>From what I can tell I am after that, but there does appear to be a list view >action display change after the version I have. I will update to the latest >version and test there.
Michael On Jan 20, 2011, at 12:04 AM, vhochstein wrote: > Hi Michael, > > Thanks a lot. > Can you please make sure that you are using a version of > activescaffold later than this commit: > https://github.com/vhochstein/active_scaffold/commit/881e8d183feb4243f1268b6b6ec062e38f81454f > > -- > Volker > > On Jan 19, 5:56 pm, Michael Latta <[email protected]> wrote: >> Thanks for looking at these. >> >> class User < ActiveRecord::Base >> validates_lengths_from_database >> >> devise :database_authenticatable, :authentication_keys => [:login_name] >> devise :trackable, :validatable, :lockable, :timeoutable >> >> # Setup accessible (or protected) attributes for your model. Protected >> # is being used here because solving a security problem at the model layer >> seems >> # wrong to me. The solution is to avoid mass-assignment from user provided >> # data for anything sensitive, and for unvalidated keys. >> attr_protected :encrypted_password, :password_salt >> >> #acts_as_audited :except => [:password_encrypt, :salt] >> >> validates :login_name, :presence => true, :uniqueness => true >> validates :location, :presence => true, :if => lambda { roles.detect { | r >> | r.role_name =~ /Location/ }} >> validates :roles, :presence => true >> validates :default_language, :presence => true >> validates :password_confirmation, :presence => true, :on => :create >> >> has_and_belongs_to_many :roles >> belongs_to :location >> belongs_to :default_language, :class_name => "Language" >> >> def to_label >> self.login_name >> end >> >> def has_role?(name) >> self.roles.detect { | r | r.role_name == name } >> end >> >> def admin? >> self.has_role? "System Modeler" >> end >> >> def programmer? >> self.has_role? "Programmer" >> end >> >> def authorized_for_delete? >> puts "Testing for delete security" >> # anonymous users may never destroy these/this records >> return false unless current_user >> # unless it's an existing record and a 'permanent' flag has been thrown >> return current_user.admin? || current_user.programmer? >> end >> >> def self.authorized_for_create? >> puts "Testing for create security" >> # anonymous users may never destroy these/this records >> return false unless current_user >> # unless it's an existing record and a 'permanent' flag has been thrown >> return current_user.admin? || current_user.programmer? >> end >> >> def authorized_for_update? >> puts "Testing for update security" >> # anonymous users may never destroy these/this records >> return false unless current_user >> # unless it's an existing record and a 'permanent' flag has been thrown >> return current_user.admin? || current_user.programmer? >> end >> >> def authorized_for_set_password? >> puts "Testing for set_password security" >> # anonymous users may never destroy these/this records >> return false unless current_user >> # unless it's an existing record and a 'permanent' flag has been thrown >> return current_user.admin? || current_user.programmer? >> end >> end >> >> class UsersController < SecureController >> before_filter :clear_page_status >> >> # Custom action to return the form for updating the password of a user >> def edit_password >> render :layout => false >> end >> >> # Modify the password for a user >> def set_password >> @record = User.find(params[:id]) >> if @record && current_user && (current_user.admin? || >> current_user.programmer?) >> @record.password = params[:password] >> @record.save! >> flash[:notice] = 'Password Set' >> else >> flash[:alert] = 'Unable to set password' >> end >> end >> >> # Setup the UI for the controller using ActiveScaffold config settings >> active_scaffold :User do | config | >> config.columns.add :password >> config.columns.add :password_confirmation >> infer_validations config >> config.columns[:email].required = true >> config.columns[:enabled].required = false >> config.columns[:password_confirmation].required = true >> config.list.sorting = {:login_name => :asc} >> config.columns.each { | c | c.weight = 1000 } >> config.columns[:login_name].weight = 100 >> config.columns[:email].weight = 200 >> config.columns[:enabled].weight = 300 >> config.columns[:location].weight = 500 >> cols = [:updated_at, :created_at, :encrypted_password, :password_salt, >> :password, :password_confirmation] >> config.list.columns.exclude cols.concat([:current_sign_in_ip, >> :current_sign_in_at, :last_sign_in_ip, :last_sign_in_at]) >> config.show.columns.exclude cols >> config.show.columns.add_subgroup 'Contact' do | group | >> group.add :first_name >> group.add :last_name >> group.add :email >> group.add :contact_phone >> end >> config.show.columns.add_subgroup 'Last Login' do | group | >> group.add :last_sign_in_ip >> group.add :last_sign_in_at >> end >> config.show.columns.add_subgroup 'Current Login' do | group | >> group.add :current_sign_in_ip >> group.add :current_sign_in_at >> end >> config.update.columns.add_subgroup 'Contact' do | group | >> group.add :first_name >> group.add :last_name >> group.add :email >> group.add :contact_phone >> end >> config.create.columns.add_subgroup 'Contact' do | group | >> group.add :first_name >> group.add :last_name >> group.add :email >> group.add :contact_phone >> end >> config.columns[:default_language].form_ui = :select >> config.columns[:location].form_ui = :select >> config.columns[:roles].form_ui = :select >> cols = [:current_sign_in_at, :current_sign_in_ip, :failed_attempts, >> :last_sign_in_ip, >> :last_sign_in_at, :encrypted_password, :password_salt, :locked_at] >> config.create.columns.exclude cols >> config.update.columns.exclude cols >> config.update.columns.exclude [:password, :password_confirmation] >> config.action_links.add :password, :label => 'Password', :position => >> :after, >> :type => :member, :page => false, :controller => 'users', :action => >> 'edit_password' >> config.columns[:default_language].clear_link >> config.columns[:roles].clear_link >> config.columns[:location].clear_link >> end >> end >> >> On Jan 19, 2011, at 12:33 AM, vhochstein wrote: >> >>> Hi Michael, >> >>> can you please post your model and controller. >> >>> -- >>> Volker >> >>> On Jan 19, 5:06 am, Michael Latta <[email protected]> wrote: >>>> I am using the rails 3 jquery fork and not seeing the actions disabled >>>> when the security methods indicate they should. The operations are >>>> failing because of the security methods so they are being called by the >>>> operations, but not being used in controlling the actions. Currently I >>>> only have Model methods, do I need controller methods in addition? >> >>>> Michael >> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "ActiveScaffold : Ruby on Rails plugin" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group >>> athttp://groups.google.com/group/activescaffold?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
