Displaying 20 results from an estimated 2000 matches similar to: "how to assign edit/remove privileges for only own details and not on others?"
2010 Dec 02
8
CanCan issue when being very specific
So I got CanCan and Devise working well. I have two types of users:
Admins and Nonadmins. Admins can edit all of Nonadmins profiles.
The problem is, every user (either Admin or Nonadmin) belongs to an
Account or Organization. Admins should only be able to edit users from
their own Account or Organization. I was able to do that too.
The problem is, I can''t display the Create New User
2012 Jan 05
4
mySQL: ERROR 1045: Access denied for user 'root'@'localhost' (using password: NO)
Hello, I am using InstantRails 2.0 on windows.
When building an app,I get this error when hit the browser(Action
ControllerException caught):
Access denied for user ''root''@''localhost'' (using password: NO)
-----------------------------------------------------------------------------------------------
The database.yml file is configured like this:
# MySQL.
2011 Nov 28
4
getting a subdomain name in model.
Hi all,
I am facing problem in getting subdomain name inside the model. The
following is my setup.
I am using cancan for authorization.I wanted a specific condition in
Ability.rb ( the file which is placed in models if we install cancan gem).
Below is the condition I wanted:
=========================================================
user ||= User.new # guest user (not logged in)
if
2002 May 21
3
Controlling share create permissions
Is it possible to set default create permissions on certain directories
within a share? ie. Create files in the share [something] /folder1/ as 744
but in /folder1/subfolder/ as 777. I thought of creating two shares and
having the users manually go into the other share to save thier files, but
confusion ensued. Thanks for any help!
Ryan
2011 Jun 05
1
Cancan redirect back at AccessDenied
Hello
I have a rails 3 app and I am trying to implement the redirect back
action at access denied for cancan.
If I try this in my application_controller:
rescue_from CanCan::AccessDenied do |exception|
redirect_to :back
end
It gives the following error:
No HTTP_REFERER was set in the request to this action, so
redirect_to :back could not be called successfully. If this is a test,
make sure
2013 Feb 20
3
Complex abilities and scoping of records
I have the following scenario.
Users have various levels of ability. They can only view and edit
their own records (their profile). Their managers can only view and
edit their employees records. The regional managers can view and edit
only the people in their regions and the corporate headquarters can
view and edit all records. There are multiple regions so somebody
can be the manager of the
2012 Mar 30
1
cancan breaks scoped mass assignment
Hi all,
I just installed cancan on a new project and found out that it creates
some problems with the new scoped mass assignment features of rails 3.2
.
Basically, in my User model I create some attr_accessible attributes in
order to avoid users to edit their roles or other sensitive information.
From the administration I allow admins to edit those protected
attributes by passing
2012 Oct 09
8
unexpected should_receive behaviour
Hi,
surely I''m missing something... but what!?
in my spec I''ve
User.should_receive(:find).with("1").and_return(@user)
and in my controller
User.find(params[:id])
green light... correct...
but if I change my controller using another method, for example first:
User.first
or even
User.all
I get green light too... I was expecting an error like
expected: 1 time
2013 Nov 22
2
Cancan Rspec load_and_authorize_resource
Hello!
While running bundle exec rake, I receive following error (see in
attached file)
However, my tests are steel passing with command rspec spec/controllers/
Some info:
ads_controller.rb:
class AdsController < ApplicationController
load_and_authorize_resource except: :create
end
ads_controller_spec.rb:
require ''spec_helper''
describe AdsController do
render_views
2010 Jun 02
5
user routing versus admin routing strategies?
In an app where ordinary users are limited to viewing and editing their
own "stuff", but someone with admin privs can view and edit anybody''s
stuff, what''s the right strategy for routing?
At first blush, I''d think that an ordinary user (e.g. with id 565)
should see something like:
http://example.com/mystuff.html
... where the controller assumes
2011 Mar 02
1
Setting CanCan ability.rs model
I successfully made login system with Devise and CanCan, and I have 3
types of users. Admin, internal and global users. I created
Controllers and index actions: Admin, Cpanel, Report and State, and I
want to restrict access to this controllers for some users.
Admin user should have privilegies to access: Reports(all), State
(read), Admin (all)
Global user should have privilegies to access:
2013 Jul 09
3
routes for devise in rails4
hi all,
i am using 3 devises for 3 models in rails4.
i need routes to my devise models.the devises are client,admin,employee.
when i login into client then it will go to clients dashboard, when i
login into admin then it will go to admins dashboard, the employee also
has the employee dashboard.
if i do not enter any login then the common dashboard body message is
please signin.
please let me
2010 Oct 08
7
90% of documentation outdated?
I have been trying for a few days to set up a basic user registration/
login system with rails 3 and nearly every single piece of
documentation is outdated. Restful_authentication has several git
branches, none of which appear to result in a working installation.
All of them leave me with "could not find generator authenticated".
With Devise: "could not find generator devise"
2010 Apr 20
5
Spring Cleaning
Right now in my view, I have a whole HUGE clump of
<% if current_user %> and then <% if current_admin %> and then <% if
current_teacher %> and then all that other stuff in my view.
I have a ginourmous chunk of if and else statements in my views... is
there a way to make it prettier? The if and else''s almost all have the
same functions, expect for some minor changes.
2002 Jun 03
2
Inherited permissions problem
I am attempting to set up an inherited permissions share and cannot get it
to work.
[log]
path = /log
writeable = yes
directory mask = 0755
create mask = 0755
inherit permissions = yes
guest ok = no
public = yes
I have tried many different combinations of settings to no avail, such as
removing the create and directory masks. I may also be misunderstanding the
2008 Nov 08
8
scaffold not working like i hoped......
Hi:
i''ve tried this on three macs (tiger, panther, etc).. and my ROR is up
to date on each.
My models and controllers aren''t displaying all my mysql db fields.
When I run script/generate scaffold Planner ... it builds the
controller, model, and all the rest.
When I go to test the app and new controller, now called planners no
content is listed... and all I ever get is the
2012 Apr 05
5
rspec: identical tests fails when repeated
I''m doing RSpec controller testing with CanCan authorization, and I''m
seeing something I''ve never seen in RSpec before: the same test run
twice fails on the second one. I am NOT doing before(:all) or other
things that should cause state to persist between tests:
Here''s the relevant code:
context "POST create" do
context "with user logged
2011 Aug 09
2
Devise AssociationTypeMismatch
My site is using Devise and Cancan. Currently I have 3 roles setup
I am testing creating a new user using the following command (role is
required):
curl -H "Content-Type:application/json" -H "Accept:application/json" -
d "{\"user\":{\"email\":\"test01-J0of1frlU80@public.gmane.org\", \"role\":\"2\", \"name\":
2012 Dec 24
4
Bad idea to add/remove associations in after_find
I have 2 distinct types of users (artists and curators) in my system and
they currently share all associations (eg has_one :portfolio).
However, a curator shouldn''t have a portfolio so I would like to only
add that association when required. Obviously I could just return nil
for that method, but it doesn''t feel right having that there in the
first place.
What''s the best
2010 May 19
4
R in sandbox/jail (long question)
Hello,
I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ):
I get R scripts from users and need to execute them in in a safe manner (they are executed automatically, without human inspection).
I would like to limit the user's script to reading from STDIN and writing to STDOUT/ERR.
Specifically, preventing any kind of interaction with the underlying operating system (files,