I try to make my first steps in magento. I would like to make a CMS-Page and
is there a possibility to use variables in CMS-System in Magento 1.8 ?
For example i create a page and in this page i would like to say Hello {{ user }} when the user is logged in.
Related
I'm in the process of building a headless implementation of Shopify+.
I'm trying to setup the shopify email reset notification to redirect back to my site (in this case just localhost) but I need it to also pass the recovery token.
I can't find any documentation on how to get only the token in the email template. I want to replace the link below with something like http://localhost:8449/auth/reset/{{ ??resettoken?? }}.
My question is how do I get just the token part without the URL in the Liquid email template? And is there a documentation somewhere I should follow for this?
You can use the split tag and extract the token, please check the below code.
{% assign resetUrlData = customer.reset_password_url | split: "/" %}
{% assign resetUrl = "http://localhost:8449/auth/reset/" | append: resetUrlData[6] %}
Add this code on the top of the template or before the start of the table tag, or anywhere in the code where you want, and after that replace the "Reset your password link" anchor tag code with the below code.
Reset your password
In jade I have two hyper links that both jump to same page, for example:
a(href='/signup')#create-account Create Student Account
a(href='/signup')#create-admin Create Teacher Account
If I want a variable send to '/signup' url and do some processing using that variable, what should I do?
Any help will be appreciated.
It depends on whether you will make your app to be RESTful or not.
Saying you would like to be Restful.
To create an admin you should make a POST to the url /admin.
Respectively to create an account you should post to the url /account.
This is if admin and account are different resources. If it is the same recourse you should post to the original recourse and with the posted data, make the decision what to save where.
jade form:
div.loginbox
form(name="login", action="/signup", method="post")
input(type="checkbox" name="admin")
input(type="text", name="user")
input(type="password", name="pass")
input(type="submit", value="login")
I have this scenario.
My site has a secured part. Security is, I think, correctly configured.
If I try to open a secured URL from browser, I am asked to type username and password.
Symfony profiler shows correctly user context after logon
The homepage (root route) is not secured (the profiler shows here the anonymous context)
Now the problem:
If, in the twig template of the homepage, I put something like this
{{ render(path('secured_route')) }}
the content of the secured route is rendered!
I expected to get some kind of exception or the login window!
Is this a bug or am I missing something?
When rendering a controller this way, you're bypassing the router, so securities related to routes are bypassed too.
The best you can do is to restraint your controller to logged-in users using the #Security annotation:
/**
* #Security("has_role('IS_AUTHENTICATED_REMEMBERED')")
*/
By using "render" from twig you are skipping the security checks related to routes, if you don't need to get the content in the anonymous context, you could check the role from Twig before rendering the controller, something like:
{% if is_granted('ROLE_USER') %}
{{ render(path('secured_route')) }}
{% endif %}
I want to create the following scenario:
1. Step:
Login page: The user will login into the web portal.
Each user has an username. For example tester12345.
This username is stored in the database.
2. Step:
After the redirect from the login page, all pages should be in this format:
http://tester12345.domain.com/..
This means: {username}.domain.com/..
How can I do this?
You would need to do something like this:
.addRule(Join.path("/").to("/internal_resource_blah.jsp"))
.when(Direction.isInbound()
.and(Domain.matches("username")
.and(***username is in database***)))
.otherwise(SendError.code(404, "Page not found or some error."))
.addRule()
.when(Direction.isOutbound()
.andNot(URL.matches("http://{username}.domain.com{suffix}"))
.and(***user is logged in***))
.perform(Substitution.with("http://{loggedInUser}.domain.com{suffix}"))
I'm using the Symfony framework with the FOS User Bundle. I'm using the security context to determine which menu items and other items to display.
$securityContext = $this->get('security.context');
if ($securityContext->isGranted($report['Permission'])){
//add the menu item...
}
Is there any way to give a anonymous user a security context of 'ROLE_USER'? I've got logged in users working properly.
I tried adding the line:
role_hierarchy:
IS_AUTHENTICATED_ANONYMOUSLY: ROLE_USER
to my security.yml hoping this would do it, but apparently not. I've Googled around a little bit and read the documentation.
I imagine that:
if ($securityContext->isGranted($report['Permission'])
|| ($report['Permission'] === 'ROLE_USER' && $securityContext->is_anonymous()))
would work, but this feels like kind of a hack (and not very DRY)
Edit:
This is for an intranet site. I've got a table that contains names of reports. Some reports should be able to be seen by everyone, regardless of if they are logged in or not. Some reports require permissions to view. I don't want to create several hundred users when only a handful will need access.
If you are trying to give access to people to a given url why not simply authorize it this way ?
You have 2 method to achieve this: create a firewall authorization or role defined a url
1) Firewall autorization
firewalls:
test:
pattern: ^/ws // you url or schema url with regex
anonymous: true
2) url with a role defined access
access_control:
- { path: ^/given-url, roles: IS_AUTHENTICATED_ANONYMOUSLY }
// in app/config/security.yml
in both case, non authenticated user and authenticated user will have access to this url
By the way , if you want to test (in order to display some user variables) if a user is authenticated or not , just make your test in twig
{% if app.user is defined and app.user is not null %}
The user {{ app.user.username }} is connected.
{% else %}
No user connected
{% end %}
EDIT : Content based view : juste create a route for your action which would not match your firewall rules