I am using Jhipster 4.13.3
In the jdl, I have the following relation.
relationship OneToOne {
UserInfo{user(userName)} to User{userInfo}
}
UserInfo table has extra user detail and relates to other tables I have.
In the UI, I went to Entities -> User Info -> "Create new User info"
In this form, User input is present, but drop down is empty. I was hoping to see admin, user and all new users there.
What is the simple way to link User and UserInfo from the UI?
Thanks.
My mistake. userName doesn't exist in User. I replaced with login and it is working now.
Related
Iam trying to update my user model in Django's admin Panel.
I want to add a field/column in Admin panel named "Group" for Users. This field will have the option to select any value from the existing Groups (single option only/Dropdown).
I tried to search for the document but I couldnt found out the relevant information to manipulate the User Admin panel. Although I do found a few blogs and video where they have created a new app and extend the User model.
Is it possible to update Admin panel for User? Please suggest any document or blog or any approach to achieve the goal.
You will probably have to extend the user model in models.py, and also to use Inlines to reflect the changes to the admin site. Both of these steps are performed by Julia in this video: https://www.youtube.com/watch?v=sXZ3ntGp_Xc
The documentation for Inlines can be found here.
So in your admin.py you can extend UserAdmin and in Permissions if you add groups it will create a group assignment to your user create form in admin.
class CustomUserAdmin(UserAdmin):
add_form = UserCreateForm
fieldsets = (
(None, {'fields': ('email')}),
('Permissions', {'fields': (('is_active', 'groups'), )}),
)
So I'm currently learning/building a REST API backend server for my web application using NodeJS, ExpressJS, and MySQL as the database. My question is in regards to the best way to implement authorisation to ensure User A does not access or edit the data belonging to another User. Please note that I understand there are a lot of examples for implementation of role based authorisation (ie user groups vs admin groups, etc) but this is not what I'm asking. Instead, how do I authorise a user against the data they are accessing?
It is possible that I'm overthinking this and this is not even necessary; that I should just check whether the data belongs to the user in every SQL query, but I thought I'd ask if there's a middleware or policy architecture that takes care of this, or maybe even authorise through caching.
The only solution I can think of is that every SQL query returns the the user id with the result, then I just create a service that checks every result if the id matches or not. If yes, then proceed. If not rollback the query and return unauthorised error. Is this ok?
I very much appreciate your advice, help, and if you can point me in the right direction.
Many thanks in advance.
Save the userId (or ownerId) in every table, and create a middleware where each db access method requires the userId as a parameter, for example:
readOne(id, userId) {
// implements SELECT * FROM example WHERE id = id AND userId = userId
}
updateOne(id, data, userId) {
// implements UPDATE example SET data = data WHERE id = id AND userId = userId
}
...
For security reasons, never send as a response "Requested data exist by you aren't the owner".
The simplest things usually work best. You wouldn't have to have a special service for checking authorization rights for every entity and you can do it at data access level eg. SELECT * FROM foo WHERE user_id = :currentUser or UPDATE foo SET foo = bar WHERE user_id = :currentUser
It also depends whether you want to notify the user about unallowed access via HTTP401 or not to reveal that such a resource even exists for different user HTTP404.
For HTTP401 the scenario would be:
const entity = loadFromDB(id);
if(entity.userId !== currentUserId) {
res.send(401);
return;
}
... update entity logic ...
I am trying to delete document,where conditions is...
Where the user is in Group and having the deletion rights & every users in group is able to delete the document.
But problem is when, If the name I specify is also listed explicitly in the ACL and does not have deletion rights.Then it does not check the group rights which is fair enough.
For that i am trying to give deletion rights to those users who are in group by code given below.
var acl:NotesACL=database.getACL();
var entry:NotesACLEntry=acl.getFirstEntry();
if(entry!=null)
{
var user:NotesACLEntry=acl.getEntry(#UserName());
if(user.isCanDeleteDocuments()==false)
{
user.setCanDeleteDocuments(true);
acl.save();
}
}
Where it shows error like,
Exception occurred calling method NotesACL.save() null.
Even explicitly added user is having user type=person & Access= Manager in ACL.
is there any other way to do this?
