From 0a56477a7284e4d7a5bccd9928c7623afa5bf790 Mon Sep 17 00:00:00 2001 From: Vencislav Atanasov Date: Sun, 22 Oct 2023 22:19:04 +0300 Subject: [PATCH] Delete access control code --- .github/workflows/rspec.yml | 2 - .gitignore | 1 - .../components/_large_buttons.scss | 24 ------- app/controllers/api/doors_controller.rb | 44 ------------ app/models/access_control/door.rb | 58 --------------- app/models/access_control/door_controllers.rb | 1 - .../access_control/door_controllers/dummy.rb | 5 -- .../door_controllers/netcontrol.rb | 33 --------- .../door_controllers/shell_script.rb | 11 --- app/policies/access_control/door_policy.rb | 13 ---- app/views/api/doors/index.json.jbuilder | 5 -- .../api/lights/statuses/show.json.jbuilder | 1 - bin/setup | 5 -- config/application.rb | 2 - config/deploy.rb | 2 +- config/doors.yml.example | 71 ------------------- config/locales/bg.yml | 18 ----- config/locales/en.yml | 18 ----- config/routes.rb | 12 +--- 19 files changed, 2 insertions(+), 324 deletions(-) delete mode 100644 app/controllers/api/doors_controller.rb delete mode 100644 app/models/access_control/door.rb delete mode 100644 app/models/access_control/door_controllers.rb delete mode 100644 app/models/access_control/door_controllers/dummy.rb delete mode 100644 app/models/access_control/door_controllers/netcontrol.rb delete mode 100644 app/models/access_control/door_controllers/shell_script.rb delete mode 100644 app/policies/access_control/door_policy.rb delete mode 100644 app/views/api/doors/index.json.jbuilder delete mode 100644 app/views/api/lights/statuses/show.json.jbuilder delete mode 100644 config/doors.yml.example diff --git a/.github/workflows/rspec.yml b/.github/workflows/rspec.yml index 37cb294a..1af2d225 100644 --- a/.github/workflows/rspec.yml +++ b/.github/workflows/rspec.yml @@ -38,8 +38,6 @@ jobs: # yarn install # yarn build # yarn build:css - - name: Configure Doors - run: cp config/doors.yml.example config/doors.yml - name: Configure Database run: cp config/database.yml.ci config/database.yml - name: Setup Database diff --git a/.gitignore b/.gitignore index d90086c7..5edefce1 100644 --- a/.gitignore +++ b/.gitignore @@ -23,7 +23,6 @@ # Ignore sensitive information /config/database.yml /config/secrets.yml -/config/doors.yml # Ignore simplecov's output /coverage diff --git a/app/assets/stylesheets/components/_large_buttons.scss b/app/assets/stylesheets/components/_large_buttons.scss index 8c1dff1a..3ab6c1cd 100644 --- a/app/assets/stylesheets/components/_large_buttons.scss +++ b/app/assets/stylesheets/components/_large_buttons.scss @@ -33,27 +33,3 @@ form { display: inline-block; } } } - -.door_button { - @extend .btn; - @extend .btn-primary; - @extend .btn-lg; - - @media (max-width: $screen-sm-min) { - width: 250px; - margin-top: 20px; - } - - @media (min-width: $screen-sm-min) and (max-width: $screen-md-max) { - width: 350px; - i.fa { font-size: 36pt; } - margin-top: 30px; - } - - @media (min-width: $screen-lg-min) { - width: 200px; - height: 200px; - i.fa { font-size: 72pt; } - margin: 10px; - } -} diff --git a/app/controllers/api/doors_controller.rb b/app/controllers/api/doors_controller.rb deleted file mode 100644 index 3b8e8f6f..00000000 --- a/app/controllers/api/doors_controller.rb +++ /dev/null @@ -1,44 +0,0 @@ -class Api::DoorsController < Api::ApplicationController - before_action :authorize_scope, :assign_door, :authorize_action, :append_audit_log_entry, except: [:index] - - def index - doorkeeper_authorize! :account_data_read - - @doors = AccessControl::Door.all - end - - def open - perform_door_action :open - end - - def lock - perform_door_action :lock - end - - def unlock - perform_door_action :unlock - end - - private - - def assign_door - @door = AccessControl::Door.find(params[:door_id]) - end - - def authorize_scope - doorkeeper_authorize! :door_control - end - - def authorize_action - authorize @door - end - - def perform_door_action(action) - @door.perform_action(action) - head :no_content - end - - def append_audit_log_entry - AuditLog::ControllerAction.create!