similar to: restrict specific model columns per user

Hiall, I would be very interested in your opinions on the ModelSecurity plugin by Bruce Perens. http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html Some time ago, I read on a few pages that it is the way to go, on this list however, I didn''t read much about it. Apart from it''s security level, quoted from comments in source code: # FIX: At the moment we only support

Hi, I''m building an application which is going to require quite fine grained access control. Deciding if a user is allowed to access an action will probably require checking quite number of different rules, so a simple role-based system won''t be flexible enough. The approach I think I will try first is, if it''s possible, to ignore permission issues inside the

I just saw a mention here of LoginEngine, which I hadn''t heard of before. Last week when I was digging for user-account sample code for my web-app, I instead found the LoginGenerator and started using that: http://wiki.rubyonrails.com/rails/pages/LoginGenerator Is one of these preferred over the other? From skimming the API docs, it does seem that LoginEngine has more features,

I''d like to always add a condition to any version of "find" (e.g. Thing.find(), Thing.find_by_name(), Thing.find_by_whatever) so that in addition to whatever conditions are set, an additional condition is set :conditions=>"user_id=#{current_user.id}" I''d like to make sure that a user only sees/edits/creates entries in the database that have the user_id

Hi group, I was wondering if anyone more experienced could help me to find a good pattern for two things: 1. How to group controllers. Example: We have an admin panel with: user_managment_controller.rb priv_managment_controller.rb widget_controller.rb User panel with: mystuff_controller.rb mytags_controller.rb profile_controller.rb And frontend with: widget_controller.rb etc... How do I group

Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What

Hi, I''m looking to create an online internet community for managing user profiles and other data. Thus, I would need that has the following features: o authentication - protect individual member pages/directories o session management o retrieve and reset passwords In short, I''m looking to create an online community. Thus, can someone direct me to a plugin(s) for

Modelsecurity aims to provide access control within the data model so that it becomes easy & efficient to specify read or write access to individual fields. It has one of those "why didn''t I think of that?" designs which make a lot of sense. Has anyone else tried using the latest release of ModelSecurity? What has been your experience? Home

Hi all, I''m posting this in the hope that someone who understands rails dependencies can shed some light. I''ve implemented a "ModelSecurity" module in the vein of Bruce Peren''s old ModelSecurity plugin (http://rubyforge.org/projects/model- security/). My ModelSecurity module lives in $RAILS_ROOT/lib. It is automatically included into ActiveRecord::Base by a

I''m trying to install Bruce Perens'' ModelSecurity gem, but it keeps asking me if I want to install rails too (I have already installed rails). It exits if I say no and crashes if I say yes: C:\>"c:\ruby\bin\ruby.exe" "c:\ruby\bin\gem" install model_security_generator Attempting local installation of ''model_security_generator'' Local gem

I want to setup an api for my web app, but i had a few question on the best way to do this. I was hoping for some input from you experienced individuals and rails rock stars. 1) Is there a way to implement a login in feature so that api methods cant be called without proper authorization? This is so i can log activity and use of the api from different people and so -------------- next part

Hello Guys, I am looking to extend/create a file system that span networks/device of any kind, shape and manner :) Check out http://www.insync.za.net/openufs/ (also on http://openufs.sourceforge.net - but Iam not here to adv. the site !) I would like to know, where can I find what EXT3 will write to the disk, how it works etc. Surely EXT3 will write something like this : Block 0 - (1024 bytes)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all! I'm trying to connect to ekiga.net through a client connected to my Asterisk server. For it I am being based on this [1] document. Next I put the configurations that I am using. /etc/asterisk/sip.conf: ; Outgoing to ekiga.net [ekiga] type=friend username=MyUser secret=MyPass host=ekiga.net canreinvite=no qualify=300 nat = yes stunaddr =

Hi, At Rs6000/AIX-4.3.3 the rsync-2.5.5 works ok when make local connections or I use -e rsh or -e ssh for remote connections, like: (OK) ./rsync -vacz . /user (OK) ./rsync -vacz -e rsh . user@10.4.2.199:user (OK) ./rsync -vacz -e ssh . user@10.4.2.199:user but with standart remote rsync without -e (NOK) ./rsync -vacz . user@10.4.2.199::user returns: rsync: failed to connect to 10.4.2.199:

Hi all! I have come into a strange issue in Rails that I am hoping someone can shed some light. To make a very long story short, I have been researching how to override ActiveRecord::Base#read_attribute and write_attribute to perform security checks at the model level (influenced by the ModelSecurity generator). Shortly after implementing some code to check this behavior, I began to

I''m impressed by the latest release of wxRuby2! Thanks to all the developers who worked on making this possible. It''s great to have wxWidgets working with Ruby - and the new sample programs are a tremendous help. There is a 700+ page book on wxWidgets - Cross-Platform GUI Programming with

Am 04.05.2015 um 21:04 schrieb Santiago Vila: > Greetings. > > Thanks to Jelmer Vernooij, who has just uploaded version 2.2.16 for > Debian unstable, I can confirm that this bug may still be reproduced > in version 2.2.16, so it has *not* been fixed yet. > > Several months ago I was told "I can't reproduce it in dovecot hg", or > something like that. Well,

This dependence is undesirable and logically incorrect. It''s undesirable because Xen network protocol should not depend on a OS-specific constant. It''s incorrect because the ring slots required doesn''t correspond to the number of frags a SKB has (consider compound page frags). This patch removes this dependence by correctly counting the ring slots required.

Hi, On 05/04/15 10:59, Timo Sirainen wrote: > On 28 Apr 2015, at 23:49, Nagy, Attila <bra at fsn.hu> wrote: >> Hi, >> >> imapc does a lot of UID FETCH $UID (BODY.PEEK[]), which is nice, because it works even with the dumbest IMAP server, altough it really kills performance, especially on high latency lines. >> >> I wonder: if IMAP servers can effectively

On 05/05/2015 05:26 PM, Santiago Vila wrote: > I have just verified with IMAP commands. This is the procedure: > > telnet localhost 143 > > and then type this: > > A0001 CAPABILITY > A0002 LOGIN "bluser" "bluser" > A0003 SELECT "inbox-b" > A0004 EXPUNGE > A0005 FETCH 1:12 RFC822.SIZE > A0006 FETCH 1 RFC822.HEADER > A0007 FETCH