similar to: Should I use exclamation marks for methods that change associations?

Hi, I''m really new to rails, so i programmed some stuff and today i read some things about skinny Controllers, fat models. My Controllers are really fat now. So i''m asking myself how can i shrink my controllers and move the code to the models, especially in fact of REST e.g. in focus on error codes? code example: # POST /tasks # POST /tasks.xml def create @authorized

http://www.writertopia.com/developers/authorization Inching toward full release. Minor changes, now lets you set constants for redirection and store locations in environment.rb, and removal of a dumb double redirect error that was introduced during refactoring. Also added an integration test (contributed by David Altenburg) that would have caught the issue. The authorization plugin provides the

Dear list, I am in the process of writing on an app with is already running. I need to create a couple of structural database changes for which I use migrations. However I want to be absolutely sure I do not destroy any existing data. So RSpec is the way to go! Or so I thought. 1. dropped the test database. 2. create the database. 3. migrate to the version just before the critical migration

Hello everyone, I was trying to set up access control in a new application Im working on, I''m trying to use the excellent authorization plugin from Bill Katz, Its pretty straight forward to setup and should be to use. But when i try to give the same permission on two differents users on the same object i get an error. (Well , Im kinda new to all this rails stuff) r = Red.find(1) u1 =

Hello list. I am a newbie with prototype, scriptaculous and with JS. Right now, I have a successful ajax call that appears in my div (thedescription) when I mouse over the link, and disappears when I click on the link. What I would like to have happen is to combine this with an effect (ie, onclick="new

Still new to Specs... How do I create a spec to test a model method? Specifically, here is my spec: #testing model describe User do it "should have many user roles" do User.reflect_on_association(:user_roles).should_not be_nil end it "should have many roles though user roles" do User.reflect_on_association(:roles).should_not be_nil end it "should know

i got two controller (with restful actions) where my code is quite ugly and not very dry. every action looks quite like this: if @logged_user.has_role?("admin") User.find(params[:id) else @logged_user.group.user.find(params[:id]) this is a security check that enforce a simple spec: normal user should read/write information only about their group''s users, but

Hi,- I am looking for a clean and secure way for an ActiveRecord instance to delete itself. Say I have a User model in my app. Then the destructive action would be /users/user_id/destroy. If this action is not secured by a filter like: (*) before_filter :check_administrator_role, :only => :destroy then any user could potentially log in and start issuing: /users/1/destroy /users/2/destroy .

I know its probably doesnt sound right, but I am trying to call a before_filter method that will check whats the user role and then based on that return a string / hash / array to the before_filter something like this: class MonqiClassesController < ResourceController::Base before_filter :check_user_access_level , grant_access def check_user_access_level if

I''m dynamically generating menu options based on the currently logged in user: current_user. My menus are setup on the applicatin.rhtml file. The current_user is defined in the application controller. But, attempting to assign it a value while in the application controller results in an ''undefined method'' error. ApplicationController .... def current_user @cu =

Hi all, I''ve put new code into my app so that an administrator will have extra privileges (administer users, edit pages). The error is: ''Couldn''t find User without an ID'' So the app is looking for a logged in user when the homepage is accessed. Heres my code: site/index view: <% if is_logged_in? and logged_in_user.has_role?(''Moderator'')

Hi, I have been using the restful_authentication plugin and the default roles setup that it came with. I have a system with 1 admin, 20-30 clients(customers) and 500+ users all of whom can login. I found that often when using certain role-based functions like user.has_role?, mysql would send an IN() query with the id of every user in the system (500+). This seemed a lot of overkill for what it was

Hello. I'm having a problem with winbind/samba-2.2.8a on Slackware linux 9.1 (glibc 2.3.2, kernel 2.4.24, gcc 3.2.3) with a user account on a Windoze NT 4.0 PDC named !schedule I always get "Access denied" from the windoze NT 4.0 box and syslog on samba box reports: domain_client_validate: unable to validate password for user _schedule in domain DOMAIN to Domain controller srvnt1.

https://bugzilla.samba.org/show_bug.cgi?id=1873 wayned@samba.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From wayned@samba.org 2004-10-05 17:19

I have multiple roles in my application. Now I want to block a method for all users except the administrator and a manager. When I do this: before_filter (:check_administrator_role), :only => [:administration] before_filter (:check_taskmanager_role), :only => [:administration] The user must have both roles. How can I change that to an "OR" combination? -- Posted via

I''m trying to jump on the TDD/BDD bandwagon, but am having trouble understanding how i should mock my user. The user has a habtm relationship to a roles model (acl_system2 plugin), but I''m not sure how to tell rspec about a model. My code: describe UsersController do integrate_views before(:each) do @user = mock_model(User)

hi all, i''m learning rspec and i can''t figure out how to test if a callback is executed in a model. my model code is: class User < ActiveRecord::Base before_save :encrypt_password ... def encrypt(password) self.class.encrypt(password, salt) end thanks a lot, cs. -- Posted via http://www.ruby-forum.com/.

I am trying to create a null object in my application. I would like to assigned a null user object for anonymous/ mot-logged-in user, i.e. if session variable has nil data. In my User model, I have created a subclass like this: class UnassignedUser < User def save false end def update false end def username "Unassigned" end def county_id

I know how to avoid SQL injection attacks when you use :conditions User.find :first, :conditions => ["login=?", params[:username]] but how about with :order, :limit or :group? # uh-oh...spaghetti-oh User.find :first, :order => "login; delete from users; select * from users" Pat --~--~---------~--~----~------------~-------~--~----~ You received this message because you

I''ve asked this before, but never got a working response. I''d like to store an object inside a binary field in my db. So I''d have a class like this class MyAwesomeClass def do_something_awesome ... end end then class MyRecord < ActiveRecord::Base end the table my_record would have a binary field, my_object, that would store an object of