Hello -
Why does a view including the following fragment:
<% for column in User.content_columns %>
<td><%=h user.send(column.name) %></td>
<% end %>
and the User model having the following defined:
def method_missing(meth_id, *args, &blk)
meth_name=meth_id.id2name
puts("Calling: #{meth_name}")
super
end
only result in the following output of one method call when there are
several columns/attributes in the users table:
Calling: nameOn 2/11/07, Aakash C. [email protected] wrote:
def method_missing(meth_id, *args, &blk) meth_name=meth_id.id2name puts("Calling: #{meth_name}") super endonly result in the following output of one method call when there are
several columns/attributes in the users table:Calling: name
Hi Aakash,
ActiveRecord::Base defines read methods lazily. That is, until you
call a method to read an attribute, the method won’t exist. Call a
method to read an attribute, and it’ll hit AR::B’s method_missing
hook, which defines all the read methods, and hence, subsequent calls
to read methods won’t trigger method_missing. You can witness the
effect in script/console:
Thing.instance_methods(false)
=> []
Thing.new.name
=> nil
Thing.instance_methods(false)
=> [“id?”, “name?”, “name”, “value”, “value?”]
I’m not sure what you’re trying to do, but if you explain it, someone
might be able to find something that works. 
(Assuming this is a
problem for you.)
Regards,
George.
George O. wrote:
.
.
I’m not sure what you’re trying to do, but if you explain it, someone
might be able to find something that works.(Assuming this is a
problem for you.)Regards,
George.
Hey George - Thanks for the quick response.
I’d like intercept all method calls to my models accessing an attribute
in order to implement an attribute level authorization scheme - similar
to the J2EE analog which is a pain but works (specified in ejb-jar.xml).
I think I found a way to configure rails to not generate the ENTIRE
method list lazily - but the implication is that I’ll loose on
performance:
config.active_record.generate_read_methods = false (instead of the
default value of true)
Anyone got any Ideas?
Regards,
Aakash
On 2/11/07, AC CE [email protected] wrote:
config.active_record.generate_read_methods = false (instead of the
default value of true)Anyone got any Ideas?
Have you looked around at the existing model-level authentication
plugins? I think some do attribute-level authorization. e.g., [1].
If that doesn’t fly for you, I’m not sure what the best way to do this
is. Once you’ve generated the read methods, they’re available via
ModelName.read_methods. Perhaps you can override these. I don’t
think that’s particularly watertight, though. #read_attribute, for
example seems to pull things directly out of the @attributes hash
inside the active record instances directly rather than going through
the read methods. Perhaps you could hook into the #[] method on this
hash, but that’s getting pretty nasty!
class ActiveRecord::Base
def initialize_with_authorization_check(*args)
initialize_without_authorization_check(*args) do |*args|
class << @attributes
def
# … authorization check …
super
end
def []=(name, value)
# … authorization check …
super
end
end
yield(*args) if block_given?
end
end
alias initialize_without_authorization_check initialize
alias initialize initialize_with_authorization_check
end
(Totally untested.)
[1] http://perens.com/FreeSoftware/ModelSecurity/
George.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs