search for: modelsecurity

Displaying 17 results from an estimated 17 matches for "modelsecurity".

2008 Sep 12
3
Help: A copy of ModelSecurity has been removed from the module tree but is still active!
Hi all, I''m posting this in the hope that someone who understands rails dependencies can shed some light. I''ve implemented a "ModelSecurity" module in the vein of Bruce Peren''s old ModelSecurity plugin (http://rubyforge.org/projects/model- security/). My ModelSecurity module lives in $RAILS_ROOT/lib. It is automatically included into ActiveRecord::Base by a file in config/initializers. Everything works fine and dandy (i...
2006 May 17
1
Experiences with ModelSecurity
Hiall, I would be very interested in your opinions on the ModelSecurity plugin by Bruce Perens. http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html Some time ago, I read on a few pages that it is the way to go, on this list however, I didn''t read much about it. Apart from it''s security level, quoted from comments in source code: # FIX: At th...
2006 Mar 04
0
ModelSecurity for Rails by Bruce Perens
Modelsecurity aims to provide access control within the data model so that it becomes easy & efficient to specify read or write access to individual fields. It has one of those "why didn''t I think of that?" designs which make a lot of sense. Has anyone else tried using the latest rele...
2006 Feb 14
4
Fine grained access control
Hi, I''m building an application which is going to require quite fine grained access control. Deciding if a user is allowed to access an action will probably require checking quite number of different rules, so a simple role-based system won''t be flexible enough. The approach I think I will try first is, if it''s possible, to ignore permission issues inside the
2006 May 10
13
Issue in ActiveRecord generated reader methods
Hi all! I have come into a strange issue in Rails that I am hoping someone can shed some light. To make a very long story short, I have been researching how to override ActiveRecord::Base#read_attribute and write_attribute to perform security checks at the model level (influenced by the ModelSecurity generator). Shortly after implementing some code to check this behavior, I began to see undefined behavior from rails. The first request to read an attribute would be denied correctly, however further requests would proceed without fail. After a lot of searching, I think I have traced the...
2006 Apr 04
4
Membership Management System Plugin/Gem?
Hi, I''m looking to create an online internet community for managing user profiles and other data. Thus, I would need that has the following features: o authentication - protect individual member pages/directories o session management o retrieve and reset passwords In short, I''m looking to create an online community. Thus, can someone direct me to a plugin(s) for
2006 Jan 16
2
LoginEngine vs. LoginGenerator?
I just saw a mention here of LoginEngine, which I hadn''t heard of before. Last week when I was digging for user-account sample code for my web-app, I instead found the LoginGenerator and started using that: http://wiki.rubyonrails.com/rails/pages/LoginGenerator Is one of these preferred over the other? From skimming the API docs, it does seem that LoginEngine has more features,
2006 Jan 23
5
can''t install model_security_generator
I''m trying to install Bruce Perens'' ModelSecurity gem, but it keeps asking me if I want to install rails too (I have already installed rails). It exits if I say no and crashes if I say yes: C:\>"c:\ruby\bin\ruby.exe" "c:\ruby\bin\gem" install model_security_generator Attempting local installation of ''model_securi...
2006 Mar 02
3
Modifying "Find" to always add a condition?
I''d like to always add a condition to any version of "find" (e.g. Thing.find(), Thing.find_by_name(), Thing.find_by_whatever) so that in addition to whatever conditions are set, an additional condition is set :conditions=>"user_id=#{current_user.id}" I''d like to make sure that a user only sees/edits/creates entries in the database that have the user_id
2006 Apr 22
2
restrict specific model columns per user
Does anyone know a way to restrict access to specific columns in the model to specific users? My plan was to use the session hash to check the permissions of the logged in user in an overridden method of the same name as the model accessor I wanted to restrict, but the model can''t acecss the session. Any other ideas? -- Posted via http://www.ruby-forum.com/.
2006 Feb 26
5
log in
How to carry out log in, whether that is we enter a login and the password and it is checked is in a database? -- Posted via http://www.ruby-forum.com/.
2007 Mar 01
0
association extensions - has_one
Hi, I''m struggling with something that must be very common pattern, and want to do it the correct rails/ruby way but am a bit dense ! I have users - an admin user, registered users and a guest user (using ModelSecurity) For many of linked associations I want the admin to be able to list or edit all instances, the registered user only their own one and guest none at all. So somehow I want to over ride or extend the associations, or find, so that the condition is captured in one place and my controller/view code...
2006 Apr 14
2
Rails AWS authentication????
I want to setup an api for my web app, but i had a few question on the best way to do this. I was hoping for some input from you experienced individuals and rails rock stars. 1) Is there a way to implement a login in feature so that api methods cant be called without proper authorization? This is so i can log activity and use of the api from different people and so -------------- next part
2006 Apr 28
4
Call for patterns...
Hi group, I was wondering if anyone more experienced could help me to find a good pattern for two things: 1. How to group controllers. Example: We have an admin panel with: user_managment_controller.rb priv_managment_controller.rb widget_controller.rb User panel with: mystuff_controller.rb mytags_controller.rb profile_controller.rb And frontend with: widget_controller.rb etc... How do I group
2006 May 10
8
dynamic setting of username and password in database.yml
Hello I''ve now read a lot about application-level authentication in Rails, but I need to do database-level authentication. The reason is that my database needs to have the current_user (database current_user, not current_user defined in an ActiveRecord Model) set to execute triggers for automatically updating audit tables. So it is not enough to have a session check against a User
2006 Jan 12
9
Scaffold shows all attributes altough I use attr_accessible!
Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What
2006 Apr 18
7
Connecting to multiple databases
...SHOW FIELDS FROM web_ca_admin_sandbox_bases CODE -------- class WebCaAdminSandboxBase < ActiveRecord::Base establish_connection "webcaadmin_sandbox_#{RAILS_ENV}" end class Community < WebCaAdminSandboxBase # This causes the security features to be added to the model. include ModelSecurity belongs_to :user has_many :communal_audits def initialize super #... end end class WebadminController < ApplicationController #scaffold :community helper :ModelSecurity model :year, :community, :communal_audit, :ca_module, :ca_figure,...