Permalink
Browse files

adding new post

  • Loading branch information...
1 parent 5d7bda6 commit 6da421c19c6665f049cb0982060a5ea17516b817 @edap committed Apr 18, 2012
Showing with 20,036 additions and 10,505 deletions.
  1. +27 −0 _posts/2012-04-13-twitter-bootstrap-and-gmaps.html
  2. +253 −0 _posts/2012-04-18-authorization-and-user-management-in-rails.html
  3. +221 −190 server/2010/03/20/implementare-velocemente-una-newsletter-in-cakephp/index.html
  4. +167 −138 server/2010/03/24/conoscere-la-posizione-di-un-dominio-su-google-per-determinate-keywords/index.html
  5. +165 −136 server/2010/04/03/warning-strtotime-cakephp-1-2-e-php-5-3/index.html
  6. +213 −179 server/2010/04/11/friendly-url-con-cakephp/index.html
  7. +184 −154 server/2010/04/22/upload-immagini-con-resize-automatico-in-cakephp/index.html
  8. +184 −154 server/2010/05/14/fatal-error-call-to-a-member-function-setflash-on-a-non-object/index.html
  9. +169 −140 server/2010/05/24/cakephp-todolist-plugin/index.html
  10. +163 −134 server/2010/07/23/cakephp-paypal-component/index.html
  11. +193 −162 server/2010/07/29/cakephp-facebook-plugin/index.html
  12. +316 −283 server/2010/07/31/come-integrare-twitteranywhere-nellautenticazione-di-cakephp/index.html
  13. +205 −170 server/2010/08/07/ruby-on-rails-tutorial-autenticazione-con-clearance/index.html
  14. +196 −164 server/2010/08/08/ruby-on-rails-creazione-pagine-statiche/index.html
  15. +188 −157 server/2010/08/23/cakephp-salvare-la-data-del-login-ad-ogni-autenticazione/index.html
  16. +204 −171 server/2010/08/23/installare-bedita/index.html
  17. +211 −180 server/2010/11/16/script-per-rimuovere-commenti-da-files-php-ricorsivamente/index.html
  18. +167 −138 server/2010/11/17/cakephp-e-acl/index.html
  19. +229 −194 server/2010/12/09/implementare-security-component-e-ssl-con-cakephp/index.html
  20. +268 −202 server/2010/12/28/cakephp-e-mongodb/index.html
  21. +192 −161 server/2011/01/13/parsing-dei-link-da-un-file-html-con-ruby-e-nokogiri/index.html
  22. +170 −139 server/2011/02/07/debian-spacca/index.html
  23. +172 −141 server/2011/04/19/contare-caratteri-con-umlaut-con-php/index.html
  24. +231 −199 server/2011/05/12/cakephp-check-the-owner/index.html
  25. +166 −122 ...er/2011/05/12/cakephp-email-non-visualizzate-correttemente-in-squirrelmail-o-roundcube/index.html
  26. +177 −148 server/2011/05/14/lxde-cambiare-layout-tastiera/index.html
  27. +182 −152 server/2011/05/19/mp3-file-types/index.html
  28. +199 −167 server/2011/06/26/git-ftp-e-alias/index.html
  29. +177 −145 server/2011/06/26/git-in-locale/index.html
  30. +182 −138 server/2011/07/13/cakephp-submit-form-json-reply/index.html
  31. +180 −150 server/2011/07/18/netbeans-e-phpunit/index.html
  32. +256 −212 server/2011/07/24/ruby-on-rails-devise-authentication/index.html
  33. +181 −149 server/2011/07/24/ruby-on-rails-themes-generator/index.html
  34. +196 −166 server/2011/08/05/wordpress-how-to-get-one-random-image-from-the-gallery/index.html
  35. +173 −143 server/2011/08/15/php-strtoupper-umlauts/index.html
  36. +320 −286 server/2011/09/20/cakephp-2-0-authentication/index.html
  37. +225 −185 server/2011/09/20/git_branch/index.html
  38. +220 −177 server/2011/10/11/jquery-screensaver/index.html
  39. +226 −188 server/2011/10/15/creare-un-fork-da-un-plugin-su-github-e-svilupparlo-come-submodule/index.html
