Search Results

Search found 1208 results on 49 pages for 'proxied authorization'.

Page 10/49 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • REST, caching, and authorizing with multiple user roles

    - by keithjgrant
    We have a system with multiple different levels of access--sometimes even for the same user as they switch between multiple roles. We're beginning a discussion on moving over to a RESTful implementation of things. I'm just starting to get my feet wet with the whole REST thing. So how do I go about limiting access to the correct records when they access a resource, particularly when taking caching into consideration? If user A access example.com/employees they would receive a different response than user B; user A may even receive a different response as he switches to a different role. To help facilitate caching, should the id of the role be somehow incorporated into the uri? Maybe something like example.com/employees/123 (which violates the rules of REST), or as some sort of subordinate resource like example.com/employees/role/123 (which seems silly, since role/### is going to be appended to URIs all over the place). I can help but think I'm missing something here.

    Read the article

  • Run AppleScript with Elevated Privileges from Objective C

    - by cygnl7
    I'm attempting to execute an uninstaller (written in AppleScript) through AuthorizationExecuteWithPrivileges. I'm setting up my rights after creating an empty auth ref like so: char *tool = "/usr/bin/osascript"; AuthorizationItem items = {kAuthorizationRightExecute, strlen(tool), tool, 0}; AuthorizationRights rights = {sizeof(items)/sizeof(AuthorizationItem), &items}; AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize | kAuthorizationFlagInteractionAllowed; status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL); Later I call: status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, (char *const *)args, NULL); On Snow Leopard this works fine, but on Leopard I get the following in syslog.log: Apr 19 15:30:09 hostname /usr/bin/osascript[39226]: OpenScripting.framework - 'gdut' event blocked in process with mixed credentials (issetugid=0 uid=501 euid=0 gid=20 egid=20) Apr 19 15:30:12: --- last message repeated 1 time --- ... Apr 19 15:30:12 hostname [0x0-0x2e92e9].com.example.uninstaller[39219]: /var/folders/vm/vmkIi0nYG8mHMrllaXaTgk+++TI/-Tmp-/TestApp_tmpfiles/Uninstall.scpt: Apr 19 15:30:12 hostname [0x0-0x2e92e9].com.example.uninstaller[39219]: execution error: «constant afdmasup» doesn’t understand the «event earsffdr» message. (-1708) After researching this for a few hours my first guess is that Leopard somehow doesn't want to do what I'm doing because it knows it's in a setuid situation and blocks calls that ask about user-specific things in the applescript. Am I going about this all wrong? I just want to run the equivalent of "sudo /usr/bin/osascript ..." Edit: FWIW, the first line that causes the "execution error" is: set userAppSupportPath to (POSIX path of (path to application support folder from user domain)) However, even with an empty script (on run argv, end run and that's it) I still get the 'gdut' message.

    Read the article

  • Implementing Role based Helpers

    - by Cynics
    So my question is how would you implement your handwritten Helpers based on the role of current user. Would it be efficient to change the behaviour at request time? e.g. the Helper somehow figures out the role of user, and include the proper SubModule? module ApplicationHelper module LoggedInHelper # Some functions end module GuestHelper # The Same functions end # If User is Guest then include GuestHelper # If User is LoggedIn then include LoggedInHelper end Is it efficient this way? is it rails way? I've got a whole bunch of function that act like this, and I don't want to wrap every single one of them in an if statement def menu_actions if current_user.nil? # User is guest { "Log in" => link_to "Login", "/login" } else # User is Logged In { "Log out" => link_to "Logout", "/logout" } end end Thank you for your time and thoughts.

    Read the article

  • Can someone explain this block of ASP.NET MVC code to me, please?

    - by Pure.Krome
    Hi folks, this is the current code in ASP.NET MVC2 (RTM) System.Web.Mvc.AuthorizeAttribute class :- public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (this.AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback( new HttpCacheValidateHandler(this.CacheValidateHandler), null); } else { filterContext.Result = new HttpUnauthorizedResult(); } } so if i'm 'authorized' then do some caching stuff, otherwise throw a 401 Unauthorized response. Question: What does those 3 caching lines do? cheers :)

    Read the article

  • error while using cancan in ruby: "uninitialized constant CanCan::Rule::Mongoid"

    - by Ran
    here is my controller: class AdminController < ApplicationController before_filter :require_user authorize_resource :class => false def index end def users_list end end here is my Ability class: class Ability include CanCan::Ability def initialize(user) if user.admin? can :manage, :all else can :read, :all end end end when trying to access "/admin/users_list" (with an admin user or without) i get the following error: uninitialized constant CanCan::Rule::Mongoid any thoughts?

