Through Voidness

Thursday, February 9, 2017

Rails 5 web console and Docker dev env.

If you use Rails 5 along docker for your development environment you may have seen something like this within your logs :

Cannot render console from 172.17.0.x! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255

To allow your current docker network to access the web console you should add some discovery logic within your config/environments/development.rb file.

 
require 'socket'
require 'ipaddr'

config.web_console.whitelisted_ips = Socket.ip_address_list.reduce([]) do |res, addrinfo|
  addrinfo.ipv4? ? res << IPAddr.new(addrinfo.ip_address).mask(24) : res
end

Wednesday, February 18, 2015

DIY Infrared Head Tracking

I just built my own Head tracking device, it works like a charm, even with high luminosity on the white wall behind me !

Here is the path i followed :

Will use 3 point tracking since it gives good performances and low latency.
Will use infrared lights spots ( to be able to track in daylight )
Will use my webcam with IR filters to track spots.
Will use FaceTrackNoIR as it provides most usefull protocols.

Bills of materials

3 x OSRAM - LD271 - IR 5MM 950N
1 x 5.6 ohm 1/4W Resistor ( Green Blue Gold)
1 x USB cable
1 x USB > AC Converter ( Optional )

Electric Array

The electric array will look like this :

    +----|>|----|>|----|>|---/\/\/----+  R = 5.6 ohms

Weld in series the LED and the Resistor.
Then weld circuit to USB cable.

3 points home made head clip

You need a chassis to mount led, It should be an 'L' shape. See picture below.

I used a thin metal bar that I forged to my own taste.

IR Receiver

Next IR receiver: I used a Webcam with 5 pieces of negative photograpric film as IR filter. ( More film allow better filtering )

Result

I've mounted the whole on my headset , that's all, a full functionnal head tracking device < 10 €

Next I'll build my DIY Virtual Reality headset …

Monday, August 4, 2014

Rmagick and Archlinux imagemagick HDRI enabled package.

Earlier versions of Rmagick will not compile with newer version of imagemagick with --enable-hdri compilaton flag.

The first recommandation would be to upgrade your library to the newest version (=< 2.13.3), but for some reasons sometime it is not possible yet.

If you are Archlinux user you'll probably end with an error message like :

Can't install RMagick 2.13.2.
RMagick does not work when ImageMagick is configured for High Dynamic Range Images.
Don't use the --enable-hdri option when configuring ImageMagick.

If you google a bit, you'll find the imagemagick-no-hdri AUR package.

Unfortunately is does not seem up to date.

I've tweak the PKGBUILD in order to bring a newer version of imagemagick-no-hdri

Installation :

Remove the base package :

sudo pacman -Rdd imagemagick

Download and build my no-hdri version :

wget https://raw.githubusercontent.com/Electron-libre/imagemagick-no-hdri/master/PKGBUILD

makepkg

Install the package :

sudo packman -U imagemagick-no-hdri-6.8.9.6-1-x86_64.pkg.tar.xz

Edit : I've made an Aurball, the new package is now available on AUR

Thursday, June 19, 2014

OpenERP xmlrpc API for Ruby : Bintje

Few month ago, I released Bintje, a minimal interface to OpenERP's xmlrpc API:

It is available on github, as a ruby gem, and can be included in the ruby class of your choice ( as a Rails model for example ).

It still an early version, but is usable in production.

Why Bintje ?

So why it is named Bintje ? Because it is part of a bigger piece of architecture called "Barakafrites" which in french means this :

Yes, they sell "french fries".
Bintje is potato variety used for french fries (And have it's own dedicated character).

Now you clearly understand why this project is called Bintje ... ( Just kidding ... )

Using Bintje

First it needs OpenERP / OpenObject backend address, an example setup :

	## It is up to you to define how you load config ( initilizer , config object, yaml file ... )
	## Bintje supports the options below ( but common and object are pointless now ... )

	OpenObject.host = 'localhost'
	OpenObject.port = '8069'
	OpenObject.common = '/xmlrpc/common'
	OpenObject.object = '/xmlrpc/object'
	OpenObject.logger = Logger.new(File::NULL)

view raw bintje_config.rb hosted with ❤ by GitHub

Then create a Ruby Class, it could be Rails model if you want :

	class OpenObject::Partner
	include OpenObjectModel
	set_open_object_model 'res.partner'

	## Where user context is the trinity : {uid: Int , dbname: String , pwd: String}
	def my_custom_method(user_context)
	OpenObject.rescue_xmlrpc_fault do
	response = self.class.connection(user_context).execute(self.class.open_object_model, 'remoteOpenObjectMethod', self.id.to_i)
	OpenObject::BackendResponse.new(success: true, content: response)
	end
	end

	end

view raw partner.rb hosted with ❤ by GitHub

This class inherits the CRUD basic methods, and have an example of custom method declaration.
You first need to include the module, once done your class will inherit module's class methods ( see documentation ), and gain the `open_object_model` class variable which is inferred from your ruby object name, but can be overriden as you can see in this gist above. And now you can query the OpenObject Backend and obtain a BackendResponse Object ( see documentation )