  40. +205 −171 server/2011/11/17/creare-un-admin-area-in-rails3-usando-lautenticazione-scritta-in-devise/index.html
  41. +207 −173 server/2011/12/02/aggiungere-una-action-ad-un-controller-in-rails3/index.html
  42. +203 −171 server/2011/12/09/contare-child-rows-per-un-determinato-record/index.html
  43. +274 −218 ...nstallare-ruby-rvm-ovvero-come-avere-differenti-versioni-di-ruby-sulla-stessa-macchina/index.html
  44. +207 −156 server/2012/03/02/stesso-progetto-in-rails-due-versioni-di-ruby-e-due-gemset-diversi/index.html
  45. +227 −195 server/2012/03/03/cakephp-2-0-comments-spam-datasource/index.html
  46. +217 −179 server/2012/03/12/cakephp-youtube-datasource/index.html
  47. +213 −0 server/2012/03/29/cakephp-youtube-datasource-update/index.html
  48. +1 −0 server/CNAME
  49. +119 −0 server/about.html
  50. +110 −88 server/archive.html
  51. +69 −0 server/assets/themes/the-program/css/native.css
  52. +1,485 −0 server/assets/themes/the-program/css/style.css
  53. +313 −0 server/assets/themes/the-program/css/style.less
  54. BIN server/assets/themes/the-program/font/UbuntuMono-B-webfont.eot
  55. +231 −0 server/assets/themes/the-program/font/UbuntuMono-B-webfont.svg
  56. BIN server/assets/themes/the-program/font/UbuntuMono-B-webfont.ttf
  57. BIN server/assets/themes/the-program/font/UbuntuMono-B-webfont.woff
  58. BIN server/assets/themes/the-program/skin/100-90-5-monochrome.png
  59. +2,062 −1,818 server/atom.xml
  60. +110 −104 server/categories.html
  61. +85 −0 server/demo/deepblu.html
  62. +57 −0 server/demo/index.html
  63. +1 −0 server/demo/list
  64. +48 −0 server/demo/nothing.html
  65. +52 −0 server/demo/nowords.html
  66. +52 −0 server/demo/white.html
  67. BIN server/images/thisisthisis.jpg
  68. +266 −195 server/index.html
  69. +174 −141 server/lessons/2011/12/29/jekyll-introduction/index.html
  70. +364 −0 server/page10/index.html
  71. +258 −0 server/page11/index.html
  72. +262 −0 server/page12/index.html
  73. +346 −0 server/page13/index.html
  74. +205 −0 server/page14/index.html
  75. +223 −0 server/page15/index.html
  76. +199 −0 server/page16/index.html
  77. +638 −0 server/page2/index.html
  78. +283 −0 server/page3/index.html
  79. +355 −0 server/page4/index.html
  80. +357 −0 server/page5/index.html
  81. +292 −0 server/page6/index.html
  82. +237 −0 server/page7/index.html
  83. +204 −0 server/page8/index.html
  84. +252 −0 server/page9/index.html
  85. +177 −75 server/pages.html
  86. +69 −52 server/sitemap.txt
  87. +579 −555 server/tags.html
@@ -0,0 +1,27 @@
+---
+layout: post
+title: "twitter bootstrap and gmaps"
+category:
+tags: [ruby on rails, gmaps4rails, twitter bootstrap]
+---
+{% include JB/setup %}
+
+Im creating a rails app using devise, twitter bootstrap and gmaps4rails. Twitter bootstrap and gmaps need some tricks to work properly.<br>
+<b>1)</b>height 100% doesn't work. You need to use jquery to fix it
+{% highlight javascript %}
+$(window).bind("load resize", function(){
+ var h = $(window).height(),
+ offsetTop = 40;
+ $('#map').css('height', (h - offsetTop));
+});
+{% endhighlight %}
+Note the offset value depends on your css offset. My is defined in the bootstrap_and_overrides.css.less file as follow:
+{% highlight css %}
+body { padding-top: 40px; }
+{% endhighlight css %}
+<b>2)</b>If the gmaps tooltip are not displayed correctly, add this line to your style.css file
