions)
-
- generic_roles = select_all "cbac_generic_roles"
- dump_objects_to_yaml_file(generic_roles, "generic_roles")
-
- memberships = select_all "cbac_memberships"
- dump_objects_to_yaml_file(memberships, "memberships")
-
- known_permissions = select_all "cbac_known_permissions"
- dump_objects_to_yaml_file(known_permissions, "known_permissions")
- end
-
- desc 'Restore a snapshot of authorization settings that was extracted earlier. Specify a snapshot using SNAPSHOT_NAME'
- task :restore_snapshot => :environment do
- adapter = get_cbac_pristine_adapter
- if ENV['SNAPSHOT_NAME'].nil?
- puts "Missing required parameter SNAPSHOT_NAME. Exiting."
- exit
- elsif adapter.database_contains_cbac_data?
- if ENV['FORCE'] == "true"
- puts "FORCE specified: emptying CBAC tables"
- adapter.clear_cbac_tables
- else
- puts "Reloading snapshot failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
- exit
- end
- end
-
- puts "Restoring snapshot #{ENV['SNAPSHOT_NAME']}"
-
- ENV['FIXTURES_PATH'] = ENV['SNAPSHOT_NAME']
-
- # Don't need privilege sets since they are loaded from a config file.
- ENV['FIXTURES'] = "cbac_generic_roles,cbac_memberships,cbac_known_permissions,cbac_permissions,cbac_staged_permissions, cbac_staged_roles"
-
- Rake::Task["db:fixtures:load"].invoke
- puts "Successfully restored snapshot."
- #TODO: check if rake task was successful. else
- # puts "Restoring snapshot failed."
- #end
- end
-
- desc 'Restore permissions to factory settings by loading the pristine file into the database'
- task :pristine => :environment do
- adapter = get_cbac_pristine_adapter
- if adapter.database_contains_cbac_data?
- if ENV['FORCE'] == "true"
- puts "FORCE specified: emptying CBAC tables"
- else
- puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
- exit
- end
- end
-
- if ENV['SKIP_SNAPSHOT'] == 'true'
- puts "\nSKIP_SNAPSHOT provided - not dumping database."
- else
- puts "\nDumping a snapshot of the database"
- Rake::Task["cbac:extract_snapshot"].invoke
- end
- filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
- puts "Parsing pristine file #{filename}"
- pristine_file = adapter.find_or_create_pristine_file(filename)
- adapter.set_pristine_state([pristine_file], true)
- puts "Applied #{pristine_file.permissions.length.to_s} permissions."
- puts "Task cbac:pristine finished."
- end
-
- desc 'Restore generic permissions to factory settings'
- task :pristine_generic => :environment do
- adapter = get_cbac_pristine_adapter
- if adapter.database_contains_cbac_data?
- if ENV['FORCE'] == "true"
- puts "FORCE specified. Dropping all generic permissions and replacing them with generic pristine"
- adapter.delete_generic_known_permissions
- adapter.delete_generic_permissions
- else
- puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
- exit
- end
- end
-
- if ENV['SKIP_SNAPSHOT'] == 'true'
- puts "\nSKIP_SNAPSHOT provided - not dumping database."
- else
- puts "\nDumping a snapshot of the database"
- Rake::Task["cbac:extract_snapshot"].invoke
- end
-
- filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
- puts "Parsing pristine file #{filename}"
- pristine_file = adapter.find_or_create_generic_pristine_file(filename)
- adapter.set_pristine_state([pristine_file], false)
- puts "Applied #{pristine_file.permissions.length.to_s} permissions."
- puts "Task cbac:pristine_generic finished."
- end
-
- desc 'Restore all permissions to factory state. Uses the pristine file and the generic pristine file'
- task :pristine_all => :environment do
- adapter = get_cbac_pristine_adapter
- if adapter.database_contains_cbac_data?
- if ENV['FORCE'] == "true"
- puts "FORCE specified: emptying CBAC tables"
- else
- puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
- exit
- end
- end
-
- if ENV['SKIP_SNAPSHOT'] == 'true'
- puts "\nSKIP_SNAPSHOT provided - not dumping database."
