I am building an ExpressJS app and want to add a delete icon on a collection to delete individual items.
I am a bit confused how to do this.
One method I thought of is binding a click event to the icon in the express view and doing an ajax call to the server when clicked.
Another method is to create a form around the icon and the icon will be a button that when clicked submits the form.
I am not confident of the two approaches, anybody have thought on an elegant way to do this the express way
i recommend the second method because it's more easy to understand at this moment.
from your words i understand the delete button could be vulnerability or security hole if you did in the wrong way. Sure it's delete button on any way.
the most easy way to do it with more secure is to use session variable.
the user can't delete unless he is authorized (logged in). if so then you open session on your server and give the user the key of that session.
In the session you can store securely data about the user who interact with the server via providing the session key you gave him at login process.
at this step the user will click the button to delete document but guess what he should be authorized to delete this document. This the time for session key he provide to you to inform you his identity. then the decision is up to you either to delete or reject his request.
all of the above word are concept of what will happen in the code.
i will write two part one part for the login controller to give the user authorization. And the second is the delete document controller.
login:
if(var user = isUser(username, password){
//open session
req.session.user_id = user._id
}
delete document controller:
if(req.session.user_id){
//if true that means he is logged in authorized user
//you can also to check by his user_id if he has the privilege to delete the document
document.delete();//in mongoose model.remove();
}
this solution is for security in deleting any document.
There are multiple ways you can achieve the result you seek.
You could use a link that has the id of the item you want to delete YourURL.com/item/delete/id and attach a click event to it. When the link is clicked your handler should be able to get the id query params and use it to make an AJAX call to the server.
Also, you can use a button like you said, which is basically the same thing as the one above
Bottom line is, both methods are pretty standard, some people could use hidden elements, HTML elements, almost anything that can store an ID or a value, but you will find that most people also use the above methods as well, Which IMHO is pretty standard.
Below is a snippet of how it should work, I am not sure if you are using any Javascript libraries so I scripted it with Vanilla Javascript, if you are not using any Javascript libraries or frameworks I strongly advice you do, it helps reduce a lot of headaches you get from browser difference in the way the handle Javascript.
PS: Include codes you have tried to help give context to how your question could be answered.
var makeDeleteCall = function(e, id) {
e.preventDefault();
console.log(id);
// Make AJAX Call here to server to delete item with the ID
//After call to remote server you can then update the DOM to remove the item
document.getElementById(id).remove();
}
<!-- Using Link -->
<a href="#/delete/1" onclick="makeDeleteCall(event, 1);" id="1">
Delete Item
</a>
<br/>
<br/>
<!-- Using a Button-->
<button onclick="makeDeleteCall(event, 2);" id="2">
Delete Button
</button>
Link to JSFiddle
Related
I need to confirm if I have selected the right hook from the hooks database. I need to auto order a vehicle on confirming an order. I chose the change_order_status and registered it in my init.php using
fn_register_hooks(
'change_order_status'
);
now in my func.php I have
if (!defined('AREA')) {die('Access denied');}
function fn_dellyman_change_order_status(&$status_to,&$status_from,&$order_info,&$force_notification,&$order_statuses,&$place_order) {
//Getting authentication data to identify user
$auth = $_SESSION['auth'];
var_dump($auth);
}
when I go to orders and switch the order from say open to complete, I expect to see the contents of auth rendered to the page at least as part of the request response. However I see no indication that the hook selected is the right one. How can i ensure the hook called is correct.
depending on your CS-Cart version since 4.6.x is Tygh::$app['session']['auth'] but also depend if is done by AJAX request or normal place/edit order
On AJAX request you will not get any notification.
please try to use for a nicer notification:
fn_print_r(Tygh::$app['session']['auth']);
Use
fn_set_notification('W','Description', var_export($varialble,true) );
this gives a notificcation after the hook fires and I found it very useful for my dev purposes.
The W can also be I and E for information and Error. Basically all it does is change the style of the popup
I am writing an app in which the end user can mark documents as his favourites. I already have the necessary forms and views to save and read back the favorites, but I have one little problem: all is done in the back end (the favorites are displayed from a view, not a scoped variable) and there seems to be a sync issue between the click on the "add to favorites" link and the partial refresh that reloads the favorites: the newly added document only shows after a second refresh. No problem then, I then decided to move the favorites in a managed bean I already have for the session where I keep the language and other user's prefs.
The problem I now face is this: how can I trap the login event so I can build the favorites list in the bean? I looked at how the "xInvolve" control's favorite piece was built and I found that there is some code added to the custom control's beforePageLoad event. But I'm wandering if there's a better way of doing this. If I go that way, this means that each time a page loads, it will go in my session bean to look if it needs to build the favorites list. I feel it's a bit of an overload: I'd rather build the list once, when the user logs in.
Is that possible or I should keep the beforePageLoad code just as it is now? Any ideas/thoughts are appreciated.
Note this does NOT actually trap the login.. I'm not sure how to do that exactly but I'm not sure it's nexessary..
Just thinking out loud here.. but I would try this..
Assume you have a "UserObject" to hold the favorites for the user.. then the object gets loaded it reads them in etc...