+{% highlight css %}
+img {
+ max-width: none;
+}
+{% endhighlight css %}
@@ -0,0 +1,253 @@
+---
+layout: post
+title: Authorization and users management in rails
+published: true
+tags: [rails, devise, cancan, admin]
+type: post
+status: publish
+---
+
+The goal of this tutorial is to realize a rails application with:<br >
+<ul>
+<li>A public area whith register, logout and login functionalities</li>
+<li>An admin area where the admin can delete/insert/update the users and their roles</li>
+<li>The possibility to allowed/denied some parts of the application in relation to the user role</li>
+<li>An internal area for the registered user's, where they are allowed to edit their username and password</li>
+<li>A different redirect after the login, based on the user's role</li>
+</ul>
+The whole code is available on this github <a href ="https://github.com/edap/authuser">repo</a>.<br>
+After creating a new rails application, install <a href="https://github.com/plataformatec/devise">devise</a> and <a href="https://github.com/ryanb/cancan">cancan</a>, add this two lines to your Gemfile
+{% highlight ruby %}
+gem "devise"
+gem "cancan"
+{% endhighlight ruby %}
+Then run 'bundle update'.<br>
+<h2>Setting up devise </h2>
+Install devise in your application with the command 'rails generate devise:install', read carefully the messages for the setup. Follow <a href="http://guides.rubyonrails.org/getting_started.html#hello-rails">the Hello rails paragraph</a> to create a dummy controller and remove the default index page. Now, we have to define a root
+{% highlight ruby %}
+root :to => "home#index"
+{% endhighlight ruby %}
+define a default url option for the "recovery email" in the config/environments/development.rb file(remember to change this value when you are ready to go in production)
+{% highlight ruby %}
+config.action_mailer.default_url_options = { :host => 'localhost:3000' }
+{% endhighlight ruby %}
+Let's create our model to define the users. Try to avoid strange names, "User" is good enough. Then run the migration
+{% highlight ruby %}
+rails generate devise User
+rake db:migrate
+{% endhighlight ruby %}
+Add a username field to your model and generate the views.
+{% highlight ruby %}
+rails g migration AddUsernameToUsers username:string
+rake db:migrate
+rails g devise:views
+{% endhighlight ruby %}
+now add this two lines to your routes.rb file
+{% highlight ruby %}
+devise_for :users, :path_names => {:sign_in => "login", :sign_out => "logout"}
+resources :users
+{% endhighlight ruby %}
+Remember to add the username field to the attr_accessible in your user model. Try to run the command 'rake routes' to see all the new routes created by Devise. in order to display the links "login", "logout" and "register", add these lines to your views/layout/application.html.erb file. Pay attention to the "method post" in the logout button.
+{% highlight erb %}
+<% flash.each do |name, msg| %>
+ <%= content_tag :div, msg, :id => "flash_#{name}" if msg.is_a?(String) %>
+<% end %>
+
+<% if user_signed_in? %>
+ <% #link_to "My Profile", user_root_path%>
+ <%= link_to('Logout', destroy_user_session_path, :method=>'delete') %>
+<%else%>
+{% endhighlight erb %}
+Add your user to the system through the http://0.0.0.0:3000/users/sign_up page. Try to login and logout. If you have problems, check another time this tutorial.
