Smartguard Permissioning System

This is a demonstration application for Smartleaf's permissioning code, now being packaged as the "smartguard" plugin. See the slide presentation for an overview, and the rdoc for details.

The plugin is now available as a zip file, as a git repository which can be cloned with

  $ git clone http://dev.smartleaf.com/permissioning/plugin/.git

or incorporated into a git-based project (with git 1.5.3 or newer) with

  $ git submodule add http://dev.smartleaf.com/permissioning/plugin/.git vendor/plugins/smartguard

and the source code may be perused here and the rdoc here.

A demo application is also available as a zip file, as a git repository, which can be cloned with

  $ git clone http://dev.smartleaf.com/permissioning/demoapp/.git

or by directly perusing the source code here

The code has only been recently tested on Rails 2.0.2. The controllers require two plugins from Argument From Design (though the core permissioning code does not), so to make it operate:

 $ script/plugin install http://svn.ardes.com/rails_plugins/resources_controller/
 $ script/plugin install http://svn.ardes.com/rails_plugins/inherit_views/

Also, after instantiating the schema as usual with

 $ rake db:migrate

you'll need to create the initial user and roles with

 $ ruby script/bootstrap_perms

Take note of the password of the initial user as reported by the script; you'll need it to log in. (I'm doing things this way to avoid creating a well-known user/password combination, a la "scott/tiger" on more than half the Oracle installations on the planet).

The core permissioning code mostly resides in the 'lib' directory. However, certain models, particularly Role, User, RoleAssignment, and (of course) Permission also contain core functionality; these are in the app/models directory, as usual, and model layer tests reside in test/unit. (Also included is a small plugin that provides support for foreign key constraints, based in part on earlier work by bubbleware.com and atmos.org).

These files are, right now, embedded in a demo application which presents a rather elaborate "shopping" scenario, in which the following objects exist and have various access rights:

Products --- items that may be offered for sale
Stores --- storefronts that offer Products for sale to the public
Offers --- a record that a particular store has a given product on sale, perhaps at a discount.
Firms --- companies that might have Products or Stores, and which also have user affiliations.
Orders and LineItems --- the obvious components of customer shopping carts.

(As to what this might actually _be_ in real life, consider, say, booksite.com, which actually does offer a common back end for multiple independent bookshops, and could conceivably also offer publishers the right to maintain their lists on the system; both publishers and store owners would be firms, with disparate sets of access rights. In fact, publishing for real is probably _more_ complicated, due to the involvement of large-scale distributors like Ingram... but I digress).

This version of the code has been tested on Postgres and Mysql.