- else
- puts "\nDumping a snapshot of the database"
- Rake::Task["cbac:extract_snapshot"].invoke
- end
- filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
- generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
- puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
- pristine_file = adapter.find_or_create_pristine_file(filename)
- generic_pristine_file = adapter.find_or_create_generic_pristine_file(generic_filename)
- adapter.set_pristine_state([pristine_file, generic_pristine_file], true)
- puts "Applied #{pristine_file.permissions.length.to_s} permissions and #{generic_pristine_file.permissions.length.to_s} generic permissions."
- puts "Task cbac:pristine_all finished."
- end
-
- desc 'Upgrade permissions by adding them to the staging area. Does not upgrade generic permissions'
- task :upgrade_pristine => :environment do
- adapter = get_cbac_pristine_adapter
- if ENV['SKIP_SNAPSHOT'] == 'true'
- puts "\nSKIP_SNAPSHOT provided - not dumping database."
- else
- puts "\nDumping a snapshot of the database"
- Rake::Task["cbac:extract_snapshot"].invoke
- end
-
- ENV['CHANGE_TYPE'] = 'context'
- filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
- puts "Parsing pristine file #{filename}"
-
- pristine_file = adapter.find_or_create_pristine_file(filename)
- adapter.delete_non_generic_staged_permissions
- puts "Deleted all staged context and administrator permissions"
-
- adapter.stage_permissions([pristine_file])
- puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions."
- puts "Task cbac:upgrade_pristine finished."
- end
-
-
- desc 'Upgrade generic permissions by adding them to the staging area. Does not upgrade context or admin permissions.'
- task :upgrade_pristine_generic => :environment do
- adapter = get_cbac_pristine_adapter
- if ENV['SKIP_SNAPSHOT'] == 'true'
- puts "\nSKIP_SNAPSHOT provided - not dumping database."
- else
- puts "\nDumping a snapshot of the database"
- Rake::Task["cbac:extract_snapshot"].invoke
- end
-
- ENV['CHANGE_TYPE'] = 'context'
- generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
-
- puts "Parsing pristine file #{generic_filename}"
- generic_pristine_file = adapter.find_or_create_generic_pristine_file(generic_filename)
-
- adapter.delete_non_generic_staged_permissions
- puts "Deleted all staged generic permissions"
-
- adapter.stage_permissions([generic_pristine_file])
- puts "Staged #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
- puts "Task cbac:upgrade_pristine finished."
- end
-
- desc 'Upgrade all permissions by adding them to the staging area.'
- task :upgrade_all => :environment do
- adapter = get_cbac_pristine_adapter
- if ENV['SKIP_SNAPSHOT'] == 'true'
- puts "\nSKIP_SNAPSHOT provided - not dumping database."
- else
- puts "\nDumping a snapshot of the database"
- Rake::Task["cbac:extract_snapshot"].invoke
- end
-
- ENV['CHANGE_TYPE'] = 'context'
- filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
- generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
- puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
-
- pristine_file = adapter.find_or_create_pristine_file(filename)
- generic_pristine_file = adapter.find_or_create_generic_pristine_file(generic_filename)
-
- adapter.delete_generic_staged_permissions
- adapter.delete_non_generic_staged_permissions
- puts "Deleted all current staged permissions"
-
-
- adapter.stage_permissions([pristine_file, generic_pristine_file])
- puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions and #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
- puts "Task cbac:upgrade_all finished."
- end
-end
+#TODO: zip (or something) the directory resulting from a snapshot and delete it
+#TODO: unzip (or something) the provided snapshot and load from it, then delete temp dir
+#TODO: add staging area to extracted snapshot, inserted snapshot, clearing code, etc.
+
+#TODO: add comments to pristine lines, in a Comment() style
+
+# WARNING: Non-changes are not saved as known_permissions when using pristine or such. THIS IS NOT A BUG! Think of the following scenario:
+# 1) Developers grant permission X
+# 2) User deploys. Permission X is granted in the database.
+# 3) User revokes permission X
+# 4) Developers revoke permission X
+# 5) User upgrades. No change in permission X detected, (since devteam and user agree) so the user is not prompted to accept the change.
+# 6) User grants permission X again
+# 7) User upgrades again. At this point, we want the user to be warned that the devteam thinks granting this permission is not a good idea.