+<h2>You are the admin </h2>
+Let's say that only a logged user can acces to the admin area. First of all, we have to define an admin area. Add this lines to your routes.rb file
+{% highlight ruby %}
+namespace :admin do
+ match '/' => 'users#index'
+ resources :users
+end
+{% endhighlight ruby %}
+Then copy the file app/views/layout/application.html.erb to app/views/layout/admin.html.erb
+Second, we need to create an admin_controller in app/controller/admin
+{% highlight ruby %}
+class Admin::AdminController < ApplicationController
+ layout "admin"
+ before_filter :authenticate_user!
+end
+{% endhighlight ruby %}
+We need also to create an admin/users_controller.rb and the related views in views/admin/users to manage the users. You can find the whole code on the github repo of this example, copy these files from there.<br/> Comment the "#load_and_authorize_resource" lines in the controllers/admin/users_controller.rb file, we are going to see later what this line is used to. Sign in and go to this address: http://0.0.0.0:3000/admin/users. You will see your user and the links to edit/delete it. But if you click on they, you will receive an error, cause we have no roles
+<h2>Add roles to rule the world</h2>
+Generate 2 migrations to add the roles table and set up an HABTM relationship with the user table. Edit the migration like follow, thanks <a href="http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/">Tony Amoyal</a> for your tutorial:
+{% highlight ruby %}
+class CreateRoles < ActiveRecord::Migration
+ def self.up
+ create_table :roles do |t|
+ t.string :name
+ t.timestamps
+ end
+ end
+
+ def self.down
+ drop_table :roles
+ end
+end
+
+class UsersHaveAndBelongToManyRoles < ActiveRecord::Migration
+ def self.up
+ create_table :roles_users, :id => false do |t|
+ t.references :role, :user
+ end
+ end
+
+ def self.down
+ drop_table :roles_users
+ end
+end
+{% endhighlight ruby %}
+Check the presence of these two tables in your db, if you are using sqlite
+{% highlight bash %}
+rails db
+sqlite> .tables
+{% endhighlight bash %}
+Create the Role model and add the HABTM relationship to the user model
+{% highlight ruby %}
+# User Model
+class User < ActiveRecord::Base
+ has_and_belongs_to_many :roles
+....
+# Role model
+class Role < ActiveRecord::Base
+ has_and_belongs_to_many :users
+end
+{% endhighlight ruby %}
+Now add 3 roles in your Roles table using the console.
+{% highlight bash %}
+rails console
+irb(main):001:0> r = Role.new(:name => "Admin")
+irb(main):002:0> r.save
+irb(main):003:0> r = Role.new(:name => "Registered")
+irb(main):004:0> r.save
+irb(main):005:0> r = Role.new(:name => "Robbers")
+irb(main):006:0> r.save
+{% endhighlight bash %}
+add :role_ids to the attr_accesible fields in your user model. Add also the following lines.<br> In the first block we define a method to check the users role, in the second we assign a default role for the users that will register to the website, in this case, the role with id 2, "Registered".
+{% highlight ruby %}
+ before_save :setup_role
+
+ def role?(role)
+ return !!self.roles.find_by_name(role.to_s.camelize)
+ end
+
+ # Default role is "Registered"
+ def setup_role
+ if self.role_ids.empty?
+ self.role_ids = [2]
+ end
+ end
+{% endhighlight ruby %}
+Now login and edit you User, check the Admin checkbox to promote you as admin of your website.
+Then logout and create another user through the sign up form. Login with it and try to access the admin area. Wait a moment, you are now a Registered user, you should not reach the /admin area. What's happen?<br/>
+The problem is that the admin area authentication is performed with devise, that only checks if a user is logged or not. We have to use CanCan to be sure that only the admin can reach the admin area. Generate an ability class and copy it in the models folder, with the name admin_ablity
+{% highlight ruby %}
+rails g cancan:ability
+cp app/models/ability.rb app/models/admin_ability.rb
+{% endhighlight ruby %}
+Edit this class as follow
+{% highlight ruby %}
+class AdminAbility
+ include CanCan::Ability
+ def initialize(user)
+ if user.role? :admin
+ can :manage, :all
+ end
+ end
+end
+{% endhighlight ruby %}
+Edit your app/controller/application_controller.rb to define a method to handle the "Access Denied" exception.
+{% highlight ruby %}
+class ApplicationController < ActionController::Base
+ protect_from_forgery
+
+ rescue_from CanCan::AccessDenied do |exception|
+ redirect_to root_url, :alert => exception.message
+ end
+
+end
+{% endhighlight ruby %}
+Now we have to tell to the controllers/admin/admin_controller file to check the role of this user.
+{% highlight ruby %}
+class Admin::AdminController < ApplicationController
+ layout "admin"
+ before_filter :verify_admin
+ def verify_admin
+ @user = current_user
+ redirect_to root_url unless @user.role? "admin"
+ end
+
+ def current_ability
+ @current_ability ||= AdminAbility.new(current_user)
+ end
+end
+{% endhighlight ruby %}
+Now, if you try to access the admin area with a user that is not an Admin, you will redirect to the root. Only the admin has the ability to visit the admin area, and this ability is defined in the admin_ability class. Now we will define the ability to create a post, only the Registered User are allowed to do it, the Robbers can only read. First of all, create a Robbers user and generate a dummy post controller. Remember to define to define two association in the user and post model. A user HasMany posts, a post BelongTo a user.
+{% highlight ruby %}
+rails generate scaffold Post title:string content:text user_id:integer
+{% endhighlight ruby %}
+Now open the model/ability.rb class and write this lines. We will see later what the Profile stand for
+{% highlight ruby %}
+class Ability
+ include CanCan::Ability
+
+ def initialize(user)
+ user ||= User.new # guest user
+ if user.role? :admin
+ can :manage, :all
+ elsif user.role? :registered
+ can :manage, Post do |post|
+ post.try(:owner) == user
+ end
+ else
+ can :read, :all
+ end
+ end
+end
+{% endhighlight ruby %}
+Now login as a robbers and try to create a Post. Yes, you can do it. To avoid this, you'll need to add this line at the beginning of the post controller
+{% highlight ruby %}
+class PostsController < ApplicationController
+ load_and_authorize_resource
+{% endhighlight ruby %}
+<h2>Edit my profile</h2>
+Now we want to allow every user (yes, also the robbers) to edit their username and password. In this case, I will create the profile controller with only one action (dashboard) 'cause i find it useful, and it is pretty a standard in every application. maybe in the future you will add more action to this controller, like a public profile action, or something similar. But to edit the user, i will use the devise logic. We have to create the Profile controller and the dashboard profile view. Copy the profile stuff from the github repo.
+Now, we have to edit the route file to inform rails about the profiles controller and to define an admin_root and a user_root, that will be used in the profile_controller.
+{% highlight ruby %}
+Authuser::Application.routes.draw do
+ root :to => "home#index"
+ match '/profiles/dashboard' => 'profiles#dashboard', :as => :user_root
+ match '/admin/users' => 'admin/users#index', :as => :admin_root
+
+ devise_for :users, :path_names => {:sign_in => "login", :sign_out => "logout"}
+ resources :users
+
+ resources :profiles, :only => [:dashboard]
+
+ namespace :admin do
+ match '/' => 'users#index'
+ resources :users
+ end
+
+ resources :posts
+end
+{% endhighlight ruby %}
+Change your application layout and add a "my profile link"
+{% highlight erb %}
+<% if user_signed_in? %>
+ <%= link_to "My Profile", user_root_path%>
+ <%= link_to('Logout', destroy_user_session_path, :method=>'delete') %>
+<%else%>
+ <%= link_to('Login', new_user_session_path) %>
+ <%= link_to('Register', new_user_registration_path) %>
+<%end%>
+{% endhighlight erb %}
+Now, if you log as an admin you will redirect to /admin/users, if you login as Robbers or Registered user you will redirect to the dashboard. The method is rough, and I don't like it, but it works. Check it in the profiles controller.
+
Oops, something went wrong.

0 comments on commit 6da421c

Please sign in to comment.