(user: current_resource_owner, payload: {parameters: params, host: request.remote_ip}) - end -end diff --git a/app/models/access_control/door.rb b/app/models/access_control/door.rb deleted file mode 100644 index 574ce99e..00000000 --- a/app/models/access_control/door.rb +++ /dev/null @@ -1,58 +0,0 @@ -class AccessControl::Door - include ActiveModel::Model - - attr_reader :id - - def initialize(params) - @id = params[:id] - - @localized_names = params[:human_name] - - @action_permissions = params[:actions].transform_values { _1[:roles] } - - params[:controller].tap do |controller_config| - @controller = - AccessControl::DoorControllers - .const_get(controller_config[:klass]) - .new(**(controller_config[:options] || {})) - end - end - - def self.all - door_config.keys.map { find(_1) } - end - - def self.find(id) - new(**door_config[id].merge(id: id) || raise(ArgumentError, "No such door defined: #{id}")) - end - - def human_name(locale: I18n.locale) - @localized_names[locale] - end - - def supported_actions - @action_permissions.keys - end - - def supported_actions_for(*roles) - supported_actions.select { |action| permitted_roles_for(action).any? { |role| roles.include?(role) } } - end - - def perform_action(action) - raise(ArgumentError, "Door does not support action: #{action.inspect}") unless @action_permissions.key?(action) - - @controller.call(action) - end - - def permitted_roles_for(action) - raise(ArgumentError, "Door does not support action: #{action.inspect}") unless @action_permissions.key?(action) - - @action_permissions[action] - end - - def self.door_config - Rails.application.config.x.doors - end - - private_class_method :door_config, :new -end diff --git a/app/models/access_control/door_controllers.rb b/app/models/access_control/door_controllers.rb deleted file mode 100644 index c27674c1..00000000 --- a/app/models/access_control/door_controllers.rb +++ /dev/null @@ -1 +0,0 @@ -module AccessControl::DoorControllers; end diff --git a/app/models/access_control/door_controllers/dummy.rb b/app/models/access_control/door_controllers/dummy.rb deleted file mode 100644 index 0c9e461c..00000000 --- a/app/models/access_control/door_controllers/dummy.rb +++ /dev/null @@ -1,5 +0,0 @@ -class AccessControl::DoorControllers::Dummy - def call(action) - Rails.logger.error("Dummy controller performed action: #{action}") - end -end diff --git a/app/models/access_control/door_controllers/netcontrol.rb b/app/models/access_control/door_controllers/netcontrol.rb deleted file mode 100644 index 3c1105c5..00000000 --- a/app/models/access_control/door_controllers/netcontrol.rb +++ /dev/null @@ -1,33 +0,0 @@ -class AccessControl::DoorControllers::Netcontrol - PATH = "/iochange.cgi".freeze - TIMEOUT = 5 # seconds - - def initialize(host:, port: 80, username: "admin", password: "password", actions: {}) - @host, @port, @username, @password = host, port, username, password - - @actions = actions.transform_values do |settings| - settings => {port: netcontrol_port, value:} - - URI::HTTP.build( - host: @host, - port: @port, - path: PATH, - query: URI.encode_www_form( - "ref" => "re-io", - netcontrol_port => value - ) - ).freeze - end - end - - def call(action) - request = Net::HTTP::Get.new(@actions.fetch(action)) - request.basic_auth @username, @password - - Net::HTTP.start(@host, @port, read_timeout: TIMEOUT, open_timeout: TIMEOUT, write_timeout: TIMEOUT) do |http| - http.request(request).tap do |response| - raise unless response.is_a?(Net::HTTPSuccess) - end - end - end -end diff --git a/app/models/access_control/door_controllers/shell_script.rb b/app/models/access_control/door_controllers/shell_script.rb deleted file mode 100644 index 292ba883..00000000 --- a/app/models/access_control/door_controllers/shell_script.rb +++ /dev/null @@ -1,11 +0,0 @@ -require "shellwords" - -class AccessControl::DoorControllers::ShellScript - def initialize(script:) - @script = script - end - - def call(action) - system([@script, action].shelljoin) || raise("Error executing command: #{$?}") - end -end diff --git a/app/policies/access_control/door_policy.rb b/app/policies/access_control/door_policy.rb deleted file mode 100644 index 5cbd969f..00000000 --- a/app/policies/access_control/door_policy.rb +++ /dev/null @@ -1,13 +0,0 @@ -class AccessControl::DoorPolicy < ApplicationPolicy - def open? - record.permitted_roles_for(:open).any? { user.has_role?(_1) } - end - - def lock? - record.permitted_roles_for(:open).any? { user.has_role?(_1) } - end - - def unlock? - record.permitted_roles_for(:open).any? { user.has_role?(_1) } - end -end diff --git a/app/views/api/doors/index.json.jbuilder b/app/views/api/doors/index.json.jbuilder deleted file mode 100644 index a9c9819d..00000000 --- a/app/views/api/doors/index.json.jbuilder +++ /dev/null @@ -1,5 +0,0 @@ -json.array! @doors do |door| - json.id door.id - json.name door.human_name - json.supported_actions door.supported_actions.select { door.permitted_roles_for(_1).any? { |role| current_resource_owner.has_role?