    Read the article

  • rest and client rights integration, and backbone.js

    - by Francois
    I started to be more and more interested in the REST architecture style and client side development and I was thinking of using backbone.js on the client and a REST API (using ASP.NET Web API) for a little meeting management application. One of my requirements is that users with admin rights can edit meetings and other user can only see them. I was then wondering how to integrate the current user rights in the response for a given resource? My problem is beyond knowing if a user is authenticated or not, I want to know if I need to render the little 'edit' button next to the meeting (let's say I'm listing the current meetings in a grid) or not. Let's say I'm GETing /api/meetings and this is returning a list of meetings with their respective individual URI. How can I add if the user is able to edit this resource or not? This is an interesting passage from one of Roy's blog posts: A REST API should be entered with no prior knowledge beyond the initial URI (bookmark) and set of standardized media types that are appropriate for the intended audience (i.e., expected to be understood by any client that might use the API). From that point on, all application state transitions must be driven by client selection of server-provided choices that are present in the received representations or implied by the user’s manipulation of those representations It states that all transitions must be driven by the choices that are present in the representation. Does that mean that I can add an 'editURI' and a 'deleteURI' to each of the meeting i'm returning? if this information is there I can render the 'edit' button and if it's not there I just don't? What's the best practices on how to integrate the user's rights in the entity's representation? Or is this a super bad idea and another round trip is needed to fetch that information?

    Read the article

  • BetterAuthorizationSample weird???

    - by Nano8Blazex
    I have a quick, newbie question... I just started looking through authrozation services and Apple's BetterAuthorizationSample... for some reason, I just can't get the hang of it. For example... I deleted the HelperTool and InstallTool and SampleTool.c and all references, but why does the program seem to continue work like nothing happened at all even after a clean build? Even commenting out all the code in SampleTOol.c doesn't seem to affect the way the program runs? Thanks

    Read the article

  • acl9 and devise don't seem to work well together

    - by Nik
    I have a user model which is access controlled by ACL9 in userscontroller: ACL9 related stuff before_filter :load_user, :only = [:show] access_control do allow :owner, :of = :user, :to = [:show] end def load_user user = User.find(params[:id]) end in ApplicaitonController I have a rescue_from 'Acl9::AccessDenied', :with = :access_denied def access_denied authenticate_user! # a method from Devise end it is no problem to type in url for sign in page http://localhost:3000/users/sign_in but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically thru the logic above http://localhost:3000/users/1 #= infinite redirect hell. it tries to redirect back to users/1 again(!?) instead of directing to users/sign_in Does anyone have an opinion as to what might be going wrong? Thanks!

    Read the article

  • simple authorisation in web api

    - by monthon1
    I want to make nice and clean api; I'm making site and I want to offer the ability to mobile apps use web API of my site. I don't want to use oAuth, becouse the mobile and embedded applications that are facing the biggest hurdle, as they may not be able to bring up and/or control the web browser. Also its a little complicate. I know, that HTTP basic authorisation is not safe, but it's so simple... I want to use it in my api. I have somee users logins and their passwords (md5-encoded) in mysql base, but how to use those data in this HTTP basic authorisation?

    Read the article

  • Multiple login locations for an online app.

    - by Goro
    Hello, I am working on a browser based application that will have many users. The catch is that every user should have their own customized login page, but the actual application is the same for everyone, and needs to be in a central location. What is the most secure way of doing this? Would it make more sense to have a copy of the application for each user, and keep the database centralized? The projected number of users is not very high, probably around 20-80. Thank you,

    Read the article

  • require_owner code to limit controller actions not recognizing current user as owner

    - by bgadoci
    I am trying to restrict access to certain actions using a before_filter which seems easy enough. Somehow the ApplicationController is not recognizing that the current_user is the owner of the user edit action. When I take the filter off the controller correctly routes the current_user to their edit view information. Here is the code. Link to call edit action from user controller (views/questions/index.html.erb): <%= link_to "Edit Profile", edit_user_path(:current) %> ApplicationController (I am only posting the code that I think is affecting this but can post the whole thing if needed). class ApplicationController < ActionController::Base def require_owner obj = instance_variable_get("@#{controller_name.singularize.camelize.underscore}") # LineItem becomes @line_item return true if current_user_is_owner?(obj) render_error_message("You must be the #{controller_name.singularize.camelize} owner to access this page", root_url) return false end end and the before_filter class UsersController < ApplicationController before_filter :require_owner, :only => [:edit, :update, :destroy] #... end I simply get the rendering of the error message from the ApplicationController#require_owner action.