+# This is only possible if the non-change in #5 is not registered as KnownChange
+
+# Get a privilege set that fulfills the provided conditions
+ def get_privilege_set(conditions)
+ Cbac::PrivilegeSetRecord.first(:conditions => conditions)
+ end
+
+# Get a Hash containing all entries from the provided table
+ def select_all(table)
+ ActiveRecord::Base.connection.select_all("SELECT * FROM %s;" % table)
+ end
+
+# Generate a usable filename for dumping records of the specified type
+ def get_filename(type)
+ "#{ENV['SNAPSHOT_NAME']}/cbac_#{type}.yml"
+ end
+
+ def load_objects_from_yaml(type)
+ filename = get_filename(type)
+
+ Yaml.load_file(filename)
+ end
+
+# Dump the specified permissions to a YAML file
+ def dump_permissions_to_yaml_file(permissions)
+ permissions.each do |cp|
+ privilege_set_name = get_privilege_set(:id => cp['privilege_set_id']).name
+ cp['privilege_set_id'] = "<%= Cbac::PrivilegeSetRecord.find(:first, :conditions => {:name => '#{privilege_set_name}'}).id %>"
+ end
+ dump_objects_to_yaml_file(permissions, "permissions")
+ end
+
+# Dump a set of objects to a YAML file. Filename is determined by type-string
+ def dump_objects_to_yaml_file(objects, type)
+ filename = get_filename(type)
+
+ puts "Writing #{type} to disk"
+
+ File.open(filename, "w") do |output_file|
+ index = "0000"
+ output_file.write objects.inject({}) { |hash, record|
+ hash["#{type.singularize}_#{index.succ!}"] = record
+ hash
+ }.to_yaml
+ end
+ end
+
+ def get_cbac_pristine_adapter
+ adapter_class = Class.new
+ adapter_class.send :include, Cbac::CbacPristine
+ adapter_class.new
+ end
+
+ namespace :cbac do
+ desc 'Initialize CBAC tables with bootstrap data. Allows ADMINUSER to log in and visit CBAC administration pages. Also, if a Privilege Set called "login" exists, this privilege is granted to "everyone"'
+ task :bootstrap => :environment do
+ adapter = get_cbac_pristine_adapter
+ if adapter.database_contains_cbac_data?
+ if ENV['FORCE'] == "true"
+ puts "FORCE specified: emptying CBAC tables"
+ adapter.clear_cbac_tables
+ else
+ puts "CBAC bootstrap failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+ exit
+ end
+ end
+
+ adminuser = ENV['ADMINUSER'] || 1
+ login_privilege_set = get_privilege_set(:name => "login")
+ everybody_context_role = ContextRole.roles[:everybody]
+ if !login_privilege_set.nil? and !everybody_context_role.nil?
+ puts "Login privilege exists. Allowing context role 'everybody' to use login privilege"
+ login_permission = Cbac::Permission.new(:context_role => 'everybody', :privilege_set_id => login_privilege_set.id)
+ throw "Failed to save Login Permission" unless login_permission.save
+ end
+
+ puts "Creating Generic Role: administrators"
+ admin_role = Cbac::GenericRole.new(:name => "administrator", :remarks => "System administrators - may edit CBAC permissions")
+ throw "Failed to save new Generic Role" unless admin_role.save
+
+ puts "Creating Administrator Membership for user #{adminuser}"
+ membership = Cbac::Membership.new(:user_id => adminuser, :generic_role_id => admin_role.id)
+ throw "Failed to save new Administrator Membership" unless membership.save
+
+ begin
+ admin_privilege_set_id = get_privilege_set({:name => 'cbac_administration'}).id
+ rescue
+ throw "No PrivilegeSet cbac_administration defined. Aborting."
+ end
+ cbac_admin_permission = Cbac::Permission.new(:generic_role_id => admin_role.id, :privilege_set_id => admin_privilege_set_id)
+ throw "Failed to save Cbac_Administration Permission" unless cbac_admin_permission.save
+
+ puts <<EOF
+**********************************************************
+* Succesfully bootstrapped CBAC. The specified user (# #{adminuser} ) *
+* may now visit the cbac administration pages, which are *
+* located at the URL /cbac/permissions/index by default *
+**********************************************************
+EOF
+ end
+
+ desc 'Extract a snapshot of the current authorization settings, which can later be restored using the restore_snapshot task. Parameter SNAPSHOT_NAME determines where the snapshot is stored'
+ task :extract_snapshot => :environment do
+ if ENV['SNAPSHOT_NAME'].nil?
