I am developing a web portal using Angular JS and node.js and I have been researching to find a library in node.js which provides role based access control.
All the libraries which are currently available such connect-roles, ACL etc provide page level authorization where you cannot access a particular path or URL based on your role.
Do we have any ready made options where in we can enable/disable a text box based on the role of the user? So my page page will be rendered to the user however some of the fields will be disabled based on the role of the user.
Thanks in advance.
You could give below a try
The above is part of ongoing Node.js boilerplate platform below
Nodejs_Postgresql_VanillaJS_Fastify
Related
I have created the SPFx Web part with No Javascript Framework.
I need to manage permission based on currently logged-in users.
So, I need to check the currently logged-in user is in a particular group or not.
How can I check that in SPFx No Javascript web part?
Please let me know if you have any ideas for the same.
Is it possible in hapi-swagger to hide some APIs from documentation (swagger ui) based on user role.
I mean suppose I have /employee and /admin two APIs so whenever admin login to swagger ui or swagger documentation so both /employee and /admin API should display on page and if employee login to swagger ui then it should display only /employee API.
You can hide routes by omitting the ['tag'] value in the configuration, but you cannot have this on a user based role without considerable reworking. The documentation is generated at server start not on the fly, which is why you need to reload the server to reflect changes.
I had a similar use case, and in the end I decided it made more sense to have a different endpoint for the two difference services (in your case employee and admin). So perhaps something like api.domain.com/internal and api.domain.com/external and if so desired its easy to wrap authentication around either of these. It also leads to advantages should you ever want to grant access to developers to work on one API group rather than open access to both.
I'm trying to add a feature in a shopify app that blocks a certain customer from accessing a certain product, but I found out that I can block access from the site's theme. But how can I control customer access from an app and not from the theme, or is there a way I can edit the theme using an app's backend?
You can use the assets api to modify theme files. You could use this to update a snippet that contains your logic and then process the layout to make sure the snippet is included.
I have created a custom user role to allow logged users to submit content into a specific section in the site. The problem is that I don't want the users enter into the dashboard (even when the role restricts any other function in the admin menu because the site is used for people old than 50 years and they get confused because they cannot see the frontend menu when they are in the backend). So is it possible to add an access to upload a "New content item" from the frontend?
You could use Dynamic Forms or create your own module that fully abstracts all the functionality you need.
The new dynamic forms in conjunction with workflows could be very useful here. i would just create my own module so rather than do it all over the Admin UI or a mixture or both.
I can't seem to find an asmx that has a "Remove" User Profile method...the
UserProfileService has Create and Modify, but no Remove...where should I be
looking to programattically remove a user profile via an WSS WebService?
Please advise.
You appear to be correct:
http://msdn.microsoft.com/en-us/library/websvcuserprofileservice.userprofileservice_methods.aspx
You would however be able to do this from code that uses the server object model.
There is no out of the box web service to delete/remove profiles. We had to create a custom web service deployed to the 12/ISAPI folder (where the OOTB web services are), that took a username as a parameter and called the sharepoint API to then remove the profile.