#!/usr/bin/env ruby #-- # Copyright (c) 2007 Robert S. Thau, Smartleaf, Inc. # # a copy of this software and associated documentation files (the # "Software"), to deal in the Software without restriction, including # without limitation the rights to use, copy, modify, merge, publish, # distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so, subject to # the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #++ # Script to set up permissioning data structures in a database. # Creates a 'Smartleaf administration' firm, an 'internal admin' # role, and one user, which is named for whoever is running the # script, with a randomly generated password. require File.dirname(__FILE__) + '/../config/boot' ENV["RAILS_ENV"] ||= 'development' require RAILS_ROOT + '/config/environment' require 'etc' pwuid = Etc.getpwuid( Process.uid ) short_name = pwuid.name full_name = pwuid.gecos.gsub(/,.*/, '') password = ARGV[0] || 'x' + rand.to_s[0..6] print "Creating user '#{short_name}' with password '#{password}'\n" print "Creating firm 'Smartleaf'\n" # Setting up permissioning in an empty database. # # What's messy here is that you need permission to add users, # roles and firms --- but in an empty database, there are no # records around which can give us permission to add any new # records. So, to avoid raw SQL, we have the following nonsense: class BootstrapFirm < ActiveRecord::Base set_table_name 'firms' end bfirm = BootstrapFirm.create! :name => 'Smartleaf', :search_name => 'smartleaf', :full_name => 'Smartleaf Administration', :password_lifetime_days => 90, :max_bad_logins => 3, :bad_login_dead_minutes => 5 class BootstrapUser < ActiveRecord::Base set_table_name 'users' end buser = BootstrapUser.create! :name => short_name, :search_name => short_name.downcase, :full_name => full_name, :owner_firm_id => bfirm.id class BootstrapRole < ActiveRecord::Base set_table_name 'roles' end brole = BootstrapRole.create! :name => 'Internal admin', :search_name => 'internal admin', :owner_id => buser.id, :owner_firm_id => bfirm.id class BootstrapPerm < ActiveRecord::Base set_table_name 'permissions' end class BootstrapRoleAssignment < ActiveRecord::Base set_table_name 'role_assignments' end BootstrapRoleAssignment.create! :user_id => buser.id, :role_id => brole.id # The "god bits" --- edit any role, grant any privilege BootstrapPerm.create! :role_id => brole.id, :class_name => 'any', :privilege => 'any', :is_grant => true, :has_grant_option => true, :target_owned_by_self => false BootstrapPerm.create! :role_id => brole.id, :class_name => 'Role', :privilege => 'edit', :is_grant => false, :has_grant_option => false, :target_owned_by_self => false # At this point, we should be bootstrapped to the point # that we can use the ordinary model classes: firm = Firm.find bfirm.id role = Role.find brole.id user = User.find buser.id User.as(user) do [[Firm, %w(create update destroy)], [User, %w(create administer pw_administer set_password allow_others_to_access act_as)], [Role, %w(create destroy assign edit)], ].each do |pair| klass, privs = pair privs.each do |priv| Permission.create! :role => role, :privilege => priv.to_sym, :target_class => klass, :is_grant => false, :has_grant_option => false, :target_owned_by_self => false end end user.permissions :force_reload user.password = password user.save! User.create! :name => 'System List Owner', :search_name => 'system list owner', :full_name => 'System List Owner', :owner_firm_id => bfirm.id end