ruby on rails - RoR help protecting my CRUD links in the views -

-

i have 4 models: 

class country < activerecord::base   has_many :postcards end  class postcard < activerecord::base   belongs_to :country   has_many :photos   has_many :tips end  class photos < activerecord::base   belongs_to :postcard end  class tips < activerecord::base   belongs_to :postcard end

the routes nested this: 

rails.application.routes.draw     resources :countrys     resources :postcards        resources :photos, :tips     end   end end

i followed crud architecture , working fine, controllers working. used private / country_params create , update controllers method. but....

now realise if deploy app, can click links in views create/edit/destroy database.

what "good practice" solution limit access?

  1. building user model me , take admin-right ?
  2. creating new set of view without crud access ?(is possible?)
  3. using admin gem (railsadmin or activeadmin) ?

to limit content on application accessed you, must implement simple authentication (who can see what) , authorization (what can see).

follow steps in tutorial implement simple authentication user model. when creating user model want add role field.

https://gist.github.com/thebucknerlife/10090014

this role field should validated such can role array of role types. include array of roles in user model , validate role of user in array. 

roles = [['admin', :admin], ['guest',:guest]]   validates :role, inclusion: { in: %w[admin guest] }

once have authentication in place (with login/sign views), can work on implementing authorization. use cancancan gem.

https://github.com/cancancommunity/cancancan

you want give access "admin" users, can define "abilities" of each user role type using gem. example: 

class ability   include cancan::ability    def initialize(user)     user ||= user.new # guest user (not logged in)     if user.admin?       can :manage, :all  # can action on objects     else       can :read, :all  # can read things can't edit them     end   end end

this give admin users rights in app, guest users read information. see cancancan docs more ways define abilities.

now, because have set abilities different roles, in controller can limit access functionality. can limit users sees. 

<% if can? :update, @item %>   <%= link_to "edit", edit_article_path(@article) %>  <% end %>

this code show "edit" button if user allowed edit item based on abilities have defined.


Comments

Post a Comment

Popular posts from this blog

java - Andrioid studio start fail: Fatal error initializing 'null' -

-
i don't know happened android studio,when start ,it shows me error message below. , try uninstall/reinstall it,but doesn't work.who can me!!! internal error. please report https://code.google.com/p/android/issues java.lang.runtimeexception: com.intellij.ide.plugins.pluginmanager$startupabortedexception: fatal error initializing 'null' @ com.intellij.idea.ideaapplication.run(ideaapplication.java:178) @ com.intellij.idea.mainimpl$1$1$1.run(mainimpl.java:52) @ java.awt.event.invocationevent.dispatch(invocationevent.java:209) @ java.awt.eventqueue.dispatcheventimpl(eventqueue.java:715) @ java.awt.eventqueue.access$400(eventqueue.java:82) @ java.awt.eventqueue$2.run(eventqueue.java:676) @ java.awt.eventqueue$2.run(eventqueue.java:674) @ java.security.accesscontroller.doprivileged(native method) @ java.security.accesscontrolcontext$1.dointersectionprivilege(accesscontrolcontext.java:86) @ java.awt.eventqueue.dispatchevent(eventqu
Read more

android - Gradle sync Error:Configuration with name 'default' not found -

-
i want add external library guillotinemenu-android in application. followed steps given in upvoted answer existing question how add library project android studio? facing error when try build project after step 6 i.e. when added dependency in app/build.gradle compile project(":guillotinemenu") . tried stackoverflow links related error not working out. have made folder named libs in app directory , copied project folder guillotine menu there. here build.gradle(module:app) file apply plugin: 'com.android.application' android { compilesdkversion 22 buildtoolsversion "22.0.1" defaultconfig { applicationid "com.sunshine.bbreaker.appet_i" minsdkversion 14 targetsdkversion 22 versioncode 1 versionname "1.0" } buildtypes { release { minifyenabled false proguardfiles getdefaultproguardfile('proguard-android.txt'), 'proguard-rules.p
Read more

StringGrid issue in Delphi XE8 firemonkey mobile app -

-
i'm using delphi xe8 developing mobile application , i'm facing of problem in tstringgrid. i have written following code in stringgridselectcell event. showmessage(stringgrid.cells[0, arow]); and shows proper value of selected row @ first time. when have tried click again selected row, event not getting fired. , cant able unselect particular row. so, have tried write message in onclick event. var irowind: integer; begin irowind := stringgrid1.selected; showmessage(stringgrid.cells[0, irowind]); end; and not working @ first time of click , when clicked second time works properly. issue in android mobile , not in windows. later, have kept both event code , faced issue. when i'm scrolling grid, firing onclick event. so, displaying selected row value. please provide me solution. , in advance. let's onclick event: procedure tfmmain.stringgrid1click(sender: tobject); begin caption := 'selected row id: ' + stringgrid1.select
Read more