authentication-access_control-template.rb

# Template created by Nanda Lopes (http://twitter.com/NandaL)
# Usage: rails myapp -m authentication-access_control-template.rb


# Remove unnecessary Rails files
run 'rm README'
run 'rm public/index.html'
run 'rm public/favicon.ico'
run 'rm public/images/rails.png'


# Copy database.yml
run 'cp config/database.yml config/database.yml.example'

gem "authlogic"
gem "declarative_authorization", :source => "http://gemcutter.org"
gem "faker" if yes?("Use faker to generate fake data? (y/n)")
# gem 'rubyist-aasm'
# Install gems on local system
rake('gems:install', :sudo => true) if yes?('Install gems on local system? (y/n)')

generate :controller, 'welcome', 'index'
route "map.root :controller => 'welcome', :action => 'index'"

# Use database (active record) session store
# rake('db:sessions:create')
file 'config/authorization_rules.rb.example', <<-FILE
privileges do
  privilege :manage, :includes => [:create, :read, :update, :delete]
  privilege :create, :includes => :new
  privilege :read, :includes => [:index, :show]
  privilege :update, :includes => :edit
  privilege :delete, :includes => :destroy
end

authorization do
  role :admin do
    includes :loggedin
  end
  
  role :guest do
    has_permission_on :welcome, :to => [:read]
    has_permission_on :password_resets, :to => [:manage]
    has_permission_on :user_sessions, :to => [:create]
    has_permission_on :users, :to => [:create]
  end
  
  role :loggedin do
    includes :guest
    has_permission_on :users, :to => [:read, :update, :delete]
    has_permission_on :user_sessions, :to => [:read, :update, :delete]
  end
end
FILE


### Authlogic setup
generate :controller, 'user_sessions', 'new', 'create', 'destroy'
generate :model, 'user'
generate :controller, 'users', 'show', 'new', 'edit', 'create', 'update', 'destroy'

route "map.resource 'account', :controller => 'users'"
route "map.login 'login', :controller => 'user_sessions', :action => 'new'"
route "map.logout 'logout', :controller => 'user_sessions', :action => 'destroy'"
route "map.signup 'signup', :controller => 'users', :action => 'new'"

file 'db/authlogic_model.example', <<-FILE
    t.string    :login,               :null => false                # optional, you can use email instead, or both
    t.string    :email,               :null => false                # optional, you can use login instead, or both
    t.string    :crypted_password,    :null => false                # optional, see below
    t.string    :password_salt,       :null => false                # optional, but highly recommended
    t.string    :persistence_token,   :null => false                # required
    t.string    :single_access_token, :null => false                # optional, see Authlogic::Session::Params
    t.string    :perishable_token,    :null => false                # optional, see Authlogic::Session::Perishability

    # Magic columns, just like ActiveRecord's created_at and updated_at. These are automatically maintained by Authlogic if they are present.
    t.integer   :login_count,         :null => false, :default => 0 # optional, see Authlogic::Session::MagicColumns
    t.integer   :failed_login_count,  :null => false, :default => 0 # optional, see Authlogic::Session::MagicColumns
    t.datetime  :last_request_at                                    # optional, see Authlogic::Session::MagicColumns
    t.datetime  :current_login_at                                   # optional, see Authlogic::Session::MagicColumns
    t.datetime  :last_login_at                                      # optional, see Authlogic::Session::MagicColumns
    t.string    :current_login_ip                                   # optional, see Authlogic::Session::MagicColumns
    t.string    :last_login_ip                                      # optional, see Authlogic::Session::MagicColumns
FILE

file 'db/authlogic_session.example', <<-FILE
    t.string :session_id, :null => false
    t.text :data
    t.timestamps
    
    add_index :sessions, :session_id
    add_index :sessions, :updated_at
FILE

# Models for authologic
file 'app/models/user_session.rb', <<-FILE
class UserSession < Authlogic::Session::Base
  self.logout_on_timeout = true
end
FILE
session_time_out = ask("Session expires in ... (minutes) ?")
file 'app/models/user.rb', <<-FILE
class User < ActiveRecord::Base
  acts_as_authentic do |c|
    c.logged_in_timeout(#{session_time_out}.minutes)
  end
end
FILE
# Controllers for authlogic
file 'app/controllers/user_sessions_controller.rb', <<-FILE
class UserSessionsController < ApplicationController
  before_filter :require_no_user, :only => [:new, :create]
  before_filter :require_user, :only => :destroy
  
  def new
    @user_session = UserSession.new
  end

  def create
    @user_session = UserSession.new(params[:user_session])
    if @user_session.save
      redirect_to account_url
    else
      render :action => :new
    end
  end

  def destroy
    current_user_session.destroy
    redirect_to new_user_session_url
  end
end
FILE
file 'app/controllers/users_controller.rb', <<-FILE
class UsersController < ApplicationController
  before_filter :require_no_user, :only => [:new, :create]
  before_filter :require_user, :only => [:show, :edit, :update]
  
  def new
    @user = User.new
  end
  
  def create
    @user = User.new(params[:user])
    if @user.save
      flash[:notice] = "Account registered!"
      redirect_back_or_default account_url
    else
      render :action => :new
    end
  end
  
  def show
    @user = @current_user
  end
 
  def edit
    @user = @current_user
  end
  
  def update
    @user = @current_user # makes our views "cleaner" and more consistent
    if @user.update_attributes(params[:user])
      flash[:notice] = "Account updated!"
      redirect_to account_url
    else
      render :action => :edit
    end
  end
end
FILE
file 'app/controllers/application_controller.rb', <<-FILE
class ApplicationController
  helper :all # include all helpers, all the time

  # Scrub sensitive parameters from your log
  filter_parameter_logging :password, :password_confirmation
  # Metodos disponiveis para View
  helper_method :current_user_session, :current_user
    
  private
    def current_user_session
      return @current_user_session if defined?(@current_user_session)
      @current_user_session = UserSession.find
    end

    def current_user
      return @current_user if defined?(@current_user)
      @current_user = current_user_session && current_user_session.user
    end
    
    def require_user
      unless current_user
        store_location
        flash[:notice] = "You must be logged in to access this page"
        redirect_to new_user_session_url
        return false
      end
    end
 
    def require_no_user
      if current_user
        store_location
        flash[:notice] = "You must be logged out to access this page"
        redirect_to account_url
        return false
      end
    end
    
    def store_location
      session[:return_to] = request.request_uri
    end
    
    def redirect_back_or_default(default = root_url)
      redirect_to(session[:return_to] || default)
      session[:return_to] = nil
    end
    
    def permission_denied
      store_location
      flash[:error] = t('controller.errors.access_denied')
      respond_to do |format|
        format.html { redirect_to(root_url) }
        format.xml  { head :unauthorized }
        format.js   { head :unauthorized }
      end
    end
end
FILE

rake('db:sessions:create')


# Create .gitignore file
file '.gitignore', <<-FILE
.DS_Store
log/*.log
tmp/**/*
config/database.yml
db/*.sqlite3
# projects settings
.loadpath
.project
.tmp*
*.swp
*\~
*.zip
!vendor/plugins
FILE

run "touch tmp/.gitignore log/.gitignore vendor/.gitignore"

# Set up git repository
git :init
git :add => '.'
git :commit => "-a -m 'Initial commit'"
git :branch => 'maint'
git :branch => 'next'
git :checkout => 'next'