I have a Rails app that successfully talks to a Postgres database. The app has full Postgres access rights and is successfully talking to the database.
I use Devise to authenticate my users. I know this is independent of PG but I mention it to make what I want below somewhat clearer.
The app maintains a (Devise) table of users. The app has several users and I want to have each user have different access (roles?) to the database.
I want to create a sandbox where User can issue PG commands but has, for instance, only readonly access rights to the database.
How do I do this. I've searched Google for several hours but I've come up with zilch.
Related
I'm new to developing Ruby On Rails but have started creating a website for a mobile application that my friends are making. They are storing all of the data (Usernames, photos, posts...) on firebase (firebase.com) so we can all access it.
In broad terms I'm trying to figure out how to implement a lot of this with Ruby On Rails. Looking at most tutorials for rails, it seems like they assume the website has its own database. For instance when a user signs in, I use the user model to save the name, email and password. However this saves it to the rails database and not to firebase where all of the current usernames and passwords are stored. Should I ignore the standard rails method for user authentication and just sign the user into firebase or should I save this data to the rails database. If so, how to I keep that database in sync with firebase?
I have a Ruby on Rails-based website from which I want to create a stand-alone application (desktop app) so that users have an interface from their own computer without opening the browser and so that access is restricted to the people that have the app.
I am looking at the security of this and not sure how exactly to best go about this.
In a typical ROR site you have a database.yml file with your database information in it.
If I use RubyScript2Exe I think it would be too easy for someone to access this information. Maybe I am wrong.
My question is should I build this app as an API only thru my main site or should I build it to directly interface with the database.
One other option is to create its own database on each desktop computer to save their posts and an interface with the main database thru an api call.
My app will need to:
Create New Records in Database
Search Database
Delete records created by user
Main site uses Devise for log-in authenication
I rebuilt my application from scratch, and in that process, I changed the database from MongoDB to PostgreSQL. I've got existing users who signed up via Devise on the MongoDB database and would like to transfer them to the PostgreSQL database, which is also using Devise.
Is this possible, and if so, how? From a preliminary test of creating users with the same email and password in each version of the application, the encrypted_password is different.
I'm planning to build a group of several Rails applications on Heroku, and I want to share accounts, user data, and maybe some other information between these applications and the "main" Rails app. What would be the easiest and most effective way of doing this?
I've heard that one way of doing this is to make all the applications share the same database, but I'm not sure if that's really the best solution in my case since I only need to share some information between these apps. Another thing I've considered is using the CAS protocol, but that only seems to handle authentication (I can't use it to get user's names and email addresses). Suggestions?
Here's how I'm considering doing this.
Create a master app with user authentication.
Have each sub-app do omni auth with the master app.
Then the master app will house all the user data, and the sub-app will get the authentication info necessary plus the user data. I haven't figured out how to make sure that new user data will be saved in the master app, but it seems like you would just send the user to the master app, then have them returned once they've entered the data.
Any suggesting from you Rails experts out there before I sink a week into doing it this way.
So I'm making a rails app that also utilizes node.js for realtime features. What is the best way to authenticate the users on the node app, if they were created with devise on rails? I've been thinking about saving the session id in the db, and then validating with that, or maybe displaying the user id in the page and then sending that to the node app when they connect. Or maybe something else entirely would be best. I'm using mongoose for my node orm and mongoid for ruby.
Storing the session id in your database is a valid approach, I do that in my own applications.