Could you please post a code example to implement roles interceptor ? On the documentation it just says: will only be executed if the user has the correct role. (http://struts.apache.org/2.0.11/docs/roles-interceptor.html).
Besides than than check if user is logined, I want to check if he has the role to execute the action.
Thanks in advance,
Raju
Related
i want to get the view source of this page "http://localhost:3000/splash_templates/edit_template/10017".
I used httpclient gem, but with this am getting the view source of login page.
So how to set the authentication and how to get the view source
I haven't used it before but you need to first authenticate user and then get content.
http://www.rubydoc.info/gems/httpclient/2.1.5.2/HTTPClient this url will help you. Configuring authentication credentials section provide way to authorize user runtime.
Hope this help you!
You need to login to get the source of the pages.
Although your question is not clear as to what kind of authentication is requested to be set, however here is the hint that you can go ahead with
Authentication with Web server. Supports BasicAuth, DigestAuth, and Negotiate/NTLM (requires ruby/ntlm module).
clnt = HTTPClient.new
domain = 'http://dev.ctor.org/http-access2/'
user = 'user'
password = 'user'
clnt.set_auth(domain, user, password)
p clnt.get_content('http://dev.ctor.org/http-access2/login').status
You can read more on this Here
Hope that helps ;)
I would like to hide the user_id in the URL if I can.
http://domain.com:3000/users/1
Here is the page info.
action: show
controller: users
id: '1'
The id in the URL is required so that the controller/action knows which user it should display on the page. It shows the user with an id of 1 in this case, but in other cases, you might want to show the details of another user.
It is possible to substitute the id in the URL with other identifying information, for example username.
To do this, see http://railscasts.com/episodes/63-model-name-in-url. You simply have to override the to_param method in your model.
There is a new Railscast that uses the friendly_id, a great gem that provides URL renaming:
http://railscasts.com/episodes/314-pretty-urls-with-friendlyid
To do this. In your user model make sure you have:
is_sluggable :whatever-attribute-you-want-to-mask-users/1
In your user controllers use:
#user = User.find_using_slug(params[:user])
Is there an easy way to get a credential/permission for a particular user?
I've seen the hasCredential() method, but I'd like to dynamically check any user, not just the current user.
I know I can use sfContext::getInstance()->getUser(); to get the current user object, but is there a way to load in any user and get his/her credentials?
Thanks
It kind of depends on the "store" you're using. In Symfony the current user (the one provided with sfContext::getInstance()->getUser()) is more an abstraction of the session.
So the most used plugin for authentication, sfDoctrineGuard, has controllers (sfGuardAuth) which handle things like a a signin form, and once succesful, it will populate the sfUser accordingly.
So, if you want to check for the permissions of a user, you will have to check the underlying store. If you're using sfDoctrineGuard, you can retrieve a User model through sfGuardUserTable::getInstance()->find(...). On the sfGuardUser, you can call the hasPermission($name) function to check.
If you are using sfGuardPlugin or sfDoctrineGuardPlugin you can get all user permissions by calling getAllPermissions() inside actions with:
$this->getUser()->getGuardUser()->getAllPermissions();
or inside models with:
sfContext::getInstance()->getUser()->getGuardUser()->getAllPermissions();
either way you have to call getGuardUser.
if you are using the sfGuardPlugin, you have the sf_guard_user, sf_guard_permission and sf_guard_group tables in your databse. So you can query that tables to obtain the permission of an specific user doing something like:
$c = new Criteria();
$c->add('username',$specificName);
$userPeer = new sfGuardUserPeer();
$user = $userPeer->doSelect($c);
$credentials = $user->getPermissions();
that way in $credentials you'll have an array of all the permissions (permissions are the credentials in sfGuardPlugin) of the selected user.
Good luck
I want to learn how to create my own authentication system, please provide some guidance if am doing this wrong.
I will create a Module in my /lib folder /lib/auth.rb
I will require this module in my ApplicationController.
when a user enters their email + password, I will call a method that will do a lookup in the user's table for a user with the same email, I will then compare the passwords. (i'll add encryption with salt later).
If the user entered the correct credentials, I will create a row in the Sessions table, and then write the session GUID to a cookie.
Now whenever I need to check if the user is logged in, or I need the user object, I will check if the cookie exists, if it does, I will lookup the session table for a row with the same guid, if it exists, I will return the session row and then load the User object.
I realize there are many suggestions one can give, but in a nutshell does this sound like a workable solution?
Now to make this usable, I will have to make some helper methods in my ApplicationController right?
How will I access the current_user from within my views?
P.S I know of other authentication systems, I just want to learn how to create my own.
The basic logic you're following is correct. Of course you can always expand on this with features that you need. For instance, you'll need helper methods for things like "logged_in?" and "current_user". Also, you might want to add session expiry, or session retention as a "remember me" feature.
Go for it, you won't learn authentication systems better than building your own then figuring what's wrong with it.
You should really check out the authlogic gem on github.
http://github.com/binarylogic/authlogic
It also has great instructions on how to set up your users.
After Faisal said what I would say, I only give you answer to the last part of your question:
"How will I access the current_user from within my views?"
try something like this:
class User < ...
def self.current=(u)
#current = u
end
def self.current
#current
end
end
In your views (or any part of your code) you can call User.current. Your controller has to assign a validated user to User.current. Your filters can react to "if User.current.nil?" and so on.
If you want to be thread safe, you may use a thread variable instead of #current:
Thread.current[:current_user] = u
The scenario is as follows. My Order model has an after_create that contacts a remote payment gateway to retrieve a payment URL. In my Cucumber tests I don't want to perform this action, but return an arbitrary URL. My current cucumber tests looks like this:
Given there is a product "Product X"
When I enter my credentials
And I click "Order Now"
Then I should be redirected to "arbitrary url"
The problem is where/how do I make sure that my order model sets the url correctly and does not contact the remote payment gateway?
The wiki also has some tips on stubbing.
In features/support/env.rb I monkey-patched my Order model to set the arbitrary URL. This could possible be done with Mocha or something else as well, but there is not point in this case.
In my steps I can check the response for the correct redirect like this:
Then /^I should be redirected to the payment gateway$/ do
response.status.should eql("302 Found")
response.location.should eql(Order.last.payment_url)
end
Hope this helps for others as well. I'd still like to know if there's a better/cleaner way of achieving this goal.
If I understand what you are trying to do correctly, have a look at FakeWeb.