similar to: Experiences with ModelSecurity

Modelsecurity aims to provide access control within the data model so that it becomes easy & efficient to specify read or write access to individual fields. It has one of those "why didn''t I think of that?" designs which make a lot of sense. Has anyone else tried using the latest release of ModelSecurity? What has been your experience? Home

Hi all, I''m posting this in the hope that someone who understands rails dependencies can shed some light. I''ve implemented a "ModelSecurity" module in the vein of Bruce Peren''s old ModelSecurity plugin (http://rubyforge.org/projects/model- security/). My ModelSecurity module lives in $RAILS_ROOT/lib. It is automatically included into ActiveRecord::Base by a

Hi, I''m building an application which is going to require quite fine grained access control. Deciding if a user is allowed to access an action will probably require checking quite number of different rules, so a simple role-based system won''t be flexible enough. The approach I think I will try first is, if it''s possible, to ignore permission issues inside the

Hiall, I just tried out InstantRails version 1.3a. After a virgin install and filling the fresh mysql db with my app schema, I tried runningthe app with webrick, only to see the infamous "Lost connection to mysql server" for every action. What is it that I''m doing wrong? I also have mysql 5 installed on my machine, but the service is stopped while experimenting with

Hiall, I want to give the action of a form an additional parameters but can''t figure out how to do it. My code looks like this <%= start_form_tag :action => ''create'', next_step => true %> <%= render :partial => ''user_form'' %> <%= render :partial => ''community_form'' %> <%= submit_tag

Hiall, If I have say 10 tables that i would like to wrap up in 1 view to manipulate data inside these tables, do I then need 10 model.rb files for all 10 tables plus 1 for the view, or do I just need 1 model.rb file for the view ? cheers Martin

Hiall, Unfortunately I just can''t find out how to setup a default selected value when using collection_select. My call is like so: <%= collection_select(:consultant, :lastname, @consultants, :id, :lastname, { :selected => @current_consultant.id } ) %> which is not working, I debugged so far that I know that @current_consultant.id contains the correct value. Any tips? cheers

Hiall, Is it possible to organize my model files below app/models into subfolders? E.g. I would like to put admin related models into their own subfolder. This kind of structuring works for controllers and views (scaffolding creates the right subfolder-model mappings), but app/models always stays flat. I''d really like to be able to group my code into logical, well packages :-) Yes, I

I just saw a mention here of LoginEngine, which I hadn''t heard of before. Last week when I was digging for user-account sample code for my web-app, I instead found the LoginGenerator and started using that: http://wiki.rubyonrails.com/rails/pages/LoginGenerator Is one of these preferred over the other? From skimming the API docs, it does seem that LoginEngine has more features,

Does anyone know a way to restrict access to specific columns in the model to specific users? My plan was to use the session hash to check the permissions of the logged in user in an overridden method of the same name as the model accessor I wanted to restrict, but the model can''t acecss the session. Any other ideas? -- Posted via http://www.ruby-forum.com/.

I''d like to always add a condition to any version of "find" (e.g. Thing.find(), Thing.find_by_name(), Thing.find_by_whatever) so that in addition to whatever conditions are set, an additional condition is set :conditions=>"user_id=#{current_user.id}" I''d like to make sure that a user only sees/edits/creates entries in the database that have the user_id

Hiall, Call me stupid if you like .,) but it seems i can''t figure out how to get a named link using a combination of link_to and image_tag. What I need is basically a link displaying a name along with some image to indicate status (open,working,finished). I found no combination of link_to and image_tag that accepts a name, this seems to be solely used for making whole images into links

Hiall, When I try to run script/console from a windows command line like f:\rails_app\ruby script\console I get the following error: F:/Programme/Ruby-1.8.4/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in `require__'': no such file to load -- initializer (LoadError) from F:/Programme/Ruby-1.8.4/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:21:in `require''

Hi group, I was wondering if anyone more experienced could help me to find a good pattern for two things: 1. How to group controllers. Example: We have an admin panel with: user_managment_controller.rb priv_managment_controller.rb widget_controller.rb User panel with: mystuff_controller.rb mytags_controller.rb profile_controller.rb And frontend with: widget_controller.rb etc... How do I group

I''m trying to install Bruce Perens'' ModelSecurity gem, but it keeps asking me if I want to install rails too (I have already installed rails). It exits if I say no and crashes if I say yes: C:\>"c:\ruby\bin\ruby.exe" "c:\ruby\bin\gem" install model_security_generator Attempting local installation of ''model_security_generator'' Local gem

Hiall, I''m wondering what''s common practice when dealing with money values stored in databases. I like the idea of storing all the values as integers, i.e. all the values in eurocents not euros. Then I need to multiply all values the users enter by 100 before storing them in the database. Now the question is, what''s the most efficient and dryest way to do this?

Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What

Hiall, I want to make an image_tag from within a controller in order to be able to present a link (with a status image) in a view. Here is my controller method (in file webca_controller.rb, hence WebcaController) def untouched_status_image_tag image_tag("open", { :alt => "Offen", :title => "Offen", :size => "12x12", :class =>

Hi, I''m looking to create an online internet community for managing user profiles and other data. Thus, I would need that has the following features: o authentication - protect individual member pages/directories o session management o retrieve and reset passwords In short, I''m looking to create an online community. Thus, can someone direct me to a plugin(s) for

Hello I''ve now read a lot about application-level authentication in Rails, but I need to do database-level authentication. The reason is that my database needs to have the current_user (database current_user, not current_user defined in an ActiveRecord Model) set to execute triggers for automatically updating audit tables. So it is not enough to have a session check against a User