Hi all
I''m integrating some basic authorization stuff. When a user hits
/countries/some_unknown_action, then Rails displays a "Unknown action"
message (in development mode). When an unauthorized user hits
/countries/action_that_needs_authorization, then I''d like Rails to
behave exactly the same way (because some error like "you don''t
have
permission to..." would encourage hackers to re-attempt the action).
I already tried it with
return render(:file => "#{RAILS_ROOT}/public/404.html", :layout
=>
false, :status => 404)
But I guess that''s not really the best way, because it''s
hard-coded and
doesn''t rely on Rails'' own mechanism to display the 404 page.
So I tried
it using
raise ActionController::UnknownAction
But it seems that this Exception is only used by the functional tests.
So what should I do to rely on Rails'' own mechanism to display the 404
page?
Thanks a lot
Josh
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Oh, even cooler would be to distinguish between production and development mode! In development mode I''d like to display an Exception, and in production/test mode it should behave like described above. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Wouldn''t anyone seeing that error just become confused as to why a development-mode error message was being shown during a production environment, though? This would encourage me to dig deeper than just a ''get out of my stuff'' message. On Nov 13, 2007 7:21 PM, Joshua Muheim <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Hi all > > I''m integrating some basic authorization stuff. When a user hits > /countries/some_unknown_action, then Rails displays a "Unknown action" > message (in development mode). When an unauthorized user hits > /countries/action_that_needs_authorization, then I''d like Rails to > behave exactly the same way (because some error like "you don''t have > permission to..." would encourage hackers to re-attempt the action). > > I already tried it with > > return render(:file => "#{RAILS_ROOT}/public/404.html", :layout => > false, :status => 404) > > But I guess that''s not really the best way, because it''s hard-coded and > doesn''t rely on Rails'' own mechanism to display the 404 page. So I tried > it using > > raise ActionController::UnknownAction > > But it seems that this Exception is only used by the functional tests. > So what should I do to rely on Rails'' own mechanism to display the 404 > page? > > Thanks a lot > Josh > -- > Posted via http://www.ruby-forum.com/. > > > >-- Edd Morgan http://www.eddm.co.uk +44 (0) 7805 089097 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Edd Morgan wrote:> Wouldn''t anyone seeing that error just become confused as to why a > development-mode error message was being shown during a production > environment, though? This would encourage me to dig deeper than just a > ''get out of my stuff'' message.Well, maybe I confused some stuff in my post. In fact I just want to imitate the same behavior that Rails shows when an unknown action is called, independent of whether I''m in development or in production mode: - When in development mode, do what Rails would do - When in production mode, do what Rails would do I then only added the useful exception (in my 2nd post) of displaying some more info for developers so they can distinguish between really not existing actions and now allowed actions. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Joshua Muheim wrote:> Oh, even cooler would be to distinguish between production and > development mode! > > In development mode I''d like to display an Exception, and in > production/test mode it should behave like described above.This may help: http://api.rubyonrails.org/classes/ActionController/Rescue.html Allows you to define what should happen when a controller raises an exception that isn''t rescued both in development and production. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Daniel Waite wrote:> Joshua Muheim wrote: >> Oh, even cooler would be to distinguish between production and >> development mode! >> >> In development mode I''d like to display an Exception, and in >> production/test mode it should behave like described above. > > This may help: > http://api.rubyonrails.org/classes/ActionController/Rescue.html > > Allows you to define what should happen when a controller raises an > exception that isn''t rescued both in development and production.Thank you! But this is only the "counterpart" of what I want to do - it''s the way to catch exceptions, but I want to throw one (I guess)... -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Are you looking for raise? raise "I blew up!" -Bill Joshua Muheim wrote:> Daniel Waite wrote: > >> Joshua Muheim wrote: >> >>> Oh, even cooler would be to distinguish between production and >>> development mode! >>> >>> In development mode I''d like to display an Exception, and in >>> production/test mode it should behave like described above. >>> >> This may help: >> http://api.rubyonrails.org/classes/ActionController/Rescue.html >> >> Allows you to define what should happen when a controller raises an >> exception that isn''t rescued both in development and production. >> > > Thank you! But this is only the "counterpart" of what I want to do - > it''s the way to catch exceptions, but I want to throw one (I guess)... >-- Sincerely, William Pratt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---