I''m looking at code in a project. I have no clue what is being passed
into the resource parameter:
def read_authorized?(resource)
if resource.respond_to? :user_read_authorized?
resource.user_read_authorized? current_user
else
true
end
end
Is there any kind of debugging feature I can run to see what gets passed
into resource in this specific instance.
Also, user_read_authorized? is not defined anywhere else in application.
Is that legal in rails? Can someone just define :user_read_authorized?
and it mean something?
Thanks for any suggestions
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
2010/1/22 John Merlino <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>:> I''m looking at code in a project. I have no clue what is being passed > into the resource parameter: > > def read_authorized?(resource) > if resource.respond_to? :user_read_authorized? > resource.user_read_authorized? current_user > else > true > end > end > > Is there any kind of debugging feature I can run to see what gets passed > into resource in this specific instance.Have a look at the Rails Guide on debugging then use ruby-debug to break into the function. Then you can inspect the variables. Colin> > Also, user_read_authorized? is not defined anywhere else in application. > Is that legal in rails? Can someone just define :user_read_authorized? > and it mean something? > > Thanks for any suggestions > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jan 22, 2010, at 1:02 PM, John Merlino wrote:> I''m looking at code in a project. I have no clue what is being passed > into the resource parameter: > > def read_authorized?(resource) > if resource.respond_to? :user_read_authorized? > resource.user_read_authorized? current_user > else > true > end > end > > Is there any kind of debugging feature I can run to see what gets > passed > into resource in this specific instance. > > Also, user_read_authorized? is not defined anywhere else in > application. > Is that legal in rails? Can someone just define :user_read_authorized? > and it mean something? > > Thanks for any suggestionsAs to the second part of your question, it is perfectly "legal" to define your own method names and the behavior that you expect. In this case, it seems like a resource (probably a model) is presumed to be readable (true) unless the resource has defined its own :user_read_authorized? method that takes a user and supplies a particular answer (and if a login has not been required, current_user might be false). Shame on you if your method names don''t make sense, of course. ;-) -Rob Rob Biedenharn http://agileconsultingllc.com Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Colin Law wrote:> 2010/1/22 John Merlino <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>: >> >> Is there any kind of debugging feature I can run to see what gets passed >> into resource in this specific instance. > > Have a look at the Rails Guide on debugging then use ruby-debug to > break into the function. Then you can inspect the variables. > > ColinYeah I followed the rails guide and got this far: MacBook-Pro:trunk user$ script/server --debugger => Booting WEBrick => Rails 2.3.4 application starting on http://0.0.0.0:3000 => Debugger enabled => Call with -d to detach => Ctrl-C to shutdown server Then the rails guide says this: 3.2 The Shell As soon as your application calls the debugger method, the debugger will be started in a debugger shell inside the terminal window where you launched your application server, and you will be placed at ruby-debug’s prompt (rdb:n). The n is the thread number. The prompt will also show you the next line of code that is waiting to run. Unfortunately, I do not get a rdb:n and in fact, I type anything in terminal and nothing happens. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
2010/1/22 John Merlino <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>:> Colin Law wrote: >> 2010/1/22 John Merlino <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>: >>> >>> Is there any kind of debugging feature I can run to see what gets passed >>> into resource in this specific instance. >> >> Have a look at the Rails Guide on debugging then use ruby-debug to >> break into the function. Then you can inspect the variables. >> >> Colin > > Yeah I followed the rails guide and got this far: > > MacBook-Pro:trunk user$ script/server --debugger > => Booting WEBrick > => Rails 2.3.4 application starting on http://0.0.0.0:3000 > => Debugger enabled > => Call with -d to detach > => Ctrl-C to shutdown server > > Then the rails guide says this: > > 3.2 The Shell > > As soon as your application calls the debugger method, the debugger will > be started in a debugger shell inside the terminal window where you > launched your application server, and you will be placed at ruby-debug’s > prompt (rdb:n). The n is the thread number. The prompt will also show > you the next line of code that is waiting to run. > > > Unfortunately, I do not get a rdb:n and in fact, I type anything in > terminal and nothing happens.Have you put the line debugger at the appropriate point to break in your app? That is what it means by your app calling the debugger method. You should then see the break happen in the same window where you started the server (when it gets to the debugger line that is). Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Colin Law wrote:> 2010/1/22 John Merlino <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>: >> >> >> terminal and nothing happens. > Have you put the line > debugger > at the appropriate point to break in your app? That is what it means > by your app calling the debugger method. > > You should then see the break happen in the same window where you > started the server (when it gets to the debugger line that is). > > ColinI get this error message: NoMethodError in RolesController#new undefined method `run_init_script'' for Debugger:Module -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
John Merlino wrote:> Colin Law wrote: >> 2010/1/22 John Merlino <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>: >>> >>> >>> terminal and nothing happens. >> Have you put the line >> debugger >> at the appropriate point to break in your app? That is what it means >> by your app calling the debugger method. >> >> You should then see the break happen in the same window where you >> started the server (when it gets to the debugger line that is). >> >> Colin > > I get this error message: > > NoMethodError in RolesController#new > > undefined method `run_init_script'' for Debugger:ModuleI was able to fix the above error. However, I try to inspect what the value of resource is and I get this using the p command as the rails guide suggests: (rdb:1) p resource NameError Exception: undefined local variable or method `resource'' for #<VerbsController:0x1061102e0> -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