	## Search for a partner:
	resps = Partner.search({uid: 3, dbname: "example", pwd: "example_pwd"}, [["name", "=", "The World Compagny"]

	if resps.success
	puts resps.content
	else puts resps.errors

	## Create a partner ...
	Partner.create({uid: 3, dbname: "example", pwd: "example_pwd"},{name:"Through Voidness ..."})

view raw bintje_query.rb hosted with ❤ by GitHub

Yes it is so simple ... To get more methods, have a look to the documentation : http://rdoc.info/github/Electron-libre/bintje The behaviour specifications extracted from Rspec tests : https://github.com/Electron-libre/bintje/wiki

Tuesday, December 3, 2013

Accessing AngularJs Scope from your browser console.

Times to times, one needs to interact with AngularJs at runtime. ( for debugging purpose ... )

My Teamates frequently ask me how do I ... check this directive isolated scope structure for example ...

I think the simple answer is :

Select the directive's element for inspection in your debugger. In console you can select it using chrome's helper : $0 , which is the current selected element.
And then :

angular.element($0).scope();

Wednesday, October 16, 2013

Advanced Rails 4 Authorization with Pundit.

Here is a good illustration of the underlying power of Voidness...

Pundit is a realy simple Ruby Gem, that does nothing more that you could have done yourself. Here is the power !

When updating to Rails 4 in it's early days, you had no compliant authorization solutions.
Ryan Bates's Cancan was the most used due to it's flexibility and simplicity, but it is not Rails 4 compliant, and brings too much magic for me.
But is there something more flexible and simple than the Void ? ( OK, ... I stop with VoidMadness ... )

For one of my current job, I started to build a software that needs flexible right management. ( And also a People relations graph, but this is for another post ).
The requirement are :
* Fined grained activities( or action ) access control
* Fields read / write access control
* Flexible Role based system that allow role inheritance

In this article I'll address only the first requirement, the second will be explained in the next article, while the last one does not need to be since it is obvious.

Let introduce the base models

It is a basic pattern. I don't need to explain it. User can have many Roles and Role may be filled by many Users.
For each Role, I want to allow some activities. (IE: For accountant : create bill, update payment. For Team Manager : Plan Task for a member of his/her Team )

About Pundit

Pundit set some helpers to :
* Check Policy for a given user on a given object( it is not restricted to ActiveRecord::Base instances ).
* Describe Policy in Ruby Class
* Enforce use of Policy in your controllers
* Bring syntactic sugar in you Rspec tests.

I recommend you to read Pundit's README.md before going further, since I won't explain what is already explained there.

The Activities

If found an interesting post from Derick Bailey about authorization patterns, putting words on some of my thoughts. Reading this is not required to go further, but I recommend to.

The activities is not a finite collection. In fact, from my point of view, activities are defined by the following set : All methods directly exposed to user except.

In the Ruby On Rails world as in many MVC frameworks, this mean all the methods available on controllers. (Authentication Activities is a Subset of this set, that has particularity to be allowed to all users.)

I do not want to have a collection of activities to maintain. I do not want to reify them through an Postgres table or a flat file.
I want that default behavior is to deny. This behavior should be overridden if you have the appropriate role.

Since I'am building a REST API, I want to scope each activity on his resource.

Example:
The Person resource expose through API it's CRUD methods (We will not use HTTP verbs to authorized. I do not find clever to bind Authorization on the Transfer Protocol ).

I see Person activities as the following set :

person:create
person:update
person:delete
person:show
person:index
...

The pattern is dead simple and interpolate as #{resource}:#{activity}

With all those postulates, I decided to store activities on Role through the Postgres Array Type. It will be an array of strings.

	class CreateRoles < ActiveRecord::Migration
	def change
	create_table :roles do \|t\|
	t.string :activities, array: true, length: 30, using: 'gin', default: '{}'
	t.timestamps
	end
	end
	end

