I need to set up a context variable for rails in a way that I can store it and use on all controllers and actions in my app.
Basically it's a server that have several games. The user chooses 1 game and that goes on current_game. Depending on the value of current_game the app loads different stuff from the data base.
Is there a way I can make it?
May be you can using session variables, read the documentation !
Related
So I am writing an app in Rails 5, and I am interested in the security issues of a simple feature I am trying to write. Users make Picks, which are secret from one another until a certain time. If I pass:
#picks = Pick.all
which contains everyones picks,
to the view with the controller, and then filter what is displayed depending on who the user is on the view, would a user be able to access that #picks variable using nefarious methods? At first I thought yes, but now I am thinking that the user just gets the raw view sent with no #picks variable. Unless users can sneaky dev their own html views?
Disregard that it's probably a better idea to do the filtering in the controller anyway, I just want to see if you can expose variables if you give them in full to the view and then filter them there.
Short Answer:
No, the client cannot access the #picks variable directly. Your view would have to display the value of #picks in the view in order for the browser to receive it.
Long Answer:
However, it would be good practice to limit the data assigned to #picks before it gets to the view. As your codebase grows and ages, and perhaps other developers start maintaining it, you may not remember that the #picks variable contains data that should not be displayed in the view.
Six months down the road, when the client wants to update the view based on new feature enhancement, you do not want to rely on the developer who is modifying the view to know that #picks contains sensitive data.
Make life easy on future developers (including you) by restricting the content of #picks to those records that the user is allowed to see at the time. Using the code suggested in the comments is a good idea:
#picks = current_user.picks
Or better yet, add a method to your model that contains the business logic for determining which picks are available to the user at a given time:
class User < ApplicationRecord
...
def authorized_picks
# code that returns the picks this user is allowed to see right now
end
...
end
And then your controller code is:
#picks = current_user.authorized_picks
That way all of your business logic is in the model, where it belongs 90% of the time. This also allows you to keep your code DRY by having the authorization logic all in one place.
Keep your code simple and DRY and you will thank yourself down the road.
No, They won't be able to get the instance variable which we use in haml/erb files. They just get the raw html.
As Ruby on rails does server rendering, all instance variables will be used to prepare view at the server side.
Anyways filtering should be done on controller side as best practice.
I am developing an application to do the following things.
Tracks the Incoming/Outgoing Call.
If user attends to the call, after disconnected the call a Screen will pop-up.(User Have to fill some info and content will save in (Sqlite) database)
Now what I am doing is :-
First Make different entry point (autostartup) & this is the Entry-point of the application. (logic is working fine)
Implement Phone-listener that tracks Incoming/Outgoing Calls (logic is working fine)
When a call is disconnected, detail Screen will pop-up, User can fill up the screen. (logic is working fine)
But the Problem is when user Receives/Do calls and return back to the application, application isn't able to maintain variable states (like File Connections, Global variables that uses in application) they all become reset. This issue I am getting only on the Incoming/Outgoing Call time.
I used Run-time persistence storage but its not working in case of records insertion into the database.
I reinitialize the Database class but it's not working at all.
Please let me know, Why I am getting this issue.
"application can't able to maintain variable states (like File Connections , Global variables that uses in application ) they all become reset"
I presume that you are trying to maintain these 'global' variables as 'static' variables. Remember that static variables are only global to the same Application instance. In this case, the Phone Listener is invoked under a different application - the phone application - and so these variables are different to those that you see in your application.
To resolve this, I recommend doing two things:
a) Use RuntimeStore to provide a place to store shared (global) variables:
http://supportforums.blackberry.com/t5/Java-Development/Create-a-singleton-using-the-RuntimeStore/ta-p/442854
b) Have your listeners do as little as possible, use global events to pass the required information back to your application in your Application's context:
http://supportforums.blackberry.com/t5/Java-Development/Global-Events-and-Global-Event-Listeners/ta-p/444814
But perhaps I have not understood your problem clearly, if not, please clarify.
I want to implement a functionality of messages to display on different pages on my site.
I have created a model for this that contains fields, say page, message, active. If active=false the message will not be displayed. This works fine.
Now I want to add a capability to turn all messages on/off for some time. I don't want to update each message and set active=false because 1) there can be a lot of messages, 2) I would have to save which messages were active/inactive at the moment of turning off to restore the initial state when turning back on.
This would be very handy if I could use new "class-wide" variable ##active in my model. However, using multi-thread app (I use unicorn) can cause troubles because ##active will not be shared over all processes.
I was not able to google a good solutions for this, maybe someone can help?
Perhaps create an environment variable called DISABLE_ALL_MESSAGES and then override the message#active method to refer to ENV["DISABLE_ALL_MESSAGES"]:
def active
ENV["DISABLE_ALL_MESSAGES"] && super
end
Another option would be to store the setting in the database and refer to it in a similar manner.
Try setting preload_app=true in your unicorn configuration. This lets unicorn master process to preload the app and all the other workers share the loaded data structure. You might want to move to Ruby Enterprise Edition to share memory across processes.
I have an application that has different data sets depending on which company the user has currently selected (dropdown box on sidebar currently used to set a session variable).
My client has expressed a desire to have the ability to work on multiple different data sets from a single browser simultaneously. Hence, sessions no longer cut it.
Googling seems to imply get or post data along with every request is the way, which was my first guess. Is there a better/easier/rails way to achieve this?
You have a few options here, but as you point out, the session system won't work for you since it is global across all instances of the same browser.
The standard approach is to add something to the URL that identifies the context in which to execute. This could be as simple as a prefix like /companyx/users instead of /users where you're fetching the company slug and using that as a scope. Generally you do this by having a controller base class that does this work for you, then inherit from that for all other controllers that will be affected the same way.
Another approach is to move the company identifying component from the URL to the host name. This is common amongst software-as-a-service providers because it makes sharding your application much easier. Instead of myapp.com/companyx/users you'd have companyx.myapp.com/users. This has the advantage of preserving the existing URL structure, and when you have large amounts of data, you can partition your app by customer into different databases without a lot of headache.
The answer you found with tagging all the URLs using a GET token or a POST field is not going to work very well. For one, it's messy, and secondly, a site with every link being a POST is very annoying to work with as it makes navigating with the back-button or forcing a reload troublesome. The reason it has seen use is because out of the box PHP and ASP do not have support routes, so people have had to make do.
You can create a temporary database table, or use a key-value database and store all data you need in it. The uniq key can be used as a window id. Furthermore, you have to add this window id to each link. So you can receive the corresponding data for each browser tab out of the database and store it in the session, object,...
If you have an object, lets say #data, you can store it in the database using Marshal.dump and get it back with Marshal.load.
What does the following line mean?
Put the boolean variable isLogin to your session such that you check the session each time your user goes to the secured site.
I would like to know how you can put a variable to a session. I know at the abstract level that
session is a semi-permanent
interactive information interchange,
also known as a dialogue, a
conversation or a meeting, between two
or more communicating devices, or
between a computer and user
I know that you can store data in a URL by separating variables by the character &.
I know at the abstract level that you need to use post orget and some read -function to check the data in the URL.
I know that cookies are files where you store data, but I have never stored data to them.
Does he mean that I should put the login -variable to the URL or to cookies?
Taking out all the context doesn't make it any easier to answer your question - actually I have to guess that you are talking about php, because it looks like you might be.
Sessions.
Sessions are a way of 'remembering' users for a limited time. Say I visit page A.php on your website first. Now, that website might define an isLoggedIn session variable for me. If a bit later I go to page B.php on your site, that site 'remembers' that variable and can tell what it' s value was.
Sessions and Cookies do have a relation, but that only matters when you want to know how sessions work. This will be important later on as you will need to know the weaknesses of sessions, but first it is important you get to know how to use them.
Before you can use session variables, you must call session_start(), to start a session - this must be called on each page that uses the session variables. Once we have we can simply access the array $_SESSION and all that's in there will be remembered with the session.
Take a look over here to get a more complete explanation and a number of examples.