+ puts "Missing argument SNAPSHOT_NAME. Substituting timestamp for SNAPSHOT_NAME"
+ require 'date'
+ ENV['SNAPSHOT_NAME'] = DateTime.now.strftime("%Y%m%d%H%M%S")
+ end
+
+ if File::exists?(ENV['SNAPSHOT_NAME']) # Directory already exists!
+ if ENV['FORCE'] == "true"
+ puts "FORCE specified - overwriting older snapshot with same name."
+ else
+ puts "A snapshot with the given name (#{ENV['SNAPSHOT_NAME']}) already exists, and overwriting is dangerous. Specify FORCE=true to override this check"
+ exit
+ end
+ else # Directory does not exist yet
+ FileUtils.mkdir(ENV['SNAPSHOT_NAME'])
+ end
+
+ puts "Extracting CBAC permissions to #{ENV['SNAPSHOT_NAME']}"
+
+ # Don't need privilege sets since they are loaded from a config file.
+ staged_changes = select_all "cbac_staged_permissions"
+ dump_objects_to_yaml_file(staged_changes, "staged_permissions")
+
+ staged_roles = select_all "cbac_staged_roles"
+ dump_objects_to_yaml_file(staged_roles, "staged_roles")
+
+ permissions = select_all "cbac_permissions"
+ dump_permissions_to_yaml_file(permissions)
+
+ generic_roles = select_all "cbac_generic_roles"
+ dump_objects_to_yaml_file(generic_roles, "generic_roles")
+
+ memberships = select_all "cbac_memberships"
+ dump_objects_to_yaml_file(memberships, "memberships")
+
+ known_permissions = select_all "cbac_known_permissions"
+ dump_objects_to_yaml_file(known_permissions, "known_permissions")
+ end
+
+ desc 'Restore a snapshot of authorization settings that was extracted earlier. Specify a snapshot using SNAPSHOT_NAME'
+ task :restore_snapshot => :environment do
+ adapter = get_cbac_pristine_adapter
+ if ENV['SNAPSHOT_NAME'].nil?
+ puts "Missing required parameter SNAPSHOT_NAME. Exiting."
+ exit
+ elsif adapter.database_contains_cbac_data?
+ if ENV['FORCE'] == "true"
+ puts "FORCE specified: emptying CBAC tables"
+ adapter.clear_cbac_tables
+ else
+ puts "Reloading snapshot failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+ exit
+ end
+ end
+
+ puts "Restoring snapshot #{ENV['SNAPSHOT_NAME']}"
+
+ ENV['FIXTURES_PATH'] = ENV['SNAPSHOT_NAME']
+
+ # Don't need privilege sets since they are loaded from a config file.
+ ENV['FIXTURES'] = "cbac_generic_roles,cbac_memberships,cbac_known_permissions,cbac_permissions,cbac_staged_permissions, cbac_staged_roles"
+
+ Rake::Task["db:fixtures:load"].invoke
+ puts "Successfully restored snapshot."
+ #TODO: check if rake task was successful. else
+ # puts "Restoring snapshot failed."
+ #end
+ end
+
+ desc 'Restore permissions to factory settings by loading the pristine file into the database'
+ task :pristine => :environment do
+ adapter = get_cbac_pristine_adapter
+ if adapter.database_contains_cbac_data?
+ if ENV['FORCE'] == "true"
+ puts "FORCE specified: emptying CBAC tables"
+ else
+ puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+ exit
+ end
+ end
+
+ if ENV['SKIP_SNAPSHOT'] == 'true'
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
+ else
+ puts "\nDumping a snapshot of the database"
+ Rake::Task["cbac:extract_snapshot"].invoke
+ end
+ filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+ puts "Parsing pristine file #{filename}"
+ pristine_file = adapter.find_or_create_pristine_file(filename)
+ adapter.set_pristine_state([pristine_file], true)
+ puts "Applied #{pristine_file.permissions.length.to_s} permissions."
+ puts "Task cbac:pristine finished."
+ end
+
+ desc 'Restore generic permissions to factory settings'
+ task :pristine_generic => :environment do
+ adapter = get_cbac_pristine_adapter
+ if adapter.database_contains_cbac_data?