What about an "App Bean".. a managed bean in app scope... basically a factory for your application... inside the AppBean you have a Map... so that's an easy way to get a hold of the userobject anytime and it lives throughout the app scope...
Now on each page.. you try to grab the UserObject... if it doesn't exist.. you load it once into the App Bean so it's there for later... if it exists.. it's already loaded... you then update the UserObject when the user adds/removes a favorite... make sure to go through the object in the app bean to keep it updated...
An advantage of this is if the user opens another browser or tab.. it all pulls from the AppBean...
Give that some thought and let me know if you need any help...
Also note: This is a java solution... it might be workable in SSJS though..
A standard login page is HTTP only, not XPages. HTTP identifies that a login is required, validates credentials, checks the URL that you're redirecting to exists and only then does the XPages runtime take over.
If you want to trap login, you need to have an XPage making an AJAX request to do the login.
You might want to have a look at XPages Help Application on OpenNTF. I built a favouriting function into that. Favourites are stored in the person's profile, but for the duration of the session held in memory in a Map. The person's profile is created with the hashed value of the username. There is a potential issue with renames, but that's not a significant issue.
You could use a SessionListener. In the sessionCreated method you can calculate the List and initialize your session scoped bean:
public class MySessionListener implements SessionListener {
public void sessionCreated(ApplicationEx arg0, HttpSessionEvent event) {
FavBean bean = new FavBean();
// create the favorites List
// and push it to your bean
// add the bean to session scope
event.getSession().setAttribute("favBean", bean);
}
public void sessionDestroyed(ApplicationEx arg0, HttpSessionEvent event) {}
}
Why does context.redirectToPage behave differently when executed in a view root-event instead of an event handler?
This question came up when I tried to set the language of an xpages application to the language saved in the user profile, once the user is logged in. I use a properties-file with translated strings in a resource bundle, and retrieve the strings like this:
<xp:text value="${langString['WELCOME_TEXT']}" />
When the language is changed and so a different properties-file is loaded, the page needs to be refreshed in order to update those strings. This worked fine when I added a full-refresh event handler to the login button, that executed a server side context.redirectToPage(). No luck with client side refreshes like location.reload or window.location.href=window.location.href (the login-function itself is a client side function though).
But of course the user expects that he is also logged in when he presses the enter key instead of the button after he has entered his credentials. So I added an onkeypress-event to the username and password input fields, and checked for the enter key (if (thisEvent.keyCode==13) dosomething...) before executing the login function.
But now the event handler is called every time a key is pressed and of course I do not want the context.redirectToPage to be executed all the time.
Thus I removed the server side event handlers and changed the login function so that it terminated with a partial refresh of the div containing the whole page:
var p = {"execLogin":"true"}; XSP.partialRefreshPost( '#{id:wholePage}', {params: p} );
The parameter sent via the partial refresh now triggers an event in which our context.redirectToPage is executed:
<xp:this.beforeRenderResponse><![CDATA[#{javascript:if (param.containsKey('execLogin') && param.get('execLogin').toString().equals('true')) {
print("test");
context.redirectToPage(context.getUrl().toSiteRelativeString(context),true);
}}]]></xp:this.beforeRenderResponse>
The page is refreshed and "test" is printed out, but I still see the old language strings. I have to refresh the page manually again to make the new user language take effect.
Any idea how to execute a genuine full refresh this way, or maybe another way to update the strings retrieved from the property bundle?
Thanks in advance. Regards,
Sarah
EDIT
I now have:
<xp:inputText id="cc_login_panel_login_username" styleClass="span2">
<xp:eventHandler event="onkeypress" submit="true" refreshMode="complete">
<xp:this.script><![CDATA[if (thisEvent.keyCode!=13) {
return false;
} else {
doLogin();
return true;
}]]></xp:this.script>
<xp:this.action><![CDATA[#{javascript:context.redirectToPage(context.getUrl().toSiteRelativeString(context));}]]></xp:this.action>
</xp:eventHandler>
Because context.reloadPage() didn't even log me in somehow (strange) I got back to using redirectToPage. The server side event is fired once and at the right time *thumbs up*, but the language properties-bevaviour is still the same.
$ is only set on page load, whereas # is set each time during the partial refresh.
I don't think a partial refresh will work at all though. This will refresh the computed field. However, it will need a full refresh to refresh the part of the XPage that includes the properties file. In other words, you would be refreshing the computed field, but using the same properties file.
I wonder if context.redirectToPage or context.reloadPage is somehow going to the same page but with the cached properties files.
If you're always wanting to come back to the same page, a full refresh instead of partial refresh may be the best option.
I think this has something to do with using the $ parameter. this tells the runtime to retrieve the language file the first time the current page is created in the back-end. When a user does a refresh it is actualy retrieving a saved version of the page you are viewing.
I see you're calling "context.redirectToPage(context.getURL().toSiteRelativeString(context)))" within an xp:this.action tag for the xp:eventHandler.
Try using xp:this.onComplete in place of xp:this.action.