John Merlino wrote: [...]> I was able to fix the above error. However, I try to inspect what the > value of resource is and I get this using the p command as the rails > guide suggests: > > (rdb:1) p resource > NameError Exception: undefined local variable or method `resource'' for > #<VerbsController:0x1061102e0>The error means just what it says. You haven''t defined "resource" at that point in your code. Try using the l command in the debugger to make sure you''re where you think you are. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Marnen Laibow-Koser wrote:> John Merlino wrote: > [...] >> I was able to fix the above error. However, I try to inspect what the >> value of resource is and I get this using the p command as the rails >> guide suggests: >> >> (rdb:1) p resource >> NameError Exception: undefined local variable or method `resource'' for >> #<VerbsController:0x1061102e0> > > The error means just what it says. You haven''t defined "resource" at > that point in your code. Try using the l command in the debugger to > make sure you''re where you think you are. > > > Best, > -- > Marnen Laibow-Koser > http://www.marnen.org > marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.orgI''m confused when I do this: (rdb:5) p read_authorized?(resource) true It returns a value of true. But it''s undefined? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
John Merlino wrote: [...]> > I''m confused when I do this: > (rdb:5) p read_authorized?(resource) > true > > It returns a value of true. But it''s undefined?No. Based on what you''ve said, resource is undefined, but read_authorized? Is written in such a way that if it is passed an undefined argument, it returns true. Why? I don''t know. Step through with the debugger to see what''s going on. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Rob Biedenharn wrote:> On Jan 22, 2010, at 1:02 PM, John Merlino wrote: > >> >> Is there any kind of debugging feature I can run to see what gets >> passed >> into resource in this specific instance. >> >> Also, user_read_authorized? is not defined anywhere else in >> application. >> Is that legal in rails? Can someone just define :user_read_authorized? >> and it mean something? >> >> Thanks for any suggestions > > As to the second part of your question, it is perfectly "legal" to > define your own method names and the behavior that you expect. In this > case, it seems like a resource (probably a model) is presumed to be > readable (true) unless the resource has defined its > own :user_read_authorized? method that takes a user and supplies a > particular answer (and if a login has not been required, current_user > might be false). > > Shame on you if your method names don''t make sense, of course. ;-) > > -Rob > > Rob Biedenharn http://agileconsultingllc.com > Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.orgdef read_authorized?(resource) if resource.respond_to? :user_read_authorized? resource.user_read_authorized? current_user else true end end So Ruby has a function called respond_to? that can be used to seeing if a particular class or object has a method with a certain name. So if the resource (e.g. record 1 of Users table) is readable (true) unless the resource has defined its own :user_read_authorized? method. If it does have a :user_read_authorized? method, then we take the user (resource.user_read_authorized?(current_user)) and evaluates it against the method. So if the method requires user to be logged in and have a role 6, then if current_user is logged in but has a role 5, then we return false. Otherwise (else) we return true, which means the user will have access to the page. Is this what you were saying Rob? Also, would the next step to prevent the user from accessing, let''s say, the edit action of User page be to define :user_read_authorized? So basically assign user_read_authorized role priveleges so it can test it against the priveleges of current_user (the currently logged in user). Any responses would be greatly appreciated. I been on this all day. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jan 22, 2010, at 5:44 PM, John Merlino wrote:> Rob Biedenharn wrote: >> On Jan 22, 2010, at 1:02 PM, John Merlino wrote: >>> >>> Is there any kind of debugging feature I can run to see what gets >>> passed >>> into resource in this specific instance. >>> >>> Also, user_read_authorized? is not defined anywhere else in >>> application. >>> Is that legal in rails? Can someone just >>> define :user_read_authorized? >>> and it mean something? >>> >>> Thanks for any suggestions >> >> As to the second part of your question, it is perfectly "legal" to >> define your own method names and the behavior that you expect. In >> this >> case, it seems like a resource (probably a model) is presumed to be >> readable (true) unless the resource has defined its >> own :user_read_authorized? method that takes a user and supplies a >> particular answer (and if a login has not been required, current_user >> might be false). >> >> Shame on you if your method names don''t make sense, of course. ;-) >> >> -Rob >> >> Rob Biedenharn http://agileconsultingllc.com >> Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org > > def read_authorized?(resource) > if resource.respond_to? :user_read_authorized? > resource.user_read_authorized? current_user > else > true > end > end > > So Ruby has a function called respond_to? that can be used to seeing > if > a particular class or object has a method with a certain name. So if > the > resource (e.g. record 1 of Users table) is readable (true) unless the > resource has defined its own :user_read_authorized? method. If it does > have a :user_read_authorized? method, then we take the user > (resource.user_read_authorized?(current_user)) and evaluates it > against > the method. So if the method requires user to be logged in and have a > role 6, then if current_user is logged in but has a role 5, then we > return false. Otherwise (else) we return true, which means the user > will > have access to the page. > > Is this what you were saying Rob?Yes, that''s a good restatement of what I said/meant.> Also, would the next step to prevent the user from accessing, let''s > say, > the edit action of User page be to define :user_read_authorized? > So basically assign user_read_authorized role priveleges so it can > test > it against the priveleges of current_user (the currently logged in > user). > Any responses would be greatly appreciated. I been on this all day.Well, you could, but that''s probably better as something you do in the controller (perhaps by defining a local version of authorized? if you''re using a restful_authentication work-alike. If you''re not building a plugin for widespread use, you could just do the test "directly": class User def can_read(other) return false unless other.is_a?(User) self.role > other.role end end Then in your controller''s edit action def edit if @other = User.find_by_id(params[:user_to_edit_id]) if current_user.can_read(@other) # do regular stuff (render, etc) else flash[:error] = "you can''t read that user" redirect_to some_url end else flash[:error] = "can''t find that user" redirect_to some_url end end Season to taste. ;-) -Rob Rob Biedenharn http://agileconsultingllc.com Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Seemingly Similar Threads
- invalid geometry string in change_geometry
- Where did this value in a form come from?
- rescue_from ActionController::RoutingError II
- tips on how to write a controller test for models associated with currently logged in user
- Resyful authenticatio current_user in model