+ if ENV['FORCE'] == "true"
+ puts "FORCE specified. Dropping all generic permissions and replacing them with generic pristine"
+ adapter.delete_generic_known_permissions
+ adapter.delete_generic_permissions
+ else
+ puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+ exit
+ end
+ end
+
+ if ENV['SKIP_SNAPSHOT'] == 'true'
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
+ else
+ puts "\nDumping a snapshot of the database"
+ Rake::Task["cbac:extract_snapshot"].invoke
+ end
+
+ filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+ puts "Parsing pristine file #{filename}"
+ pristine_file = adapter.find_or_create_generic_pristine_file(filename)
+ adapter.set_pristine_state([pristine_file], false)
+ puts "Applied #{pristine_file.permissions.length.to_s} permissions."
+ puts "Task cbac:pristine_generic finished."
+ end
+
+ desc 'Restore all permissions to factory state. Uses the pristine file and the generic pristine file'
+ task :pristine_all => :environment do
+ adapter = get_cbac_pristine_adapter
+ if adapter.database_contains_cbac_data?
+ if ENV['FORCE'] == "true"
+ puts "FORCE specified: emptying CBAC tables"
+ else
+ puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+ exit
+ end
+ end
+
+ if ENV['SKIP_SNAPSHOT'] == 'true'
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
+ else
+ puts "\nDumping a snapshot of the database"
+ Rake::Task["cbac:extract_snapshot"].invoke
+ end
+ filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+ generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+ puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
+ pristine_file = adapter.find_or_create_pristine_file(filename)
+ generic_pristine_file = adapter.find_or_create_generic_pristine_file(generic_filename)
+ adapter.set_pristine_state([pristine_file, generic_pristine_file], true)
+ puts "Applied #{pristine_file.permissions.length.to_s} permissions and #{generic_pristine_file.permissions.length.to_s} generic permissions."
+ puts "Task cbac:pristine_all finished."
+ end
+
+ desc 'Upgrade permissions by adding them to the staging area. Does not upgrade generic permissions'
+ task :upgrade_pristine => :environment do
+ adapter = get_cbac_pristine_adapter
+ if ENV['SKIP_SNAPSHOT'] == 'true'
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
+ else
+ puts "\nDumping a snapshot of the database"
+ Rake::Task["cbac:extract_snapshot"].invoke
+ end
+
+ ENV['CHANGE_TYPE'] = 'context'
+ filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+ puts "Parsing pristine file #{filename}"
+
+ pristine_file = adapter.find_or_create_pristine_file(filename)
+ adapter.delete_non_generic_staged_permissions
+ puts "Deleted all staged context and administrator permissions"
+
+ adapter.stage_permissions([pristine_file])
+ puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions."
+ puts "Task cbac:upgrade_pristine finished."
+ end
+
+
+ desc 'Upgrade generic permissions by adding them to the staging area. Does not upgrade context or admin permissions.'
+ task :upgrade_pristine_generic => :environment do
+ adapter = get_cbac_pristine_adapter
+ if ENV['SKIP_SNAPSHOT'] == 'true'
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
+ else
+ puts "\nDumping a snapshot of the database"
+ Rake::Task["cbac:extract_snapshot"].invoke
+ end
+
+ ENV['CHANGE_TYPE'] = 'context'
+ generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+
+ puts "Parsing pristine file #{generic_filename}"
+ generic_pristine_file = adapter.find_or_create_generic_pristine_file(generic_filename)
+
+ adapter.delete_non_generic_staged_permissions
+ puts "Deleted all staged generic permissions"
+
+ adapter.stage_permissions([generic_pristine_file])
+ puts "Staged #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
+ puts "Task cbac:upgrade_pristine finished."
+ end
+
+ desc 'Upgrade all permissions by adding them to the staging area.'
+ task :upgrade_all => :environment do
+ adapter = get_cbac_pristine_adapter
+ if ENV['SKIP_SNAPSHOT'] == 'true'
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
+ else
+ puts "\nDumping a snapshot of the database"
+ Rake::Task["cbac:extract_snapshot"].invoke
+ end
+
+ ENV['CHANGE_TYPE'] = 'context'
+ filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+ generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+ puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
+
+ pristine_file = adapter.find_or_create_pristine_file(filename)
+ generic_pristine_file = adapter.find_or_create_generic_pristine_file(generic_filename)
+
+ adapter.delete_generic_staged_permissions
+ adapter.delete_non_generic_staged_permissions
+ puts "Deleted all current staged permissions"
+
+
+ adapter.stage_permissions([pristine_file, generic_pristine_file])
+ puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions and #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
+ puts "Task cbac:upgrade_all finished."
+ end
+end