(role) } } -end diff --git a/app/views/api/lights/statuses/show.json.jbuilder b/app/views/api/lights/statuses/show.json.jbuilder deleted file mode 100644 index 39ed8683..00000000 --- a/app/views/api/lights/statuses/show.json.jbuilder +++ /dev/null @@ -1 +0,0 @@ -json.extract! @status, :status, :policy diff --git a/bin/setup b/bin/setup index 7e0ab7ed..4d551d89 100755 --- a/bin/setup +++ b/bin/setup @@ -65,11 +65,6 @@ Dir.chdir APP_ROOT do system 'cp config/database.yml.example config/database.yml' end - puts "\n== Setting up the door configuration ==" - unless File.exist?('config/doors.yml') - system 'cp config/doors.yml.example config/doors.yml' - end - puts "\n== Preparing database ==" system 'bundle exec rake db:create db:migrate db:test:prepare' diff --git a/config/application.rb b/config/application.rb index b7f8ca3b..f623aad2 100644 --- a/config/application.rb +++ b/config/application.rb @@ -46,7 +46,5 @@ class Application < Rails::Application end config.action_dispatch.rescue_responses["Pundit::NotAuthorizedError"] = :forbidden - - config.x.doors = config_for(:doors) end end diff --git a/config/deploy.rb b/config/deploy.rb index 31d594a9..3a7b7cc0 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -23,7 +23,7 @@ # set :pty, true # Default value for :linked_files is [] -set :linked_files, fetch(:linked_files, []).push("config/doors.yml", "config/database.yml", "config/secrets.yml") +set :linked_files, fetch(:linked_files, []).push("config/database.yml", "config/secrets.yml") # Default value for linked_dirs is [] set :linked_dirs, fetch(:linked_dirs, []).push("log", "tmp/pids", "tmp/cache", "tmp/sockets", "vendor/bundle", "public/system") diff --git a/config/doors.yml.example b/config/doors.yml.example deleted file mode 100644 index 759d95c7..00000000 --- a/config/doors.yml.example +++ /dev/null @@ -1,71 +0,0 @@ -default: &default - example_door: - human_name: - en: Example Door - bg: Примерна Врата - controller: - klass: Dummy - actions: - open: - roles: - - board_member - - trusted_member - example_door_2: - human_name: - en: Example Door 2 - bg: Примерна Врата 2 - controller: - klass: ShellScript - options: - script: '/tmp/foo.sh' - actions: - open: - roles: - - board_member - - trusted_member - example_door_3: - human_name: - en: Example Door 3 - bg: Примерна врата 3 - controller: - klass: Netcontrol - options: - host: 192.168.1.2 - port: 80 - username: admin - password: password - actions: - lock: - port: "08" - value: "01" - unlock: - port: "09" - value: "01" - open: - port: "0A" - value: "01" - actions: - lock: - roles: - - board_member - - trusted_member - - landlord - - tenant - unlock: - roles: - - board_member - - trusted_member - - landlord - - tenant - open: - roles: - - board_member - - trusted_member - - landlord - - tenant - -development: - <<: *default - -test: - <<: *default diff --git a/config/locales/bg.yml b/config/locales/bg.yml index bec7592b..4c040e19 100644 --- a/config/locales/bg.yml +++ b/config/locales/bg.yml @@ -29,24 +29,6 @@ bg: few: OAuth приложения many: OAuth приложения other: OAuth приложения - door/actions/unlock: - zero: отключвания - one: отключване - few: отключвания - many: отключвания - other: отключвания - door/actions/open: - zero: отваряния - one: отваряне - few: отваряния - many: отваряния - other: отваряния - door/actions/lock: - zero: заключвания - one: заключване - few: заключвания - many: заключвания - other: заключвания user: zero: Лабъри one: Лабър diff --git a/config/locales/en.yml b/config/locales/en.yml index 83180f50..e344299f 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -23,24 +23,6 @@ en: phone_number: improbable_phone: must be a valid phone number models: - door/actions/unlock: - zero: unlocks - one: unlock - few: unlocks - many: unlocks - other: unlocks - door/actions/open: - zero: opens - one: open - few: opens - many: opens - other: opens - door/actions/lock: - zero: locks - one: lock - few: locks - many: locks - other: locks user: zero: Lab members one: Lab member diff --git a/config/routes.rb b/config/routes.rb index d1069989..f633af71 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -23,11 +23,7 @@ end end - resources :doors, only: [:index] do - post :open - post :lock - post :unlock - end + resources :doors, only: :index namespace :api, defaults: {format: "json"} do resources :users, only: [] do @@ -38,12 +34,6 @@ resource :current_user, only: :show - resources :doors, only: [:index] do - post :open - post :lock - post :unlock - end - resource :phone_access, only: [], controller: "phone_access" do collection do post "phone_number_token"