There are some task which are assigned on group level. then there is a list which depends upon the Groups, having people only from the assigned group.
I wanted to show the task which are only assigned to a person who logins.
Showing task Whom it belongs To having Both Conditions wheather he/she is a member of group,or the task is assigned to him/her specifically!!.
Related
after some time, I am still struggling to model my domain properly. Let me briefly introduce simplified background.
It is product monitoring SaaS. User needs to obtain a membership which defines his abilities and limits, let's call him a Member. Member can subscribe to products in order to keep track on product changes, and therefore being notified about it. Member can also create a group to which he can add subscribed products in order to customize notification behavior - "hey, in case of these products, notify me only if price drops more than 20%". Simply as that.
At first, I created three aggregates.
ProductAggregate
MembershipAggregate
GroupAggregate
Even though my use case is fairly simply, I can't figure what is a proper way of modeling that.
Member can subscribe to products. Does "subscribe" method belongs to Membership or Product aggregate? Membership can exist without subscriptions, so is Product.
Member can create group – I would say it belongs to GroupAggregate, but membership limits (i.e. member can create max. 3 groups) needs to be checked. Group has no idea about that, so we need to load membership aggregate to check if it is possible.
As you see above, both cases require knowledge about membership limits, so it would be natural to place it all in membership aggregate. On the other hand, pretty much every action in the system will depend on user membership limits and thus everything would have to go through that aggregate – which is obviously bad.
The only solution I came up with is to build membership with method like "canCreateGroup()" etc. and retrieve that aggregate in command handler (application layer). So CreateGroupCommandHandler would do:
Load membership aggregate, execute canCreateGroup
Load group aggregate, execute CreateGroup
However, this way everything related to membership would be checked in application layer (command handlers) and I believe it is a domain responsibility, so it would be wrong as well.
It appears that there's a requirement that no member ever breach their limits. In that case, every operation that could possibly breach the limits has to run through the membership aggregate. There's no way around that.
You can model the process of creating a group as its own process (with state, which enables resumption) in the domain, as in the saga pattern. For a given member ID and group ID, the create group saga:
attempts to add the group to the member's set of pending groups (the member validates that the group would not breach limits; note that this command has to be idempotent)
if that succeeds, records that the member has approved creation of the group
creates the group
if that succeeds, records that the group has been created
moves the group from the member's set of pending groups to the member's set of active groups
if that succeeds, record that the group creation process has completed
The reservation process means that the failure mode would be a group which never gets created stays in pending and eventually prevents a member from creating more groups. This situation can be detected by subscribing to the events from members (you seem to be event sourcing, judging from the tagging) and canceling (or perhaps resuming, depending on the interval) hung group creation attempts.
How to restrict the GitLab project to one group, so that any new user or user from another group cannot be added?
For example, two groups are created in GitLab groupA, groupB.
When I am the owner of groupA for a project.
I should not able to add user of groupB and the individual user should also be restricted.
Your requirement is cannot valid. One user belong to 0, 1 or many group(s).
See document: https://docs.gitlab.com/ee/user/group/
I have scenario as, I have say 5 branches for example Branch A, Branch B, Branch C etc. All branches have different set of users and different set of data(in liferay portlets). My requirement is like, Whenever user from Branch A logs in he should not able to logged in to other branch. In short he should not have any permission to view, login to Branch B (other than his own branch).
All 5 branches has two sub-sites.
Eg. Branch A has sub sites Site A1 and Site A2. separate users are associated to the site.
My Question is what should I use to develop such system.
As of now I had created one Organisation and created Location Sub organisation.
How can I restrict user to log in himself into his own organisation and not anyone else.
How can I restrict user to view the contents on his own site and not other site.
Do I need to create User Groups.
Any Pointers would be helpful. Thanks in advance.
First of all: You don't need Locations. They're just like Organizations, but can't have any more suborganizations. This is a limitation that you don't need to impose on your branche offices. You can, but don't need to.
You always log in to your account, not into an organization. When there's content in an organization's site that must not be seen by non-members of that organization, just make the pages private - this restricts them to be seen only by members of the organization.
Membership of organizations is centralized anyways - thus nobody can become member of another organization without an administrator making the connection.
If you need user groups depends on what your overall structure is. If you interface with LDAP, I like to use user groups as the importing target for LDAP groups. If you don't, it still might make sense to group users into User Groups - just to keep an overview over the different memberships and permissions that you give. It's a lot easier if you restrict yourself to not grant any roles and permissions to individual users, only to User Groups - at least once you have a certain number of users.
I am working on a project in which a task needs to be assigned to users that potentially belong to two groups. For example - users which belong to Company A and also are User Type B. Is it possible to have two columns in the task list and require the workflow to assign the task only to users which are members of groups in both columns?
I don't think this can be achieved with OOTB approval workflow since you have to get intersection of users from both the groups. The simplest way will be create another group which will contain only users which belong to Company A and also are User Type B.
You can maintain this group manually or in SP2013 create a SPGroup User added event receiver which will automate this process.
http://www.c-sharpcorner.com/UploadFile/anavijai/create-groupuseradded-event-receiver-in-sharepoint-2013/
I'm using AzMan on Windows Server 2003, and I've written a management application that completely hides AzMan and the MMC from the security team.
However, I'm having a hard time implementing one of the features in the MMC.
I have a role called User, and a role called Branch User which contains nothing but the User role. I want to assign the User role at the all data (Role Assignments) level, and the Branch User role at the scope level.
However, I can't find a way to programmatically assign the Branch User role to a scope without it losing its definition. I can assign the role (by calling CreateRole on the scope) but it seems to just create a new blank role. When I right click it in the MMC, click on properties, and then Show Definition, it doesn't have anything.
Also, if I try to then call AddTask on that IAzRole object to add User to it, it doesn't quite work as expected. It will add all the tasks in the User role to my Branch User role, but not the role itself.
Is there a way to do this?
Yes, on WIN2k3 that is the correct way. Unfortunately in AzMan versions before Vista/Win2k8, a role definition is a Task with the task.IsRoleDefinition set to 1. It has it's own well named class in newer versions.
Basically CreateRole() is creating a Role Assignment, not a Role Definition (this doesn't necessarily need to have the name Branch User, it could be anything). A Role Assignment contains the links between definitions of roles/tasks/operations and members/users.
You are then adding the Role Branch User to the Role Assignment using app.AddTask().
To do this only for a particular Scope you need to call app.OpenScope (or app.CreateScope, if new) which returns an IAzScope object. You can then do all the above on scope.CreateTask or scope.CreateRole.