Updating to the latest version resolved the issue. Thanks, Michael
On Jan 20, 2011, at 11:33 AM, Michael Latta wrote: > From what I can tell I am after that, but there does appear to be a list view > action display change after the version I have. I will update to the latest > version and test there. > > Michael > > On Jan 20, 2011, at 12:04 AM, vhochstein wrote: > >> Hi Michael, >> >> Thanks a lot. >> Can you please make sure that you are using a version of >> activescaffold later than this commit: >> https://github.com/vhochstein/active_scaffold/commit/881e8d183feb4243f1268b6b6ec062e38f81454f >> >> -- >> Volker >> >> On Jan 19, 5:56 pm, Michael Latta <[email protected]> wrote: >>> Thanks for looking at these. >>> >>> class User < ActiveRecord::Base >>> validates_lengths_from_database >>> >>> devise :database_authenticatable, :authentication_keys => [:login_name] >>> devise :trackable, :validatable, :lockable, :timeoutable >>> >>> # Setup accessible (or protected) attributes for your model. Protected >>> # is being used here because solving a security problem at the model layer >>> seems >>> # wrong to me. The solution is to avoid mass-assignment from user provided >>> # data for anything sensitive, and for unvalidated keys. >>> attr_protected :encrypted_password, :password_salt >>> >>> #acts_as_audited :except => [:password_encrypt, :salt] >>> >>> validates :login_name, :presence => true, :uniqueness => true >>> validates :location, :presence => true, :if => lambda { roles.detect { | r >>> | r.role_name =~ /Location/ }} >>> validates :roles, :presence => true >>> validates :default_language, :presence => true >>> validates :password_confirmation, :presence => true, :on => :create >>> >>> has_and_belongs_to_many :roles >>> belongs_to :location >>> belongs_to :default_language, :class_name => "Language" >>> >>> def to_label >>> self.login_name >>> end >>> >>> def has_role?(name) >>> self.roles.detect { | r | r.role_name == name } >>> end >>> >>> def admin? >>> self.has_role? "System Modeler" >>> end >>> >>> def programmer? >>> self.has_role? "Programmer" >>> end >>> >>> def authorized_for_delete? >>> puts "Testing for delete security" >>> # anonymous users may never destroy these/this records >>> return false unless current_user >>> # unless it's an existing record and a 'permanent' flag has been thrown >>> return current_user.admin? || current_user.programmer? >>> end >>> >>> def self.authorized_for_create? >>> puts "Testing for create security" >>> # anonymous users may never destroy these/this records >>> return false unless current_user >>> # unless it's an existing record and a 'permanent' flag has been thrown >>> return current_user.admin? || current_user.programmer? >>> end >>> >>> def authorized_for_update? >>> puts "Testing for update security" >>> # anonymous users may never destroy these/this records >>> return false unless current_user >>> # unless it's an existing record and a 'permanent' flag has been thrown >>> return current_user.admin? || current_user.programmer? >>> end >>> >>> def authorized_for_set_password? >>> puts "Testing for set_password security" >>> # anonymous users may never destroy these/this records >>> return false unless current_user >>> # unless it's an existing record and a 'permanent' flag has been thrown >>> return current_user.admin? || current_user.programmer? >>> end >>> end >>> >>> class UsersController < SecureController >>> before_filter :clear_page_status >>> >>> # Custom action to return the form for updating the password of a user >>> def edit_password >>> render :layout => false >>> end >>> >>> # Modify the password for a user >>> def set_password >>> @record = User.find(params[:id]) >>> if @record && current_user && (current_user.admin? || >>> current_user.programmer?) >>> @record.password = params[:password] >>> @record.save! >>> flash[:notice] = 'Password Set' >>> else >>> flash[:alert] = 'Unable to set password' >>> end >>> end >>> >>> # Setup the UI for the controller using ActiveScaffold config settings >>> active_scaffold :User do | config | >>> config.columns.add :password >>> config.columns.add :password_confirmation >>> infer_validations config >>> config.columns[:email].required = true >>> config.columns[:enabled].required = false >>> config.columns[:password_confirmation].required = true >>> config.list.sorting = {:login_name => :asc} >>> config.columns.each { | c | c.weight = 1000 } >>> config.columns[:login_name].weight = 100 >>> config.columns[:email].weight = 200 >>> config.columns[:enabled].weight = 300 >>> config.columns[:location].weight = 500 >>> cols = [:updated_at, :created_at, :encrypted_password, :password_salt, >>> :password, :password_confirmation] >>> config.list.columns.exclude cols.concat([:current_sign_in_ip, >>> :current_sign_in_at, :last_sign_in_ip, :last_sign_in_at]) >>> config.show.columns.exclude cols >>> config.show.columns.add_subgroup 'Contact' do | group | >>> group.add :first_name >>> group.add :last_name >>> group.add :email >>> group.add :contact_phone >>> end >>> config.show.columns.add_subgroup 'Last Login' do | group | >>> group.add :last_sign_in_ip >>> group.add :last_sign_in_at >>> end >>> config.show.columns.add_subgroup 'Current Login' do | group | >>> group.add :current_sign_in_ip >>> group.add :current_sign_in_at >>> end >>> config.update.columns.add_subgroup 'Contact' do | group | >>> group.add :first_name >>> group.add :last_name >>> group.add :email >>> group.add :contact_phone >>> end >>> config.create.columns.add_subgroup 'Contact' do | group | >>> group.add :first_name >>> group.add :last_name >>> group.add :email >>> group.add :contact_phone >>> end >>> config.columns[:default_language].form_ui = :select >>> config.columns[:location].form_ui = :select >>> config.columns[:roles].form_ui = :select >>> cols = [:current_sign_in_at, :current_sign_in_ip, :failed_attempts, >>> :last_sign_in_ip, >>> :last_sign_in_at, :encrypted_password, :password_salt, :locked_at] >>> config.create.columns.exclude cols >>> config.update.columns.exclude cols >>> config.update.columns.exclude [:password, :password_confirmation] >>> config.action_links.add :password, :label => 'Password', :position => >>> :after, >>> :type => :member, :page => false, :controller => 'users', :action => >>> 'edit_password' >>> config.columns[:default_language].clear_link >>> config.columns[:roles].clear_link >>> config.columns[:location].clear_link >>> end >>> end >>> >>> On Jan 19, 2011, at 12:33 AM, vhochstein wrote: >>> >>>> Hi Michael, >>> >>>> can you please post your model and controller. >>> >>>> -- >>>> Volker >>> >>>> On Jan 19, 5:06 am, Michael Latta <[email protected]> wrote: >>>>> I am using the rails 3 jquery fork and not seeing the actions disabled >>>>> when the security methods indicate they should. The operations are >>>>> failing because of the security methods so they are being called by the >>>>> operations, but not being used in controlling the actions. Currently I >>>>> only have Model methods, do I need controller methods in addition? >>> >>>>> Michael >>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "ActiveScaffold : Ruby on Rails plugin" group. >>>> To post to this group, send email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group >>>> athttp://groups.google.com/group/activescaffold?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "ActiveScaffold : Ruby on Rails plugin" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/activescaffold?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