    Read the article

  • Using web.config directory security and extensionless urls

    - by Matt Brailsford
    Hi Guys, I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows: Members Members/News Members/Press Members/Movies Users should be able to have access to the members parent page, but not child pages. My problem is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?

    Read the article

  • Devise and cancan gems: has_many association

    - by tiktak
    I use devise and cancan gems and have simple model association: user has_many subscriptions, subscription belongs_to :user. Have following SubscriptionsController: class SubscriptionsController < ApplicationController load_and_authorize_resource :user load_and_authorize_resource :subscription, through: :user before_filter :authenticate_user! def index @subscriptions = @user.subscriptions.paginate(:page => params[:page]).order(:created_at) end #other actions end And Cancan Ability.rb: class Ability include CanCan::Ability def initialize(user) user ||=User.new can [:index, :show], [Edition, Kind] if user.admin? can :manage, :all elsif user.id can [:read, :create, :destroy, :pay], Subscription, user_id: user.id can [:delete_from_cart, :add_to_cart, :cart], User, id: user.id end end end The problem is that i cannot use subscriptions actions as a user but can as a admin. And have no problems with UsersController. When i delete following lines from SubscriptionsController: load_and_authorize_resource :user load_and_authorize_resource :subscription, through: :user before_filter :authenticate_user! Have no problems at all. So the issue in these lines or in Ability.rb. Any suggestions?

    Read the article

  • aspnet_regsql questions and users and role

    - by Alexander
    I spend quite some hours banging my head against the wall trying to set up the aspnet membership / roles tables in my SQL server database instead of having them exist inside the App_Code/ASPNETDB.MDF file because that file wasn't working correctly on my host. I eventually figured out the problem by following Scott's gu here and was able to resolve it by running the aspnet_regsql.exe utility and creating a connection string for LocalSqlServer. The ridiculous part about it is that after running the aspnet_regsql and upload my database to my webhost all of my users and role that I have already created is gone. The user, membership, role, etc is gone. I can't populate this using the Web Site Administration Tool as it's not visual studio now. So what is the easiest way to populate the user, role, etc to my SQL Server as I now have dbo.aspnet_Application, dbo.aspnet_Paths, dbo.aspnet_Roles, etc...etc...

    Read the article

  • Fix N+1 query in "declarative_authorization" gem using gem "bullet"

    - by makaroni4
    Currently I am working on one big web application and to make it work faster I decided to refactor all N+1 queries (to decrease number of requests to database, http://rails-bestpractices.com/posts/29-fix-n-1-queries). So I installed gem "bullet" which doesn`t work with Rails 3.1.1 now (you can use fork from https://github.com/flyerhzm/bullet). When using declarative_authorization gem on each page I get same alerts: N+1 Query detected Role => [:permissions] Add to your finder: :include => [:permissions] N+1 Query detected Permission => [:permission_rules] Add to your finder: :include => [:permission_rules] CACHE (0.0ms) SELECT "roles".* FROM "roles" CACHE (0.0ms) SELECT "permissions".* FROM "permissions" WHERE "permissions"."role_id" = 1 CACHE (0.0ms) SELECT "permissions".* FROM "permissions" WHERE "permissions"."role_id" = 2 CACHE (0.0ms) SELECT "permissions".* FROM "permissions" WHERE "permissions"."role_id" = 3 CACHE (0.0ms) SELECT "permissions".* FROM "permissions" WHERE "permissions"."role_id" = 4 CACHE (0.0ms) SELECT "permissions".* FROM "permissions" WHERE "permissions"."role_id" = 6 CACHE (0.0ms) SELECT "permissions".* FROM "permissions" WHERE "permissions"."role_id" = 7 CACHE (0.0ms) SELECT "permissions".* FROM "permissions" WHERE "permissions"."role_id" = 8 CACHE (0.0ms) SELECT "permission_rules".* FROM "permission_rules" INNER JOIN "permission_rules_permissions" ON "permission_rules"."id" = "permission_rules_permissions"."permission_rule_id" WHERE "permission_rules_permissions"."permission_id" = 30 CACHE (0.0ms) SELECT "permission_rules".* FROM "permission_rules" INNER JOIN "permission_rules_permissions" ON "permission_rules"."id" = "permission_rules_permissions"."permission_rule_id" WHERE "permission_rules_permissions"."permission_id" = 31 ... Could you please help me with that and to make this queries faster?

    Read the article

  • How can I deny users to add/modify/remove printers to cups ?

    - by ajcaruana
    Hi, I am using Mac OS X 10.6. I wrote a program which will add and remove printers to a CUPS server using libcups. It works, but now I am considering the security aspects. This program takes a user name and password to authenticate on the CUPS server. Whatever user name and password I use, it works as long as it is valid on the system. How do I restrict access to only a specific user ? Regards Alan

    Read the article

  • Rails Authlogic Prevent User from Changing their Login/Username

    - by bob
    Hello, I have implemented Authlogic. I believe that this isn't an authlogic specific quesetion. Assume that I have a User model and each User has a column in the database called "login". Upon creating a user, the login column is populated. However, I don't want the user to be able to change their login once they set it. Currently, I have removed the text field in the _form.html.erb file in my views for users. However, it can probably still be accessed through the url right? How can I make it so that once a login is set, it can not be changed at all?

    Read the article

  • Form is creating already loaded attributes in addition to new attributes, how do I ignore the first?

    - by looloobs
    In my application you: Have an admin user that signs on and that user has a role (separate model), then I use the declarative_authorization plugin to give access to certain areas. That admin user can also register new users in the system, when they do this (using Authlogic) they fill out a nested form that includes that new users' role. So what is happening is the role of the admin user is being loaded by the declarative_authorization and then the nested form using the has_many_nested_attributes is loading that existing role as well as the new role for the new user (users can have many roles). Is there some way I can tell the new User being created to ignore the role assigned to the current_user and only create the role in the form for the new user? I have looked through a lot of different things, but it seems to get more complicated that these are nested attributes. Thanks in advance.

    Read the article

  • declerative_authorization on User problem

    - by Webpain
    I am trying to block all default methods except create and update in my users controller using declerative_authorization. But at the time I add filter_resource_access or filter_access_to into my usersController i always get "Couldn't find User without an ID". Anyone care to explain why this could be happening? class UsersController :new end end def show @user = @current_user end def edit @user = @current_user end def update @user = @current_user # makes our views "cleaner" and more consistent if @user.update_attributes(params[:user]) flash[:notice] = "Account updated!" redirect_to account_url else render :action = :edit end end end

    Read the article

  • How would I authenticate against a local windows user on another machine in an ASP.NET application?

    - by Daniel Chambers
    In my ASP.NET application, I need to be able to authenticate/authorise against local Windows users/groups (ie. not Active Directory) on a different machine, as well as be able to change the passwords of said remote local Windows accounts. Yes, I know Active Directory is built for this sort of thing, but unfortunately the higher ups have decreed it needs to be done this way (so authentication against users in a database is out as well). I've tried using DirectoryEntry and WinNT like so: DirectoryEntry user = new DirectoryEntry(String.Format("WinNT://{0}/{1},User", serverName, username), username, password, AuthenticationTypes.Secure) but this results in an exception when you try to log in more than one user: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again. I've tried making sure my DirectoryEntries are used inside a using block, so they're disposed properly, but this doesn't seem to fix the issue. Plus, even if that did work it is possible that two users could hit that line of code concurrently and therefore try to create multiple connections, so it would be fragile anyway. Is there a better way to authenticate against local Windows accounts on a remote machine, authorise against their groups, and change their passwords? Thanks for your help in advance.

    Read the article

  • How to protect an ASP Classic Page?

    - by SH
    How can I protect an ASP Classic page with either HTTP AUTH (you must provide a username and password to service) or a randomly generated access key that will be included as one of the parameters of the HTTP POST using the variable name access_key. Can anybody provide asp classic code in this regard? Quick help will be appreciated... PS: OrderGroove is a 3rd party service... neglect it.

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >