similar to: Secure but elegant destruction method

Hi all, I''ve put new code into my app so that an administrator will have extra privileges (administer users, edit pages). The error is: ''Couldn''t find User without an ID'' So the app is looking for a logged in user when the homepage is accessed. Heres my code: site/index view: <% if is_logged_in? and logged_in_user.has_role?(''Moderator'')

Hi all, I am using rails v.2.3.2 and if I put following line to my ApplicationController: include LoginSystem and I moved my login_system.rb to lib folder: module LoginSystem protected def is_logged_in? @logged_in_user = User.find(session[:user]) if session[:user] end def logged_in_user return @logged_in_user if is_logged_in? end def logged_in_user=(user) if

I have multiple roles in my application. Now I want to block a method for all users except the administrator and a manager. When I do this: before_filter (:check_administrator_role), :only => [:administration] before_filter (:check_taskmanager_role), :only => [:administration] The user must have both roles. How can I change that to an "OR" combination? -- Posted via

Hi, I am trying to create a basic form in which I want one of the fields initialized before displaying it. My code (in a view) is as follows: <% if ( session[:user_id] != nil ) then logged_in_user = User.find(session[:user_id]) end %> <% form_for :suggestion do |form| %> <label for="suggestion_title">Topic:</label><br/> <%=

Hello everyone, I am following the Practical Rails: Social Networking sites book. In chapter 7 photo gallery I am getting a NoMethodError in Pages#show Showing layouts/_menu.rhtml where line #12 raised: undefined method `new_entry_path'' for #<ActionView::Base:0x52fa56c> Extracted source (around line #12): 9: <% if is_logged_in? %> 10:

Hi,- I have a main page with a search box. When the user enters a query and hits "Search" I want to redirect him to another page (another controller with a search action), and display the results on that page. My form looks like this: <% form_tag({:controller => "projects", :action => "search"}, :method => "get") do %> <label

Hello! I have certain methods in my Application Controller, that I need to access. Namely ApplicationController#logged_in_user The problem is, that when I try to access it, I get: NoMethodError: protected method `logged_in_user'' called for #<AdminController> Any ideas how I can circumvent that? Or are functional tests really not suited for any kind of logins and session work?

I''m trying to create a simple authentication system but am failing miserably. I''m (sort of) following the "Logging In" chapter of the Agile book. Ideally, any access to http://example.com/publish (and any of its subdirectories) should redirect to http:/example.com/publish/login when there is no valid session user_id. Code so far:

Hello everyone, I was trying to set up access control in a new application Im working on, I''m trying to use the excellent authorization plugin from Bill Katz, Its pretty straight forward to setup and should be to use. But when i try to give the same permission on two differents users on the same object i get an error. (Well , Im kinda new to all this rails stuff) r = Red.find(1) u1 =

Can I make my model methods aware of the context (preferably instance variables) where they are run, without having to pass them arguments? The app in question should be time zone aware, so something like user.events[0].starts_in should check against @logged_in_user.now rather than Time.now. I could send the user as an argument (user.events[0].starts_in(:timezoned => @logged_in_user)),

Still new to Specs... How do I create a spec to test a model method? Specifically, here is my spec: #testing model describe User do it "should have many user roles" do User.reflect_on_association(:user_roles).should_not be_nil end it "should have many roles though user roles" do User.reflect_on_association(:roles).should_not be_nil end it "should know

I''m dynamically generating menu options based on the currently logged in user: current_user. My menus are setup on the applicatin.rhtml file. The current_user is defined in the application controller. But, attempting to assign it a value while in the application controller results in an ''undefined method'' error. ApplicationController .... def current_user @cu =

i got two controller (with restful actions) where my code is quite ugly and not very dry. every action looks quite like this: if @logged_user.has_role?("admin") User.find(params[:id) else @logged_user.group.user.find(params[:id]) this is a security check that enforce a simple spec: normal user should read/write information only about their group''s users, but

Hello! I was wondering, sometimes I raise an exception in my Rails apps, e.g.: raise SecurityError unless @post.user == logged_in_user Now: is there any way to catch that SecurityError exception somewhere and render a custom template? E.g., I want to render ''app/views/content/security_error.rhtml'' Does anyone know how to do this? Thanks a bunch, Rob

I know its probably doesnt sound right, but I am trying to call a before_filter method that will check whats the user role and then based on that return a string / hash / array to the before_filter something like this: class MonqiClassesController < ResourceController::Base before_filter :check_user_access_level , grant_access def check_user_access_level if

I''ve been getting some good feedback on the Authorization plugin (http://www.writertopia.com/developers/authorization). Josh Susser suggested I use exclamation marks when I''m setting roles. The basic ways of setting roles uses the #has_role, #has_no_role, #accepts_role, and #accepts_no_role methods: user.has_role ''site_admin'' user.has_role

I''m trying to jump on the TDD/BDD bandwagon, but am having trouble understanding how i should mock my user. The user has a habtm relationship to a roles model (acl_system2 plugin), but I''m not sure how to tell rspec about a model. My code: describe UsersController do integrate_views before(:each) do @user = mock_model(User)

Can you use sessions in layered dispatching? I used them in direct dispatching without any problems, but switching to layered throws an error (saying session doesn''t exist). Sorry if this is a double post, Google Groups isn''t posting my message for some reason. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this

Hi, try adding some alias analysis to the pipeline: see examples in llvm/test/Analysis/MemorySSA/*.ll for example assume.ll has ; RUN: opt -aa-pipeline=basic-aa -passes='print<memoryssa>,verify<memoryssa>' without basic-aa the memory ssa will safely assume that the stores to %a and %d alias which may be proven disjoint by one of the alias analyses. On Thu, Aug 9, 2018 at 8:37

hi all, i have the following controller: class UserController < ApplicationController . . . def login @user = User.new(params[:user]) @logged_in_user = @user.try_to_login if @logged_in_user session[:user_id] = @logged_in_user.id else flash[:notice] = "ung&uuml;ltige Daten!" end end . . . end with this rjs template: login.rjs: if @logged_in_user