Search Results

Search found 1047 results on 42 pages for 'restrict'.

Page 36/42 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42  | Next Page >

  • Nhibernate - stuck with detached criteria (asp.net mvc 1 with nhibernate 2) c#

    - by Jen
    OK so I can't find a good example of this so I can better understand how to use detached criteria (assuming that's what I want to use in the first place). I have 2 tables. Placement and PlacementSupervisor My PlacementSupervisor table has a FK of PlacementID which relates to Placement.PlacementID - though my nhibernate model class has PlacementSupervisor . Placement (rather than specifically specifying a property of placement ID - not sure if this is important). What I am trying to do is - if values are passed through for the supervisor ID I want to restrict placements with that supervisor id. Have tried: ICriteria query = m_PlacementRepository.QueryAlias("p") .... if (criteria.SupervisorId > 0 && !string.IsNullOrEmpty(criteria.SupervisorTypeId)) { DetachedCriteria entityQuery = DetachedCriteria.For<PlacementSupervisor>("sup") .Add(Restrictions.And( Restrictions.Eq("sup.supervisorId", criteria.SupervisorId), Restrictions.Eq("sup.supervisorTypeId", criteria.SupervisorTypeId) )) .SetProjection(Projections.ProjectionList() .AddPropertyAlias("Placement.PlacementId", "PlacementId") ); query.Add(Subqueries.PropertyIn("p.PlacementId", entityQuery)); } Which just gives me the error: Could not find a matching criteria info provider to: (sup.supervisorId = 5 and sup.supervisorTypeId = U) Firstly supervisorTypeId is a string. Secondly I don't understand how to achieve what I'm trying to do so have just been trying various combinations of projections, and property aliases and subquery options..as I don't get how I'm supposed to join to another table/entity when the FK key sits in the second table. Can someone point me in the right direction. It seems like such an easy thing to do from a data perspective that hopefully I'm just missing something obvious!!

    Read the article

  • How to define multiple elements in XML Schema with the same name and different attribute value allow

    - by David Skyba
    I would like to create XML Schema for this chunk of xml, I would like to restrict the values of "name" attribute, so that in output document on and only one instance of day is allowed for each week day: <a> <day name="monday" /> <day name="tuesday" /> <day name="wednesday" /> </a> I have tried to use this: <xs:complexType name="a"> <xs:sequence> <xs:element name="day" minOccurs="1" maxOccurs="1"> <xs:complexType> <xs:attribute name="name" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="monday" /> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> </xs:element> <xs:element name="day" minOccurs="1" maxOccurs="1"> <xs:complexType> <xs:attribute name="name" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="tuesday" /> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> but XML Schema validator in eclipse says error "Multiple elements with name 'day', with different types, appear in the model group.". Is there any other way?

    Read the article

  • Google AJAX Transliteration API :- How do i translate many elements in page to some language at one

    - by Nitesh Panchal
    Hello, I have many elements on page and all of which i want to translate to some language. The language is not the same for all fields, that is, for 1st field it may be fr and for third field it may be en then again for 7th field it may be pa. Basically i wrote the code and it's working :- <script type="text/javascript"> //<![CDATA[ google.load("language", "1"); window.onload = function(){ var elemPostTitles = document.getElementsByTagName("h4"); var flag = true; for(var i = 0 ; i < elemPostTitles.length ; i++){ while(flag == false){ } var postTitleElem = elemPostTitles[i]; var postContentElem = document.getElementById("postContent_" + i); var postTitle = postTitleElem.innerHTML; var postContent = postContentElem.innerHTML; var languageCode = document.getElementById("languageCode_" + i).value; google.language.detect(postTitle, function(result) { if (!result.error && result.language) { google.language.translate(postTitle, result.language, languageCode, function(result) { flag = true; if (result.translation) { postTitleElem.innerHTML = result.translation; } }); } }); flag = false; } As you can see, what i am trying to do is restrict the loop from traversing until the result of previous ajax call is receieved. If i don't do this only the last field gets translated. My code works nicely, but because of the infinite loop, i keep getting errors from Mozilla to "stop executing scripts". How do i get rid of this? Also, is my approach correct? Or some inbuilt function is available which can ease my task? Thanks in advance :)

    Read the article

  • F# and statically checked union cases

    - by Johan Jonasson
    Soon me and my brother-in-arms Joel will release version 0.9 of Wing Beats. It's an internal DSL written in F#. With it you can generate XHTML. One of the sources of inspiration have been the XHTML.M module of the Ocsigen framework. I'm not used to the OCaml syntax, but I do understand XHTML.M somehow statically check if attributes and children of an element are of valid types. We have not been able to statically check the same thing in F#, and now I wonder if someone have any idea of how to do it? My first naive approach was to represent each element type in XHTML as a union case. But unfortunately you cannot statically restrict which cases are valid as parameter values, as in XHTML.M. Then I tried to use interfaces (each element type implements an interface for each valid parent) and type constraints, but I didn't manage to make it work without the use of explicit casting in a way that made the solution cumbersome to use. And it didn't feel like an elegant solution anyway. Today I've been looking at Code Contracts, but it seems to be incompatible with F# Interactive. When I hit alt + enter it freezes. Just to make my question clearer. Here is a super simple artificial example of the same problem: type Letter = | Vowel of string | Consonant of string let writeVowel = function | Vowel str -> sprintf "%s is a vowel" str I want writeVowel to only accept Vowels statically, and not as above, check it at runtime. How can we accomplish this? Does anyone have any idea? There must be a clever way of doing it. If not with union cases, maybe with interfaces? I've struggled with this, but am trapped in the box and can't think outside of it.

    Read the article

  • A good solution for displaying galleries with lytebox and php

    - by Johann
    Hello I have thought for a while over an issue with the loading of images on a website-solution that I have programmed (For fun and the experience) The programming language used is PHP with MYSQL as the database language It also uses javascript, but not extensively I have recently realized that the engine I programmed, while it has it's smart solutions also carry a lot of flaws and redundant code. I have therefore decided to make a new one, now incorporating what I know, but didn't when I started the previous project. For the new system, there will be an option to add galleries to a site, and upload images to it. I have used the javascript image viewer Lytebox before. The screen goes dark and an image appears with a "Previous" and "next" button to view the other images. The problem is that I used groups with lytebox and the images themselves, resized as thumbs. This causes lytebox to work only when all the images have loaded. If you click a link before that, the image is shown as if you right click and choose "Show image" Information about these images is parsed from a database using a while statement with a counter that goes from 0 to sizeof() I'm thinking it probably isn't a good idea to have the images as the thumbs, even if you restrict the upload size. Likewise, adding thumbs at upload also seems like a hassle. It would be practical if the thumbs didn't show up before they were fully loaded. Has anyone got any good tips. Any help would be appreciated. Johann

    Read the article

  • Web-app currency input/manipulation/calculation with javascript .. there has got to be a better (fra

    - by dreftymac
    BACKGROUND: I am of the "user-input-lockdown" school of thought. Whenever possible, I try to mistrust and sanitize user input, both client side and server side; and I try to take multiple opportunities to restrict possible inputs to a known subset of possibilities, usually this means providing a lot of checkboxes and select lists. (This is from the usability side of things, I know security-wise that malicious users can easily bypass fixed user input GUI controls). PROBLEM: Anyway, the problem always arises with non-fixed input of currency. Whenever I have to accept a freely-specified dollar amount as user input, I always have to confront these problems/annoyances and it is always painful: 1) Make sure to give the user two input boxes for each currency_datapoint, one for the whole_dollar_part and another for the fractional_pennies_part 2) Whenever the user changes a currency_datapoint, provide keystroke-by-keystroke GUI feedback to let them know whether the currency_datapoint is well-formed, with context-appropriate validation rules (e.g., no negatives?, nonzero only?, numeric only!, no non-numeric punctuation! no symbols!) 3) For display purposes, every user-provided currency_datapoint should be translated to human-readable currency formatting (dollar sign, period, commas provided by the app, where appropriate) 4) For calculation purposes, every user-provided currency_datapoint has to be converted to integer (all pennies, to avoid floating point errors) and summed into a grand total with zero or more subtotals. 5) Every user-provided currency_datapoint should be displayed or displayable in a nice "tabular" format, which auto-updates as the user enters each currency_datapoint, including a baloon that warns when one or more currency_datapoints is not well-formed. I seem to be re-inventing this wheel every time I have to work with currency in Javascript on the client side (server side is a bit more flexible since most programming languages have higher-level currency formatting logic). QUESTION: Has anyone out there solved the problem of dealing with the above issues, client side, in a way that is server-side-technology-stack agnostic, (preferrably plain javascript or jquery)? This is getting old, there has to be a better way.

    Read the article

  • Free utility which runs in Linux to create a UML class diagram from Java source files

    - by DeletedAccount
    I prefer to jot down UML-diagrams on paper and then implement them using Java. It would be nice to have a utility which could create UML-diagrams for me which I may share on-line and include in the digital documentation. In other words: I want to create UML diagrams from Java source code. The utility must be able to: Run in Linux. Handle Generics, i.e show List<Foo correctly in parameters and return type. Show class inheritance and interface implementations. It's nice if the utility is able to: Run in Windows and Mac OS X. Display enums in some nice manner. Generate output in a diagram format which I may modify using some other utility. Run from the command line. Restrict the UML generation to a set of packages which I may specify. Handle classes/interfaces which are not part of my source code. It could include the first class/interface which is external in the UML diagram. Perhaps in another color to indicate it being a library/framework created by someone else. Focuses on this task and doesn't try to solve the whole issue of documentation.

    Read the article

  • How do you make life easier for yourself when developing a really large database

    - by Hannes de Jager
    I am busy developing 2 web based systems with MySql databases and the amount of tables/views/stored routines is really becoming a lot and it is more and more challenging to handle the complexity. Now in programming languages we have namespacing e.g. Java packages, C++ namespaces to partition the software, grouping it together to make things more understandable. Databases on the other hand have more of a flat structure (MySql at least) e.g. tables and stored procedures are on the same level. So one have to be more creative, creating naming conventions, perhaps use more than one database or using tools to visualize things. What methods do you use to ease the pain? To be effective while developing your databases? To not get lost in a sea of tables and fields and stored procs? Feel free to mention tools you use also, but try to restrict it to open source and preferably Linux solutions if thats OK. b.t.w How many tables would a database have to be considered large in terms of design?

    Read the article

  • Run Visual Studio with Administrator Rights using app.manifest [ExecutionLevel]

    - by srk
    I need to change the key in a registry in order to restrict the user from using Task Manager, since it is an Kiosk application. My code for changing the registry is working perfectly for Administrator account. But my application is going to be run in normal user account. When i tried to run my application in normal user account, i get the below error : DisableTaskManagerSystem.UnauthorizedAccessException: Access to the registry key 'HKey_Current_User\Software\Mictrosoft\Windows\CurrentVersion\Policies\System' is denied. at Microsoft.win32.RegistryKey.win32Error(int32 errorcode, String str) So i need to run my application with all administrator privileges. For which i am using the below app.manifest. But some how i getting the same error. How to overcome this ? Code in app.manifest : <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft- com:asm.v2"> <ms_asmv2:security> <ms_asmv2:requestedPrivileges> <ms_asmv2:requestedExecutionLevel level="requireAdministrator" uiAccess="true"> </ms_asmv2:requestedExecutionLevel> </ms_asmv2:requestedPrivileges> </ms_asmv2:security> </ms_asmv2:trustInfo> </assembly>

    Read the article

  • svn+apache per directory access control: weird permissions issue (403 Forbidden error)

    - by gveda
    Hi, I had a perfectly working svn+apache install where I was using per directory access control to restrict access to various parts of the repository. In particular, no one had access to the top level in the repository [/]. People had access to folders like [/www] etc. I was specifying these permissions in a file (svn-access-file). I had to move to a new machine. So I installed subversion-1.6.3 and httpd-2.2.11 on it, and modified the conf file to mimic the conf file on the old machine (and I copied the svn-access-file and the svn-auth-file). Then I took an svn dump and did a load to put stuff back in the new repository. Now I can check stuff out, modify stuff, and commit. However, as soon as I try to do an 'svn up' on an already checked out copy of some sub-folder [/www/people], I get the following error: svn: Server sent unexpected return value (403 Forbidden) in response to OPTIONS request for 'https://[servername]/svn' It seems the problem is that it is trying to access the top level directory [/] even though really it should only be trying to access [/www]. If I temporarily give the user access to [/], it works. Can someone please tell me how to fix this? Everything worked on the old machine. Thanks! Gaurav

    Read the article

  • Executing untrusted code

    - by MainMa
    Hi, I'm building a C# application which uses plug-ins. The application must guarantee to the user that plug-ins will not do whatever they want on the user machine, and will have less privileges that the application itself (for example, the application can access its own log files, whereas plug-ins cannot). I considered three alternatives. Using System.AddIn. I tried this alternative first, because it seamed much powerful, but I'm really disappointed by the need of modifying the same code seven times in seven different projects each time I want to modify something. Besides, there is a huge number of problems to solve even for a simple Hello World application. Using System.Activator.CreateInstance(assemblyName, typeName). This is what I used in the preceding version of the application. I can't use it nevermore, because it does not provide a way to restrict permissions. Using System.Activator.CreateInstance(AppDomain domain, [...]). That's what I'm trying to implement now, but it seems that the only way to do that is to pass through ObjectHandle, which requires serialization for every used class. Although plug-ins contain WPF UserControls, which are not serializable. So is there a way to create plug-ins containing UserControls or other non serializable objects and to execute those plug-ins with a custom PermissionSet ?

    Read the article

  • Reversible numerical calculations in Prolog

    - by user8472
    While reading SICP I came across logic programming chapter 4.4. Then I started looking into the Prolog programming language and tried to understand some simple assignments in Prolog. I found that Prolog seems to have troubles with numerical calculations. Here is the computation of a factorial in standard Prolog: f(0, 1). f(A, B) :- A > 0, C is A-1, f(C, D), B is A*D. The issues I find is that I need to introduce two auxiliary variables (C and D), a new syntax (is) and that the problem is non-reversible (i.e., f(5,X) works as expected, but f(X,120) does not). Naively, I expect that at the very least C is A-1, f(C, D) above may be replaced by f(A-1,D), but even that does not work. My question is: Why do I need to do this extra "stuff" in numerical calculations but not in other queries? I do understand (and SICP is quite clear about it) that in general information on "what to do" is insufficient to answer the question of "how to do it". So the declarative knowledge in (at least some) math problems is insufficient to actually solve these problems. But that begs the next question: How does this extra "stuff" in Prolog help me to restrict the formulation to just those problems where "what to do" is sufficient to answer "how to do it"?

    Read the article

  • How to use Grails Spring Security Plugin to require logging in before access an action?

    - by Hoàng Long
    Hi all, I know that I can use annotation or Request mapping to restrict access to an ACTION by some specific ROLES. But now I have a different circumstance. My scenario is: every user of my site can create posts, and they can make their own post public, private, or only share to some other users. I implement sharing post by a database table PERMISSION, which specify if a user have the right to view a post or not. The problem arises here is that when a customer access a post through a direct link, how can I determine he/she have the privilege to view it? There's 3 circumstances: The post is public, so it can be viewed by anyone (include not-login user) The post is private, so only the login-owner can view it The post is sharing, it means only the login-user that is shared and the owner can view it. I want to process like this: If the requested post is public: ok. If the requested post is private/sharing: I want to redirect the customer to the login page; after logging in, the user will be re-direct to the page he wants to see. The problem here is that I can redirect the user to login controller/ auth action, but after that I don't know how to redirect it back. The link to every post is different by post_id, so I can't use SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl Could anyone know a way to do this?

    Read the article

  • rails delete_all exception

    - by Sergei
    Hello, guys! I have some User model, Role model and Assignment model to manage role-based user system. Just like here . So, here some kind of code, to include roles into users form: <% for role in Role.all %> <%= check_box_tag "user[role_ids][]", role.id, @user.roles.include?(role) %> <%=h role.name %><br /> <% end %> And all's working fine for new records and for editing records. But I just want to make possible to restrict deleting Assigment with id=1, cause this Assignment for default root user from migration, who must be admin anyway. Otherwise, I can lose my last admin. So I've tryed to add before_destroy to Assignment.rb model, but it doesn't work. I've noticed, that when I'm editing user and trying to remove his admin role(assignment), the server makes a delete_all method, not destroy method. So, does anybody know how to catch the deleting of Assignment with id=1 through this kind of code? Thanks in advance!

    Read the article

  • Numerical calculations in Prolog

    - by user8472
    While reading SICP I came across logic programming chapter 4.4. Then I started looking into the Prolog programming language and tried to understand some simple assignments in Prolog. I found that Prolog seems to have troubles with numerical calculations. Here is the computation of a factorial in standard Prolog: f(0, 1). f(A, B) :- A > 0, C is A-1, f(C, D), B is A*D. The issues I find is that I need to introduce two auxiliary variables (C and D), a new syntax (is) and that the problem is non-reversible (i.e., f(5,X) works as expected, but f(X,120) does not). Naively, I expect that at the very least C is A-1, f(C, D) above may be replaced by f(A-1,D), but even that does not work. My question is: Why do I need to do this extra "stuff" in numerical calculations but not in other queries? I do understand (and SICP is quite clear about it) that in general information on "what to do" is insufficient to answer the question of "how to do it". So the declarative knowledge in (at least some) math problems is insufficient to actually solve these problems. But that begs the next question: How does this extra "stuff" in Prolog help me to restrict the formulation to just those problems where "what to do" is sufficient to answer "how to do it"?

    Read the article

  • How to compare two file structures in PHP?

    - by OM The Eternity
    I have a function which gives me the complete file structure upto n-level, function getDirectory($path = '.', $ignore = '') { $dirTree = array (); $dirTreeTemp = array (); $ignore[] = '.'; $ignore[] = '..'; $dh = @opendir($path); while (false !== ($file = readdir($dh))) { if (!in_array($file, $ignore)) { if (!is_dir("$path/$file")) { //display of file and directory name with their modification time $stat = stat("$path/$file"); $statdir = stat("$path"); $dirTree["$path"][] = $file. " === ". date('Y-m-d H:i:s', $stat['mtime']) . " Directory == ".$path."===". date('Y-m-d H:i:s', $statdir['mtime']) ; } else { $dirTreeTemp = getDirectory("$path/$file", $ignore); if (is_array($dirTreeTemp))$dirTree = array_merge($dirTree, $dirTreeTemp); } } } closedir($dh); return $dirTree; } $ignore = array('.htaccess', 'error_log', 'cgi-bin', 'php.ini', '.ftpquota'); //function call $dirTree = getDirectory('.', $ignore); //file structure array print print_r($dirTree); Now here my requirement is , I have two sites The Development/Test Site- where i do testing of all the changes The Production Site- where I finally post all the changes as per test in development site Now, for example, I have tested an image upload in the Development/test site, and i found it appropriate to publish on Production site then i will completely transfer the Development/Test DB detail to Production DB, but now I want to compare the files structure as well to transfer the corresponding image file to Production folder. There could be the situation when I update the image by editing the image and upload it with same name, now in this case the image file would be already present there, which will restrict the use of "file_exist" logic, so for these type of situations....HOW CAN I COMPARE THE TWO FILE STRUCTURE TO GET THE SYNCHRONIZATION DONE AS PER REQUIREMENT??

    Read the article

  • Accept templated parameter of stl_container_type<string>::iterator

    - by Rodion Ingles
    I have a function where I have a container which holds strings (eg vector<string>, set<string>, list<string>) and, given a start iterator and an end iterator, go through the iterator range processing the strings. Currently the function is declared like this: template< typename ContainerIter> void ProcessStrings(ContainerIter begin, ContainerIter end); Now this will accept any type which conforms to the implicit interface of implementing operator*, prefix operator++ and whatever other calls are in the function body. What I really want to do is have a definition like the one below which explicitly restricts the amount of input (pseudocode warning): template< typename Container<string>::iterator> void ProcessStrings(Container<string>::iterator begin, Container<string>::iterator end); so that I can use it as such: vector<string> str_vec; list<string> str_list; set<SomeOtherClass> so_set; ProcessStrings(str_vec.begin(), str_vec.end()); // OK ProcessStrings(str_list.begin(), str_list.end()); //OK ProcessStrings(so_set.begin(), so_set.end()); // Error Essentially, what I am trying to do is restrict the function specification to make it obvious to a user of the function what it accepts and if the code fails to compile they get a message that they are using the wrong parameter types rather than something in the function body that XXX function could not be found for XXX class.

    Read the article

  • Why do I get a security warning in visual studio 2008 when creating a project?

    - by MikeG
    This is the error, it's basically a security warning (And here's the text grabbed off the dialog box) Security Warning for WindowsApplication4 __________________________I The WindowsApplication4 project file has been customized and could present a security risk by executing custom build steps when opened in Microsoft Visual Studio. If this project came from an untrustwoithy source, it could cause damage to your computer or compromise your private information. More Details Project load options 0 Load project for browsing Opens the project in Microsoft Visual Studio with increased security. This option allows you to browse the contents of the project, but some functionality, such as IntelliSense, is restricted, When a project is loaded for browsing, actions such as building, cleaning, publishing, or opening designers could still remain unsafe. Load project normally Opens the project normally in Microsoft Visual Studio. Use this option if you trust the source and understand the potential risks involved. Microsoft Visual Studio does not restrict any project functionality and will not prompt you again for this project. Ask me for every project in this solution OK L Cancel When click the more details button get this: Microsoft Visual Studio __ An item referring to the file was found in the project file “C:\Users\mgriffiths\Documents\Visual Studio 2008\ProjectATemp\Win dowsApplication4\WindowsApplicdtion4\W in dowsApplication4.vbproj”. Since this file is located within a system directory, root directory, or network share, it could be harmful to write to this file. OK

    Read the article

  • MySQL - Structure for Permissions to Objects

    - by Kerry
    What would be an ideal structure for users permissions of objects. I've seen many related posts for general permissions, or what sections a user can access, which consists of a users, userGroups and userGroupRelations or something of that nature. In my system there are many different objects that can get created, and each one has to be able to be turned on or off. For instance, take a password manager that has groups and sub groups. Group 1 Group 2 Group 3 Group 4 Group 5 Group 6 Group 7 Group 8 Group 9 Group 10 Each group can contain a set of passwords. A user can be given read, write, edit and delete permissions to any group. More groups can get created at any point in time. If someone has permission to a group, I should be able to make him have permissions to all sub groups OR restrict it to just that group. My current thought is to have a users table, and then a permissions table with columns like: permission_id (int) PRIMARY_KEY user_id (int) INDEX object_id (int) INDEX type (varchar) INDEX read (bool) write (bool) edit (bool) delete (bool) This has worked in the past, but the new system I'm building needs to be able to scale rapidly, and I am unsure if this is the best structure. It also makes the idea of having someone with all subgroup permissions of a group more difficult. So, as a question, should I use the above structure? Or can someone point me in the direction of a better one?

    Read the article

  • CanCan polymorphic resource access problem

    - by Call 'naive' True
    Hi everybody, i don't quite understand how to restrict access to links in this particular case with CanCan. I always get "Edit" link displayed. So i believe the problem is in my incorrect definition of cancan methods(load_ and authorize_). I have CommentsController like that: class CommentsController < ApplicationController before_filter :authenticate_user! load_resource :instance_name => :commentable authorize_resource :article def index @commentable = find_commentable #loading our generic object end ...... private def find_commentable params.each { |name, value| if name =~ /(.+)_id$/ return $1.classify.constantize.includes(:comments => :karma).find(value) end } end end and i have in comments/index.html.erb following code that render file from other controller: <%= render :file => "#{get_commentable_partial_name(@commentable)}/show.html.erb", :collection => @commentable %> you can think about "#{get_commentable_partial_name(@commentable)}" like just "articles" in this case. Content of "articles/show.html.erb": <% if can? :update, @commentable %> <%= link_to 'Edit', edit_article_path(@commentable) %> | <% end %> my ability.rb: class Ability include CanCan::Ability def initialize(user) user ||= User.new # guest user if user.role? :admin can :manage, :all elsif user.role? :author can :read, [Article, Comment, Profile] can :update, Article, :user_id => user.id end end end relations with models is: class Comment < ActiveRecord::Base belongs_to :commentable, :polymorphic => true, :dependent => :destroy ... end class Article < ActiveRecord::Base has_many :comments, :as => :commentable, :dependent => :destroy ... end i have tried debug this issue like that user = User.first article = Article.first ability = Ability.new(user) ability.can?(:update, article) and i always get "= true" in ability check Note: user.role == author and article.user_id != user.id if you need more information please write thank's for your time && sorry for my english

    Read the article

  • Java website protection solutions (especially XSS)

    - by Mark
    I'm developing a web application, and facing some security problems. In my app users can send messages and see other's (a bulletin board like app). I'm validating all the form fields that users can send to my app. There are some very easy fields, like "nick name", that can be 6-10 alpabetical characters, or message sending time, which is sended to the users as a string, and then (when users ask for messages, that are "younger" or "older" than a date) I parse this with SimpleDateFormat (I'm developing in java, but my question is not related to only java). The big problem is the message field. I can't restrict it to only alphabetical characters (upper or lowercase), because I have to deal with some often use characters like ",',/,{,} etc... (users would not be satisfied if the system didn't allow them to use these stuff) According to this http://ha.ckers.org/xss.html, there are a lot of ways people can "hack" my site. But I'm wondering, is there any way I can do to prevent that? Not all, because there is no 100% protection, but I'd like a solution that can protect my site. I'm using servlets on the server side, and jQuery, on the client side. My app is "full" AJAX, so users open 1 JSP, then all the data is downloaded and rendered by jQuery using JSON. (yeah, I know it's not "users-without-javascript" friendly, but it's 2010, right? :-) ) I know front end validation is not enough. I'd like to use 3 layer validation: - 1. front end, javascript validate the data, then send to the server - 2. server side, the same validation, if there is anything, that shouldn't be there (because of client side javascript), I BAN the user - 3. if there is anything that I wasn't able to catch earlier, the rendering process handle and render appropriately Is there any "out of the box" solution, especially for java? Or other solution that I can use?

    Read the article

  • Am I trying to Implement Multiple Inheritance. How can I do this.

    - by Shantanu Gupta
    I have created a class say A which has some functions defined as protected. Now Class B inherits A and class C inherits B. Class A has private default constructor and protected parameterized constructor. I want Class B to be able to access all the protected functions defined in Class A but class C can have access on some of the functions only not all the functions and class C is inheriting class B. How can I restrict access to some of the functions of Class A from Class C ? EDIT: namespace Db { public Class A { private A(){} protected A(string con){assign this value} protected DataTable getTable(){return Table;} protected Sqlparameters setParameters(){return parameter;} } } namespace Data { public Class B:A { protected B():base("constring"){} protected DataTable output(){return getTable();} protected sqlparameter values(param IDataParameter[] parameter){} } } namespace Bsns { public Class C:B { protected C():base(){} protected DataTable show() {return values(setparameter());} } } EDIT I think what I am trying to do here is Multiple inheritance. Please check. Class A { //suppose 10 functions are declared } Class B:A { //5 functions declared which are using A's function in internal body } Class C:B { //using all functions of B but require only 4 functions of A to be accessible by C. }

    Read the article

  • Semi-generic function

    - by Fredrik Ullner
    I have a bunch of overloaded functions that operate on certain data types such as int, double and strings. Most of these functions perform the same action, where only a specific set of data types are allowed. That means I cannot create a simple generic template function as I lose type safety (and potentially incurring a run-time problem for validation within the function). Is it possible to create a "semi-generic compile time type safe function"? If so, how? If not, is this something that will come up in C++0x? An (non-valid) idea; template <typename T, restrict: int, std::string > void foo(T bar); ... foo((int)0); // OK foo((std::string)"foobar"); // OK foo((double)0.0); // Compile Error Note: I realize I could create a class that has overloaded constructors and assignment operators and pass a variable of that class instead to the function.

    Read the article

  • Dangers when deploying Flash/Flex UI test automation hooks to production?

    - by Merlyn Morgan-Graham
    I am interested in doing automated testing against a Flex based UI. I have found out that my best options for UI automation (due to being C# controllable, good licensing conditions, etc) all seem to require that I compile test hooks into my application. Because of this, I am thinking of recommending that these hooks be compiled into our build. I have found a few places on the net that recommend not deploying bits with this instrumentation enabled, and I'd like to know why. Is it a performance drain, or a security risk? If it is a security risk, can you explain how the attack surface is increased? I am not a Flash or Flex developer, though I have some experience with threat modeling. For reference, here's the tools I'm specifically considering: QTP Selenium-Flex API I am having problems finding all the warnings/suggestions I found last night, but here's an example that I can find: http://www.riatest.com/products/getting-started.html Warning! Automation enabled applications expose all properties of all GUI components. This makes them vulnerable to malicious use. Never make automation enabled application publicly available. Always restrict access to such applications and to RIATest Loader to trusted users only. Related question (how to do conditional compilation to insert/remove those hooks): Conditionally including Flex libraries (SWCs) in mxmlc/compc ant tasks

    Read the article

  • How to limit setAccessible to only "legitimate" uses?

    - by polygenelubricants
    The more I learned about the power of setAccessible, the more astonished I am at what it can do. This is adapted from my answer to the question (Using reflection to change static final File.separatorChar for unit testing). import java.lang.reflect.*; public class EverythingIsTrue { static void setFinalStatic(Field field, Object newValue) throws Exception { field.setAccessible(true); Field modifiersField = Field.class.getDeclaredField("modifiers"); modifiersField.setAccessible(true); modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL); field.set(null, newValue); } public static void main(String args[]) throws Exception { setFinalStatic(Boolean.class.getField("FALSE"), true); System.out.format("Everything is %s", false); // "Everything is true" } } You can do truly outrageous stuff: public class UltimateAnswerToEverything { static Integer[] ultimateAnswer() { Integer[] ret = new Integer[256]; java.util.Arrays.fill(ret, 42); return ret; } public static void main(String args[]) throws Exception { EverythingIsTrue.setFinalStatic( Class.forName("java.lang.Integer$IntegerCache") .getDeclaredField("cache"), ultimateAnswer() ); System.out.format("6 * 9 = %d", 6 * 9); // "6 * 9 = 42" } } Presumably the API designers realize how abusable setAccessible can be, but must have conceded that it has legitimate uses to provide it. So my questions are: What are the truly legitimate uses for setAccessible? Could Java has been designed as to NOT have this need in the first place? What would the negative consequences (if any) of such design be? Can you restrict setAccessible to legitimate uses only? Is it only through SecurityManager? How does it work? Whitelist/blacklist, granularity, etc? Is it common to have to configure it in your applications?

    Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42  | Next Page >