Any help would be appreciated.
Thanks in advance.
Using database as a starting point means you're getting the database as the user. Unless the user already has Manager access to the database, this will fail because the user doesn't have access to update the ACL.
You can use sessionAsSigner, but bear in mind you cannot use the getCurrentDatabase() method. Instead you must use the getDatabase(server,filePath) method in order to get the database with the signer authority. Obviously the signer also needs rights to modify the ACL.
I have a custom web part that starts by getting a current user login name like this:
protected static string iAm = System.Web.HttpContext.Current.Request.ServerVariables["AUTH_USER"].Split("\\".ToCharArray())[1].ToLower().
Then it passes this string to a bbl class and fetches a user id:
`IDataReader _drInfo = cisf_BLL.bll_MyInfo.drGetMyInfo(iAm);
while (_drInfo.Read())
{
iUser_Ident = _drInfo.GetInt32(30);
}
`After that it passes the user id integer to another method that fetches user's training record:
_drUserTraining = bll_Training.drGet_required_training_records(iUser_Ident);
_drUserTrainingCompleted = bll_Training.drGet_completed_training_records(iUser_Ident);
This information is then displayed in a tab container with three tab such as "Overdue", "Required", and "Completed".
The problem I'm having is this: I'm logged into SharePoint collaboration site with my domain user name and all my training is displayed just fine. If my someone else then logs in to the SP Portal that user sees my training and not his, even though this user has logged in with his unique credential using a common access card, just as I.
Somehow some strange session seems to persist and I was hoping someone out here has encountered this anomaly.
Thanks in advance!
Risho
You are misusing static - a static property is stored once per web server process, not once per user.
Not an answer, but code improvement: there is much simplyer way to get current user name/id
SPUser user = Microsoft.SharePoint.[SPContext][1].Current.Web.CurrentUser;
user.ID;
user.Email;
user.Name
user.LoginName;
user.Grups;
....
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spuser_members.aspx
I'm attempting to develop a portlet for liferay.
How can I get access to the username and password (and other data liferay has) of the user that's currently logged in?
I'd also like to be able to execute some code when users change their password.
You can get the User ID by calling getRemoteUser() in the PortletRequest object. This is defined by JSR-168 therefore it's cross-portal compatible.
Once you have the ID you can fetch the additional informations by calling getUserById() (a Liferay specific service). This is something not covered by Portlet API specification, so it locks you to the Liferay.
Liferay Specific stuff, here is a code sample to be written in your Portlet Class to retrieve the User:
ThemeDisplay themeDisplay = (ThemeDisplay)portletRequest.getAttribute(WebKeys.THEME_DISPLAY);
User user = themeDisplay.getRealUser(); // it gives you the actual Logged in User
//you can also use
// User user = themeDisplay.getUser(); // this would fetch the User you are impersonating
long userId = user.getUserId();
String userName = user.getEmailAddress();
Alternatively;
long userId = themeDisplay.getRealUserId(); // themeDisplay.getUserId();
User user = UserLocalServiceUtil.getUser(userId);
Impersonate User:
Liferay has a concept that admins (or persons with the correct set of permissions) can impersonate a particular user of the portal. Through this they can see how the portal looks to that user.
For executing the code when user change their passwords:
One approach would be to create a hook plugin and overriding the services by extending the UserLocalServiceWrapper class. Then checking for the password change and executing your code inside the your custom class.
Hope this helps.
Or you can just use javascript:
Liferay.ThemeDisplay.getUserId()
There are many nice to haves in the Liferay namespace, take a look at the not so well documented API:
https://www.liferay.com/community/wiki/-/wiki/Main/Liferay+JavaScript+API
https://www.liferay.com/web/pankaj.kathiriya/blog/-/blogs/usage-of-liferay-js-object
Also, take a look at the web services available under localhost:8080/api/jsonws which you can invoke with a javascript call:
Liferay.Service(
'/user/get-user-by-id',
{
userId: 10199
},
function(obj) {
console.log(obj);
}
);
One simple and easy way to get the user in Liferay is PortalUtil.getUser function.
User user = PortalUtil.getUser(portletRequest);