ruby on rails - User Authorization with CanCan: NoMethodError -

-

im using cancan authorization in app. have of each users information stored @ /users/2 or users/3 or /users/4 , on.

my problem when user logs in can amend url , see other users sensitive content. how can use cancan prevent user (say users/2) seeing (users/3) ?

when add "load_and_authorize_resource" users controller following error:

nomethoderror in userscontroller#show  undefined method `user_id' #<user:0x007fee61e90b90>

models

class ability   include cancan::ability    def initialize(user)     user ||= user.new # guest user (not logged in)     if user.has_role? :admin       can :manage, :all       can :access, :rails_admin       can :dashboard      else       can :manage, user, :user_id => user.id     end

controllers

  class applicationcontroller < actioncontroller::base       protect_from_forgery        rescue_from cancan::accessdenied |exception|         redirect_to root_path, :alert => exception.message       end   class userscontroller < applicationcontroller   before_filter :authenticate_user!   load_and_authorize_resource     def show     @user = user.find(params[:id])     @date = params[:month] ? date.parse("#{params[:month]}-01") : date.today     @occasions = @user.occasions.page(params[:page]).per(5)   end

have tried put load_and_authorize_resource @ top of userscontroller?


Comments

Post a Comment

Popular posts from this blog

c# - SVN Error : "svnadmin: E205000: Too many arguments" -

-
i trying reposotries using c# code process svncommand = null; var psi = new processstartinfo("svnadmin"); psi.redirectstandardoutput = true; psi.redirectstandarderror = true; psi.useshellexecute = false; psi.arguments= @"dump c:\repositories\myrepo > c:\temp\myrepodumpfile.dump"; using (svncommand = process.start(psi)) { var myoutput = svncommand.standardoutput; var myerror = svncommand.standarderror; debug.write("output :" + environment.newline + environment.newline + myoutput.readtoend() + environment.newline + "error :" + environment.newline + environment.newline + myerror.readtoend()); svncommand.close(); } when use dump command commandline svnadmin dump c:\repositories\myrepo > c:\temp\myrepodumpfile.dump it works fine when try ...
Read more

c++ - Using OpenSSL in a multi-threaded application -

-
i have been writing soap client application in c++ on ubuntu using openssl https transport , pthreads threading. have number of threads - 1 central data acquisition thread periodically gets worker threads make soap requests via shared mutex protected queues. reading documentation openssl found is openssl thread-safe? in openssl faq describes mechanisms required ensure thread safety when using openssl. implemented , works fine. the reason question conceptual difficulty really. thinking implementing same functionality application has already, instead of using threads, create 2 seperate applications : 1 worker thread (of multiple copies running) , main data acquisition thread. use tcp sockets communicate between 2 rather mutex protected queues. may bad idea not important - confusing me would have implement same functions required ensure openssl thread safety in second approach or not? my guess not have , treated independent (indeed surely must many applications use openssl) re...
Read more

All overlapping substrings matching a java regex -

-
is there api method returns (possibly overlapping) substrings match regular expression? for example, have text string: string t = 04/31 412-555-1235; , , have pattern: pattern p = new pattern("\\d\\d+"); matches strings of 2 or more characters. the matches are: 04, 31, 412, 555, 1235. how overlapping matches? i want code return: 04, 31, 41, 412, 12, 55, 555, 55, 12, 123, 1235, 23, 235, 35. theoretically should possible -- there obvious o(n^2) algorithm enumerates , checks substrings against pattern. edit rather enumerating substrings, safer use region(int start, int end) method in matcher . checking pattern against separate, extracted substring might change result of match (e.g. if there non-capturing group or word boundary check @ start/end of pattern). edit 2 actually, it's unclear whether region() expect zero-width matches. specification vague, , experiments yield disappointing results. for example: string line = "xx90xx"; strin...
Read more