| if Rails.env.production? | |
| require 'fileutils' | |
| FileUtils.mkdir_p(Rails.root.join("tmp", "stylesheets", "admin")) | |
| template_path_one = "#{Gem.loaded_specs['activeadmin'].full_gem_path}/app/assets/stylesheets" | |
| template_path_two = "#{Gem.loaded_specs['activeadmin'].full_gem_path}/lib/active_admin/sass" | |
| old_compile_path = "#{Rails.root}/public/stylesheets/admin" | |
| new_compile_path = "#{Rails.root}/tmp/stylesheets/admin" | |
| Sass::Plugin::remove_template_location template_path_one |
| # based on http://freelancing-gods.com/posts/versioning_your_ap_is | |
| # curl -H "Accept: vnd.myapp+json; version=2" | |
| class ApiVersion | |
| def initialize(version) | |
| @version = version | |
| end | |
| def matches?(request) | |
| versioned_accept_header?(request) || @version == 1 | |
| end |
| class FooController < ApplicationController | |
| before_filter :user_required! | |
| before_filter :admin_required!, :only => [:secret] | |
| def not_secret | |
| end | |
| def secret | |
| end | |
| end |
This post outlines three common web security vulnerabilities with specific examples in Rails. For a more complete list, I highly recommend the OWASP Rails security cheatsheet.
A cross-site scripting attack is when malicious scripts are injected into a web site in order to compromise it.
For example, let's say we want to allow html tags such as <strong> in our blog comments, so we render raw output using the Rails method #html_safe:
| if node[:name] && node[:name].downcase =~ /resque/ | |
| collectd do | |
| load :warning => 20, :failure => 30 | |
| end | |
| end | |
| if node[:name] && node[:name].downcase =~ /cron/ | |
| collectd do | |
| load :warning => 15, :failure => 20 | |
| end |
| <!DOCTYPE html> | |
| <html ng-app="App"> | |
| <head> | |
| <meta name="description" content="AngularJS + jQuery UI Drag-n-Drop" /> | |
| <script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script> | |
| <script src="http://cdnjs.cloudflare.com/ajax/libs/angular.js/1.0.1/angular.min.js"></script> | |
| <link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1/themes/base/jquery-ui.css" rel="stylesheet" type="text/css" /> | |
| <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.1.1/css/bootstrap.min.css" rel="stylesheet"> | |
| <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1/jquery-ui.min.js"></script> | |
| <meta charset=utf-8 /> |
| namespace :deploy do | |
| namespace :sidekiq do | |
| desc 'Replace upstart config for sidekiq-workers' | |
| task :upstart_config do | |
| data = %Q{ | |
| start on runlevel [2345] | |
| stop on runlevel [!2345] | |
| respawn | |
| exec su - #{user} -c 'cd #{release_path}; export RAILS_ENV=#{stage}; bundle exec sidekiq -q default,1 -c 4 -pid #{release_path}/tmp/pids/sidekiq.pid >> #{release_path}/log/sidekiq.log 2>&1' |
| # db/migrate/20111218135715_globalize_models.rb | |
| class GlobalizeModels < ActiveRecord::Migration | |
| def up | |
| NewsItem.create_translation_table!( | |
| {:title => :string, :body => :text}, | |
| {:migrate_data => true} | |
| ) | |
| end |
I have a project where I need translated content. Therefore I use globalize3, wich stores its translated attributes in a seperate table that belongs to the original model. And I use RailsAdmin for painless record management.
It took me some time to figure out how to get those working together, but eventually I found a solution that is non invasive and still ok to work with.
In my case there is a Snippet class. It holds content for static pages or text passages on the website. There is a good README for globalize3 for installation instructions and documentation.
| @PageSpinner = | |
| spin: (ms=500)-> | |
| @spinner = setTimeout( (=> @add_spinner()), ms) | |
| $(document).on 'page:change', => | |
| @remove_spinner() | |
| spinner_html: ' | |
| <div class="modal hide fade" id="page-spinner"> | |
| <div class="modal-head card-title">Please Wait...</div> | |
| <div class="modal-body card-body"> | |
| <i class="icon-spinner icon-spin icon-2x"></i> |
