similar to: Problems using the authorization plugin from Bill Katz

Still new to Specs... How do I create a spec to test a model method? Specifically, here is my spec: #testing model describe User do it "should have many user roles" do User.reflect_on_association(:user_roles).should_not be_nil end it "should have many roles though user roles" do User.reflect_on_association(:roles).should_not be_nil end it "should know

I''m dynamically generating menu options based on the currently logged in user: current_user. My menus are setup on the applicatin.rhtml file. The current_user is defined in the application controller. But, attempting to assign it a value while in the application controller results in an ''undefined method'' error. ApplicationController .... def current_user @cu =

i got two controller (with restful actions) where my code is quite ugly and not very dry. every action looks quite like this: if @logged_user.has_role?("admin") User.find(params[:id) else @logged_user.group.user.find(params[:id]) this is a security check that enforce a simple spec: normal user should read/write information only about their group''s users, but

Hi i am getting following error ActiveRecord::StatementInvalid in Blog#index Showing app/views/blog/index.rhtml where line #10 raised: Mysql::Error: #42S22Unknown column ''posts.user_id'' in ''where clause'': SELECT * FROM posts WHERE (posts.user_id = 4) Extracted source (around line #10): 7: <div class="separator">&nbsp;</div> 8:

Hi,- I am looking for a clean and secure way for an ActiveRecord instance to delete itself. Say I have a User model in my app. Then the destructive action would be /users/user_id/destroy. If this action is not secured by a filter like: (*) before_filter :check_administrator_role, :only => :destroy then any user could potentially log in and start issuing: /users/1/destroy /users/2/destroy .

Hello everyone! I want to have login field in User model which is set only once (on create), and then it should fail validation if the value is changed. How can I do this? I dig around for validation and tried def after_validation_on_update unless User.find_by_login(:login) errors.add(:login, "is immutable. You can''t change it") end end in model, but somewhat it

I''m lost on regular expressions to begin with... I''m trying to fix a value to one of 4 radio buttons as there will be value of either 1,2,3 or 4 in @roles_users... <TD><input type="radio" id="roles" name="case_managers[case_manager_name]" value="Case Manager Admin" <% if =~ @roles_users /1/ checked =

I know its probably doesnt sound right, but I am trying to call a before_filter method that will check whats the user role and then based on that return a string / hash / array to the before_filter something like this: class MonqiClassesController < ResourceController::Base before_filter :check_user_access_level , grant_access def check_user_access_level if

Hi all, I''ve put new code into my app so that an administrator will have extra privileges (administer users, edit pages). The error is: ''Couldn''t find User without an ID'' So the app is looking for a logged in user when the homepage is accessed. Heres my code: site/index view: <% if is_logged_in? and logged_in_user.has_role?(''Moderator'')

Class Role has_and_belongs_to_many :users Class User has_and_belongs_to_many :roles Class RolesUsers has_and_belongs_to_many :roles has_and_belongs_to_many :users According to the logs...I''m good through here @roles_users = RolesUsers.find(:all, :conditions => ["user_id = ?", params[:users_id]] ) the next section of controller code is a problem...

I''m a rails newb and have been Googling about this, but I''m still stumped. Not showing everything here, but basically it should be a pretty common setup so I''m sure others know what I''m doing wrong. - A meter can belong to many meter_groups - A meter_group can have many meters. - A user can ''subscribe'' to viewing a meter_group (Subscription)

I have multiple roles in my application. Now I want to block a method for all users except the administrator and a manager. When I do this: before_filter (:check_administrator_role), :only => [:administration] before_filter (:check_taskmanager_role), :only => [:administration] The user must have both roles. How can I change that to an "OR" combination? -- Posted via

I''ve been getting some good feedback on the Authorization plugin (http://www.writertopia.com/developers/authorization). Josh Susser suggested I use exclamation marks when I''m setting roles. The basic ways of setting roles uses the #has_role, #has_no_role, #accepts_role, and #accepts_no_role methods: user.has_role ''site_admin'' user.has_role

I admit I am stuck. I am converting a legacy php site to ROR. The old site uses MD5, a security flaw waiting to happen. I upgraded to AAA and am adding code in the session_controller.rb file to see if crypted_password is blank. If it is, crypt and check the password against the old md5 version and write it in the new crypted_password field. Here is my code add on before the logged_in?: def

I''m trying to jump on the TDD/BDD bandwagon, but am having trouble understanding how i should mock my user. The user has a habtm relationship to a roles model (acl_system2 plugin), but I''m not sure how to tell rspec about a model. My code: describe UsersController do integrate_views before(:each) do @user = mock_model(User)

I have what I hope is a simple question regarding a security practice I''ve been using in my first Rails app. I want to know if it''s worthwhile or if the extra typing isn''t worth it. I have 3 models that are related to each other. class User < AR:Base has_one :library end class Library < AR:Base belongs_to :user has_many :items end class Item < AR:Base

I''m making a simple questionnaire app using RoR. I''ve got a model for Questions, a model for Answers, and a third model, Qa, for matching each question to five possible answers through foreign keys. So, each qa has a question and five answers , a1-a5, through belongs_to and a :foreign_key, and then a selected_answer field for specifying which answer was selected by the user. The

Dear list, I am in the process of writing on an app with is already running. I need to create a couple of structural database changes for which I use migrations. However I want to be absolutely sure I do not destroy any existing data. So RSpec is the way to go! Or so I thought. 1. dropped the test database. 2. create the database. 3. migrate to the version just before the critical migration

Hi guys, I have the strangest thing happening. The funny part is its doing exactly what I want to do, I just don''t understand how. Basically here is my model. class Role < ActiveRecord::Base has_and_belongs_to_many :users has_and_belongs_to_many :rights def self.names names = Array.new() for role in Role.find :all names << role.name end return

i got the rails recipes book, i have now an auth system for users without problems, now i want to made a role based acces for my app, im following the "Role Based Authorization" recipe of the book but i cant make it to work even when the tables created and correctly added data manually definig the roles and rights. als i dont know how to define a right for use all the actions in a