	##
	# You can use it since ActiveRecord 4
	#
	# 'array: true' is the arryfication
	# 'length : 30' applies to the string in array
	# 'using: "gin"' is the index strategy for faster lookup and slower writes see: http://www.postgresql.org/docs/9.1/static/textsearch-indexes.html
	# 'default: "{}"' is the default value ( same as [] )
	#
	# [2] pry(main)> r = Role.last
	# Role Load (0.7ms) SELECT "roles".* FROM "roles" ORDER BY "roles"."id" DESC LIMIT 1
	# => #<Role id: 2, activities: ["person:show"], created_at: "2013-10-15 13:21:06", updated_at: "2013-10-15 13:21:06">
	#
	# [17] pry(main)> r.activities += %w(person:delete person:update)
	# => ["person:show", "person:delete", "person:update"]
	# [18] pry(main)> r.save
	# (0.3ms) BEGIN
	# SQL (4.1ms) UPDATE "roles" SET "activities" = $1, "updated_at" = $2 WHERE "roles"."id" = 2 [["activities", ["person:show", # "person:delete", "person:update"]], ["updated_at", Wed, 16 Oct 2013 13:12:12 UTC +00:00]]
	# (2.3ms) COMMIT
	# => true
	#
	# [25] pry(main)> r.activities = r.activities[0,2]
	# => ["person:show", "person:delete"]
	# [26] pry(main)> r.save
	# (0.4ms) BEGIN
	# SQL (0.8ms) UPDATE "roles" SET "activities" = $1, "updated_at" = $2 WHERE "roles"."id" = 2 [["activities", ["person:show", # "person:delete"]], ["updated_at", Wed, 16 Oct 2013 13:16:01 UTC +00:00]]
	# (8.0ms) COMMIT
	# => true
	#

view raw postgres_array_rails_migration.rb hosted with ❤ by GitHub

Meta-programming Right Management

Then I just had to teach Pundit the way I wan't it to authorize activities :

	class ApplicationController < ActionController::Base

	# Includes Authorization mechanism
	include Pundit

	# Prevent CSRF attacks by raising an exception.
	# For APIs, you may want to use :null_session instead.
	protect_from_forgery with: :exception

	# Globally rescue Authorization Errors in controller.
	# Returning 403 Forbidden if permission is denied
	rescue_from Pundit::NotAuthorizedError, with: :permission_denied

	# Enforces access right checks for individuals resources
	after_filter :verify_authorized, :except => :index

	# Enforces access right checks for collections
	after_filter :verify_policy_scoped, :only => :index


	private

	def permission_denied
	head 403
	end

	end

view raw application_controller.rb hosted with ❤ by GitHub

	class PersonPolicy < ApplicationPolicy

	class Scope < Struct.new(:user, :scope)
	def resolve
	scope
	end
	end
	end

view raw person_policy.rb hosted with ❤ by GitHub

	class ApplicationPolicy
	attr_reader :user, :record

	def initialize(user, record)
	@user = user
	@record = record
	end

	def user_activities
	@user.roles.select(:activities).distinct.map(&:activities).flatten
	end

	def inferred_activity(method)
	"#{@record.class.name.downcase}:#{method.to_s}"
	end

	def method_missing(name,*args)
	if name.to_s.last == '?'
	user_activities.include?(inferred_activity(name.to_s.gsub('?','')))
	else
	super
	end
	end


	def scope
	Pundit.policy_scope!(user, record.class)
	end
	end

view raw pundit_metaprograming_acces_rights.rb hosted with ❤ by GitHub

This may need some explanations :
This is the ApplicationPolicy, it will be inherited by each resource, allowing to extend/ override Policies by resources.

I replaced the bulk Pundits question marked CRUD methods with some meta-programming to avoid code duplication, and tedious declarations.

Line 9 : It recovers allowed activities for the current user.

Line 13 : The current activity against which we authorize is inferred from the object's class name ( the word record is used but i plan to change this, since record mean database record for me, but it could be any object ).

Line 17 : The (in)famous Ruby's method missing !
Any unknown method ending with a question mark in the current scope will be interpreted as a check access right for this activity method.
Each time we want to check access right for an activity, it will lookup the allowed activities for the current user roles ...

This is the way the most of work is done, with a few ruby lines of code.
To manage rights, all we need is to add the activity to user role, what could be more simple ?

The person resource

Since all the work is done by the ApplicationPolicy class, the PersonPolicy class is just there to include and override behaviors.

The application Controller

Nothing extravagant here. Just read comments. Note that when the right are insufficient, It just return a 403 HTTP Header, it is enough for a REST API and is the way I understand the RFC 2616.

The Rspec Tests. ( Behaviour Driven ? )

Just to show how it works and as proof , this is a dumb spec/test for the dumb person example.

	require 'spec_helper'

	describe PersonPolicy do
	subject { PersonPolicy }

	let(:person) { create(:person) }
	let(:user) { create(:valid_user) }

	context 'given user\'s role activities' do

	permissions :create? do
	context 'without person:create' do
	before(:each) { user.roles << create(:role, activities: %w(person:show)) }

	it 'denies' do
	should_not permit(user, person)
	end

	end

	context 'with person:create' do
	before(:each) { user.roles << create(:role, activities: %w(person:create person:show)) }

	it 'allow' do
	should permit(user, person)
	end

	end
	end

	permissions :update? do

	context 'without person:update role activity' do
	before(:each) { user.roles << create(:role, activities: %w(person:show)) }

	it 'denies' do
	should_not permit(user, person)
	end

	end

	context 'with person:update' do
	before(:each) { user.roles << create(:role, activities: %w(person:update)) }
	it 'allow' do
	should permit(user, person)
	end
	end

	end
	end


	end