similar to: Rails Authorization and Security question

I''ve successfully gotten acts_as_authenticated working. Currently the before_filter line for my admin screen is like this: class AdminController < ApplicationController include AuthenticatedSystem before_filter :login_required Only issue I have now is that anyone logged in can access that screen. I''d like to differentiate between a regular user and

Hi I''m using Mocha 0.5.3 and I want to stub out a call to Time.now, just like the example in the post http://blog.floehopper.org/articles/2007/06/08/mocha-0-5-released However, trying it in irb gets me the following error: >> require ''mocha'' => true >> Time.stubs(:now).returns(Time.parse(''Thu Feb 01 00:00:00 UTC 2007'')) NoMethodError:

Hi, I just installed Rails 2.0.2 [root@mymachine easyx]# ruby --version ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-linux] [root@mymachine easyrx]# gem install rails --include-dependencies Need to update 16 gems from http://gems.rubyforge.org ................ complete Successfully installed rails-2.0.2 [root@remandev easyrx]# But I''m getting this error in my restful_authentication

i got the rails recipes book, i have now an auth system for users without problems, now i want to made a role based acces for my app, im following the "Role Based Authorization" recipe of the book but i cant make it to work even when the tables created and correctly added data manually definig the roles and rights. als i dont know how to define a right for use all the actions in a

One of these days I''ll figure this out, but in the meantime help me be a better programmer by eliminating some excess code: I''m trying to check to see if somebody trying to view/edit/update a product is the owner. In my scaffold I have this code that works: def edit @owner = Product.find(params[:id].to_i) if @owner.user_id == @user.id @product =

I am using the the authorization recipe outlined in Rails Recipes.Is it possible for one role, say ''admin'', to have access to every action on every controller without explicitly having to create a Right for each? I know this will not work as is, and to force it to do so would violate MVC, but is there some other way to accomplish having something like this in a controller:

Hi I am the newbie to both Django as well as ROR.... Which one i have to choose as my carrier one.... And what is the main difference.... Djkango in Python & It is in Ruby.. which one is best to easy learn and about security Thank you... -- WithRegards... K.Ramkumar Blog at http://fallinlinux.wordpress.com/ contact : 97915 89522

Hey All, Just started to play around with rails a bit today by creating a login system, but I''ve run into a glitch. ###user_controller.rb### class UserController < ApplicationController def login @title = "Log In" if request.post? and params[:user] @user = User.new(params[:user]) @userfind =

Slowly figuring out how to get my SaltedHashLoginGenerator stuff working. The wiki page says to put "before_filter :login_required" in the user (my "user" is "member") controller or in ApplicationController. However, wherever I put it I get NoMethodError. The rest of the SHLG stuff seems to be working... or at least I could get to the signup page, register, and

Hello list, I have an app that has a very simple authorization scheme. A person can have many roles and roles can have many people. In my app, I''d like to do before_filter :login_required (since no role name is provided, it accepts any users with credentials) before_filter :login_required ("administrator") (only accepts those with role administrator) before_filter

Hi. I am working on a generic authentification system for rails (more complete than the login generator). The way it works is you call a method inside your action, passing the domain as a parameter (domains are like a group of users with specific rights). For that purpose, I need to exit the action inside this method because it redirects to a login page if that person isn''t

What do I need to do to be able to use an acts_as_authenticated current_user in a model? Is there some sort of include or require I can do some where that would allow this? ********************************************************** Here is what I am trying to do: ********************************************************** class Setting < ActiveRecord::Base before_create :created_by_user #

Hi there I am wondering if we can use before_filter in the form of :action OR :action what i want to do is to implement one of the actions, if the first failed, then go to the second when i use before_filter :action1 before_filter :action2 each method will run them, my case is that i want to check if one of them is true and not both any idea?

I''m using Shoulda and restful_authentication on Rails3 and whenever I run my tests a before filter for login_required is always triggered, despite my filter being set up as: before_filter :login_required, :only => [:update, :edit, :suspend, :unsuspend, :destroy, :purge] My test is this: context ''A guest to the site'' do context ''on GET to

I have been scratching my head on this one for most of the day. Hopefully someone can help explain why before_filter isn''t working for my codes. In my Application controller, I have this: before_filter :login_required, :except => [:newacct, :create_newacct, :passwd_reset ] def login_required unless session[:user_id] flash[:notice] = "Please log in"

Hello all, Any help with this one is MUCH appreciated. I am running Ruby 1.84 and Rails 1.1.0 on Win32 with a local SMTP server. I can successfully send a signup confirmation email with a confirmation link, but when I click on the link, it says that I am logged in, but it never verifies the account. This is the link provided by the system:

Im completely stuck on Role-Based Authorization (I used the rails recipe method) (user_controller.rb) def login return if generate_blank @user = User.new(@params[''user'']) if @session[''user''] = User.authenticate(@params[''user''][''login''], @params[''user''][''password''])

Is there a way to authenticate with an IP address? I''m using the LoginGenerator, but would like to bypass the "before_filter :login_required " if a user is in a correct IP range... Anyone know of a solution? Thanks! -- Posted via http://www.ruby-forum.com/.

Hi all, I feel like I''m missing something really easy and I''m just not seeing it. I''m using the restful_authentication plugin and have a User model. Uesr has_many :things and Thing belongs_to :user. That''s it. I did a "script/generate rspec_scaffold thing" to generate all the necessary bits. The "rake db:migrate" to create the db. At

Good morning rspec people! Still rspec nuby: I must do something wrong obviously. How can I spec about redirect_to at ApplicationController describe ApplicationController do it "method login_required should redirect to home path without login" do pending "I tried to use controller.login_required.should be_redirected and got NoMethodError with nil object