I have YITH Membership + Subscription plugins together, and shop has virtual downloadable products. When Membership / Subscription is active and user has access to a single product, then on a single product page is widget with available downloads – for free or for credits.
How to check if user has access to a single product? It doesn’t matter if can download or not, just if subscription / membership for a product is active. I couldn’t find any solution. I found only this function bellow, but even if I passed proper user ID and product ID to it, this “subscriptions” array is empty, so it says “no active subscriptions” and it’s not truth. I use this code in functions.php
Subscription or membership can be checked, as they both together can be active or not.
https://erlycoder.com/how-to-check-active-subscription-using-yith-woocommerce-subscription/
I added function „CheckStatus” to functions.php and checked if product_id and user_id have values, but subscriptions array is still empty.
Related
The Salesforce (Actions) destination in Segment allows one to map Accounts and also Contacts. I'm using this for upserts upon receipt of an identify call.
Their documentation says, that for a contact to be associated with an account, the account ID must be provided.
The ID of the account that this contact is associated with. This is the Salesforce-generated ID assigned to the account during creation (i.e. 0018c00002CDThnAAH).
Fair enough, but the account is created by Segment using another mapping from the same identify. So how can I get the newly created account ID from that step to include in the Account ID field of the contact mapping triggered by the same identify?
The account ID is required to map the new contact to an existing account. But the account ID doesn't exist except as created by another mapping, which isn't made available as a variable in the current context.
Account ID field customer mapping
Simply, how can a single identify event - not having a pre-existing account ID - trigger the creation of both a new account and a related contact using the Segment Salesforce (Actions) destination?
I've tried configuring the mappings in different orders to see if Segment could just recognize that it was itself creating the new account ID. I would expect that at some point the ID it's creating, which I can see in testing, is made available to the other mappings, but that doesn't seem to be the case.
Segment support says it’s not possible to create a new account and a new related contact at the same time from a single Identify.
The account ID needs to be Included in the identify to create a contact related to the account being created. But the account ID doesn’t exist before Segment creates the account, so can't be included in the Identify.
Very frustrating.
We use Azure Active Directory(OpenId and OAuth2) for authorization and authentication needs.
We also would like to keep users' profiles in one of our microservices, let's name this service "User Preferences".
The service will store many specific fields required only for one of our products and it is why we don't want to store them in Active Directory(custom fields).
Having all of this, we are searching for the best Azure AD field we can use to connect user's profile to Active Directory account.
There're several candidates:
UPN - in some cases JWT doesn't contain it
ObjectId - always available, but not read-friendly and unique in multi tenant structure
Unique Name - should be used only to display it on UI(recommended by Azure)
Could you please recommend the best field for our case?
Compiling my comments as an answer:
Object id or name identifier (sub claim) are the only immutable fields you can choose from. Using the UPN is dangerous as it can be changed.
Object id is unique across directories, though if you support multiple tenants you should store the tenant id (tid) as well.
UPN can change when an admin changes it.
And also, if a user is invited as a guest to other AAD tenants, they'll have an object id per directory, it won't be the same.
As you can see my question above, I was wondering if it is possible to retrieve the assigned groups of an Azure Active Directory (AAD) based user via Microsoft GraphAPI.
My situation is, that I have an ASP.NET MVC project with Microsoft Azure enabled. My goal is, that an Azure user can login on my website with it's Azure account.
The idea is, that an azure user is an admin or an user (depending on the azure groups) and depending of this role group, the user can view more or less of my webpage.
For example:
When Peter logs in with his azure account on my webpage, he should only be able to see:
Add new Document
Edit Document
Remove Document
because he is only assigned as "User" in Azure Active Directory.
But when Sabrina logs in with her azure account on my webpage, then she should be able to do the same as Peter, but she also can see:
Manage Products
Add new customer
etc.
because she is been assigned as an admin in Azure Active Directory.
My problem is, that I did not find out how I retrieve the assigned group of an user with Microsoft GraphAPI. The part, which user can see or not after I got the roles is not a big deal.
I already tried this API call:
https://graph.microsoft.com/v1.0/me/
But it seems, that the response of this call does not include the actual assigned group of that user.
Do you think it is possible to retrieve the assigned group of an azure user? Is this even possible? Or do I have to do something else to retrieve these information?
I hope you understand my point and I am also looking forward for any response. Thanks in advance!
Add /memberOf to the URL to receive the groups a user is member of.
https://graph.microsoft.com/v1.0/me/memberOf
Here's a link to the specific graph api - https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups
Take a look at this sample application on Github. It does something very similar with a task tracker application, where different users are able to perform different actions based on the group they belong to -
https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims/blob/master/README.md
Also, in cases where a user is a member of too many groups, you get back an overage indicator and have to make a separate call to get all groups. Read about “hasgroups” and “groups:src1” claims here - https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-id-and-access-tokens
According to your system architecture, if some user has too many joined groups, the API https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_getmembergroups will return too many groups.
But if the groups with permissions in your system are not too much, you can use this API: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_checkmembergroups to check if the current user is the member of specified groups.
It is not good idea to use this API: https://graph.microsoft.com/v1.0/me/memberOf. Because it returns only the groups that the user is a direct member of, but security group can be member of security group.