According to the Designer tooltip for the action, the expected return is a string to be passed to the navigation handler. So instead giving the onComplete will execute the redirect command when it's done with the eventHandler group of events.
Thanks for all the helpful answers, in fact all of them did work, the problem turned out to be my misunderstanding of when the properties-file is loaded. It is loaded in an early phase, long before my new language is set to the sessionScope (that sessionScope variable is then used as a part of the name of the properties-file to be loaded, via the VariableResolver).
Now I use a double full refresh to load the new file. When the login function terminates successfully, it executes:
window.location.href = window.location.href + "?doRefresh=true";
And to the view root element I added the following event:
<xp:this.beforeRenderResponse><![CDATA[#{javascript:
if (context.getUrlParameter("doRefresh")!=null&&context.getUrlParameter("doRefresh").equals("true")) {
var url = context.getUrl().toSiteRelativeString(context);
url = url.replace("?doRefresh=true","");
context.redirectToPage(url);}
}]]></xp:this.beforeRenderResponse>
This is not a very sophisticated solution, but at least it works :-)
I have successfully created a feature in sharepoint that modifies the existing edit dialog and adds a custom button to it like this.
and I am aware that I can pass back data when the user clicks the custom button like this.
<CommandUIHandlers>
<CommandUIHandler Command="ActivateUser" CommandAction="/_layouts/MyFeature/MakeUserActive.aspx?ListID={ListId}&ItemID={ItemId}&ItemUrl={ItemUrl}&ListUrlDir={ListUrlDir}" />
</CommandUIHandlers>
As detailed here
I can now handle the list item and perform my required actions on it BUT given that this button has been added in the modify context (IE: Inside the sharepoint edit item dialog) what if you want to save changes to the data itself?
To me it seems like using your custom button would always mean losing any changes the user has made to the data. Is there a way around this?
Good question!
You actually already linked to the solution: Right now you are simply redirecting the user by using a URL as your CommandAction: CommandAction="/_layouts/MyFeature/MakeUserActive.aspx?ListID={ListId}&ItemID={ItemId}&ItemUrl={ItemUrl}&ListUrlDir={ListUrlDir}"
This if course redirects the user to another page without saving the current entry. What you want to do is use Javascript as linked in the MSDN article:
CommandAction="javascript:alert('here be dragons');"
You can either work the the SharePoint Javascript object model here and use something like SP.ListOperation.Selection.getSelectedItems(); or you could use complete custom code.
From your aspx page name I can see you want to "make a use active" (btw: wouldn't "ActivateUser.aspx" be nicer?). If this simply means setting a property in another list you could do that with the SharePoint OM, if it is some custom stuff you would need a webservice which you can call from JavaScript and "activate the user" like that. You can of course always access the current form and pass on the values the user entered. Or you could create a custom save button which does some stuff (activate user) before saving.
Lastly: You can also have postbacks in your custom button where you could do anything you'd like.
I have a xhtml page with Search criteria and search results. Clicking on search button will dynamically update the results on the same page. I have a controller for search/results xhtml in Page Scope.
There is an edit button in every record in the search results. Clicking on the edit button will open a new page(new controller in Page scope). Once I edit and save I want to come back to the search criteria page with search resutls.
I can store the search criteria in session and requery and display the results. I looked at conversation and I am not sure if I can use it in this scenario?
Any ideas other than dumping the data in session for this scenario?
Pass the search criteria to the edit view as well (but don't display them or something) and then let the edit view pass it back to the search view once editing is finished.
If you want to persist data between two pages, you have many ways:
1) String parameters
2) Session data
3) Long running Conversation
4) Serialize your data elsewhere (DB or other).
Since you are talking about "saving" I may think you are saving your data in a database. If you have persisted your data in the second page in some way you can just query for them.
Otherwise you can use session and conversation, the second has a "smaller" and defined scope. You can decide when to create one and to create destroy. Simply put a in the first page pages.xml and create a bean with conversation scope.
The session scope will keep your data in your session scoped component until you close your browser.
Hope this helps.
I would go with the session scoped bean. If you use a search bean you can go anywhere in your application and maintain your search state, also it lends itself to saving searches in the database (so users can save searches between sessions).
#Scope(ScopeType.SESSION)
#Name("someRandomSearch")
public class SomeRandomSearch {
private SearchObj1 userSelection1;
private List<SearchObj1> searchCriteriaList1;
private SearchObj2 userSelection2;
private List<SearchObj2> searchCriteriaList2;
private String randomUserInput;
// getters/setters, some helper classes, cascade dropdown stuff, etc.....
// clear search criteria
public void reset(){
this.userSelection1 = null;
this.userSelection2 = null;
this.randomUserInput = null;
}
}
Just make sure to implement equals method in your model classes - maybe that's obvious, but when I first started using Seam I missed this little tidbit and it took forever to figure out why we couldn't hold onto dropdown selections in our search pages.
If when you say "open a new page", you mean navigate to another page in the same browser window/tab, then a Conversation is the ideal method for storing the search state.
Depending on your detailed use case, you might prefer to setup nested conversations (when you click on the edit).
You might also want to setup a pageflow to manage that particular navigation logic.
See the official documentation.