We are using Google for corporate since last 5 years. There have been many dozens google groups created by different site/business division/local administrators. Now we need to know, for each employee, which all groups he is a part of. Does google provide any API to fetch this details ?
Yes. The Directory API has a function to Retrieve all groups for a domain or the account. Here's a part in the docs that I think is what you are specifically aiming for:
All groups for the account — Use the customer argument with either my_customer or the account's customerId value. As an account administrator, use the string my_customer to represent your account's customerId. If you are a reseller accessing a resold customer's account, use the resold account's customerId. For the customerId value use the account's primary domain name in the Retrieve all users in a domain operation's request. The resulting response has the customerId value.
This is Windows Azure Resource Provider SDK. I've tried to read about concepts and can't definitely understand whether it allows me to do what I want.
I have a web service that is hosted in Windows Azure. Users get a userid-password pair, pay for the service via PayPal and then they can make web requests to a designated URL providing their userid-password pairs and the service will deduct funds based on number of their requests. When they pay via PayPal they buy "right to make N requests" - their balance inside the service is increased by the "number of requests" they paid for. So it's a pay-per-usage-volume service.
Now I want to expose my service to the Azure Store using the Resource Provider SDK charging people for the number of requests they make to my service.
The concepts document says
The user then creates a Subscription. A Subscription is a named entity e.g. 3-month Free Trial or MyApp Production. You can view your own Subscriptions on the Account Portal.
Next, the user creates one or more Resources such as a Website or Virtual Machine. Website and Virtual Machine are two different ResourceTypes. Each Resource is deployed under exactly one Subscription.
The subscription part is more or less clear. What about Resource objects? I mean the description continues "such as a Web Site or Virtual Machine" but what I want to offer is not a site and not a VM, it's a right to queue a certain number of requests to my service URL.
Either I don't get something simple or the Azure Resource Provider SDK is just not what I can use.
How do I expose my pay-per-usage-volume service to Azure Store using Azure Resource Provider SDK?
All the confusion is because how the documentation is worded. It says
The user then creates a Subscription. A Subscription is a named entity e.g. 3-month Free Trial or MyApp Production.
This is partially true. The user indeed creates a subscription but that typically happens long before he makes his first purchase from Azure Store. Subscriptions are Azure thing, they are not specific to Azure Store. What the RP sees is the subscription id (currently in form of GUID string representation) and by the subscription id the RP can distinguish between purchases made by different users.
Then goes this
Next, the user creates one or more Resources such as a Website or Virtual Machine. Website and Virtual Machine are two different ResourceTypes. Each Resource is deployed under exactly one Subscription.
This is just very far from true.
The user chooses an "offering" from Azure Store showcase (basically a list of available services), then he selects a "plan" (which is a "you pay X money and get Y of the service" type of offer, X is zero for free plans) and he chooses a "resource name". The "resource name" is up to the user - he chooses it.
The "resource type" is a unique symbolic identifier for the "offering" which must be unique across the entire Azure Store and is chosen by the RP designer. So examples like "Websites" or "Virtual machines" are both very bad and useless - in fact you'll want to have a "resource type" like CompanyXMalingService so that when someone else wants to offer a "mailing service" he could offer CompanyYMailingService and when you yourself want to offer a "telephony service" you can use CompanyXTelephonyService and not collide with others.
Now if you offer something with "N requests per period" billing model you only can have "one month" as a period, so it can only be "N requests per month", nothing else. Suppose your offering "resource type" is CompanyXCoolRequests.
The model is then as follows: user clicks on your offering, selects a plan (for example, 1000 requests per month) and clicks through until he is billed. Meanwhile the store will send a request to your RP saying that there was a purchase for subscription with a certain id of resource of type CompanyXCoolRequests and with some resource name, the plan identifier will be inside the request. Your RP creates an account inside your service and debits the number of requests there, it has to provide the user id and password (or whatever stuff is needed to use your service) - either as "output items" which are displayed when the user clicks "Connection info" button or via the service page where the user is redirected when he clicks the "Manage" button.
Now there're the following options. Either just nothing happens for years and then it means the user purchase is active and he is billed every month, the month starts att he date he made a purchase and lasts till the same date of the next month. You have to provide him with 1000 requests every month. You have to decide what to do with the leftover balance (like the month is ending and he only used 800 requests) and what to do when he uses everything up before the new month starts. The user can also "delete" your offering from his subscription - he will no longer be billed ad the store will send a request to your RP and you have to delete or block the account you created earlier in you service. Also it's possible that there's a subscription-level event like suspension of the subscription - then you have to temporarily block all the resources of that subscription and be able to restore them all one the subscription is "resumed. And finally the user can "upgrade" his purchase by switching to a more expensive plan - you'll have to debit extra units to his "account" inside your service.
The Subscription can be thought of an identifier for the Users commerce relation ship [think an identifier for which Credit Card to charge]
The Resource or The addon on the other had is what identifies the instance of the service that the user is buying.
In your case lets call your Service "SharpToothService" and the user can go to the service and buy the ability to send "n SharpTooths/month" for 9.99.
Sharp tooth would be the resource.
& The user name and password would be the Output Items [Result of Provisioning and Purchasing the resource]
[As you get along you might have question on plans]-
Plan is what identifies the sold packagae for eg. You might have Silver plan for "100 Sharptooths for 9.99/month: a gold one for "500 SHarptooths for 19.99/month" etc