Basic Groovy query regarding security / visibility - security

I am building a .gsp page to list the user details of an application with their specifications.
I want to let 3 roles to view it but allow only admin role to save any changes they make. For this I want the save button to be visible on screen only when the admin logs in.
I know I should be handling this in the controller, but being very new to programming I have no idea how that can be achieved?
Even if you could point me to a link that explains this it would be helpful.

I assume this is with Grails?
You really shouldnt invent your own security layer, the possibilities for getting it wrong are huge. Have a look at the spring-core-security plugin
It has detailed documentation (and for the bit in your question when you get it all set up, the documentation is here)
There are also tutorials to be found all over the web (one is here)

Related

Instagram API Permissions Rejected for iOS App to Pull Public Content Data

My iOS app needs to use Instagram API to load some images, user feedback based on geo location. I requested public_content permissions from Instagram team but got rejected with explanations below even though I filled out as much info as possible. Note I have my app in development only and website looks very minimal but some designs and lots of description was submitted for review.
How to resolve this issue of getting these basic permissions? I googled and I notice this is a common problem.
General issues: Invalid Use Case: The use case descrbied in your submission notes, screencast and website is not a valid use case that
we allow on our Platform. Please see our Permissions Review and valid
use cases description (https://www.instagram.com/developer/review/)
for more information.
public_content: This permission (public_content) does not support the use case you described in your submission notes, screencast and
website. Please review Login Permissions
(http://instagram.com/developer/authorization/) for a comprehensive
list of permissions and valid use cases.
Perhaps this helps. I have tried two times but our app was declined. I will write the submission text one more time. I also want to go more into detail as the new FAQ says that Instagram expects a very detailed submision.
Cheers, Christian
FAQ
My submission was rejected but it was a valid use case. What should I do?
A common reason for rejecting a submission is that we do not have enough information to make an assessment of your app. This can happen if your submission was too short, if it missed important information, if you did not provide a good screencast, your website is not working, etc. Before you submit for review again, make sure to provide a long and clear explanation of what your app does and how you use every permission. Make sure also to provide a video screencast and to follow all our Platform Policies.
What should I write in the submission?
The submission should be long enough for us to understand exactly what your app does and why you need the permissions you are asking for. If your submission is too short or does not explain all parts of your integration, then we may not be able to understand and approve your app. For example, your submission should explain what does your app or company do, which of the approved use cases your integration falls into, who will be using your app, how do your user authenticate with your app, how you use the API to power your integration, how does your product use the data acquired from Instagram, etc.
What should I show in the video screencast?
The video screencast is a very important part of a submission and cannot be omitted. Please make sure that the video clearly shows how your application works, including any Instagram login experience and the usage of every permission you are requesting. Since your app may still be in sandbox mode, you can use data from sandbox users to showcase the integration.
My company is working with multiple clients, should I submit one app per project?
No, we do not approve apps that are created for one-off projects (e.g. a hashtag campaign, an event, a website). You should use a single client_id across all your integrations.
Can I revoke a submission if I made a mistake?
You can't cancel a submission that is in progress. You will need to wait until the submission has been reviewed before you can start a new one.

How to automatically set gmail filter via chrome extension?

I would like to implement the following use case as a Chrome extension:
user visits gmail
exension checks current email body for a keyword
if a keyword is present, a gmail filter is added and saved (adding label, archiving, the details are not important here)
The first part sounds easier: there is gmail API to work with and even a gmail.js project that should make it easier.
Adding filter seems to be much harder. There is email settings API doing precisely what I want but I am fairly sure it is usable only by business accounts (custom email domains, won't work for gmail.com). I want the solution to be more universal.
One thing I thought of was to use browser automation - upon seeing the trigger keyword, the script automatically clicks 'Add filter' link, waits for AJAX, sets filter parameters and confirms.
An example of simulated user activity is in this answer
This could happen either on gmail page behind the popup ('Please wait, adjusting filters') or in background tab to keep it from interfering with user's flow. This seems like ugly workaround for me, though.
Is there a more straightforward or simply better approach that I'm missing?
After more experimentation and reviving an older github project I found out that setting the filter for a logged in user can be achieved simply by issuing a specific POST message to gmail from the current session.
I don't fully understand the parameters used in this request (if anyone has better information, please share), but I found a sample code which was greatly helpful.
Second issue, widely discussed in gmail.js community, is that Gmail security policies will prevent you from injecting your own scripts. This is bypassed by method shown in this boilerplate project
I compiled these solutions to solve my particular use case. Here is an example project with my solution, which should work out of the box - and when in doubt, see readme.

Have small chat application but i need current online users

In sharepoint I do have chatter web part.
That web part does not show the online user.
In sharepoint are there any ways to get online users into the WEB PART.
Please guide it is the requirement.
THanks a lot in advance
This is not possible out of the box with SharePoint. It's a big limitation, I know because I've been looking for ways to do this as well. But there may be a ways around it:
The following was proposed here: go4answers.webhost4life.com/Example/code-get-many-users-logged-sharepoint-79841.aspx
What comes to mind is that you could write something that would hook into the session_start and session_end. Here's an ASP.NET blog that covers it. http://imar.spaanjaars.com/QuickDocID.aspx?QUICKDOC=223.
I then realized that this may not work since sharepoint uses SqlServer, by default, not InProc for its session mgmt. This would prevent session_end from firing.
Ok, so if you change your web.config to use InProc, it should work. There are implications in doing this, of course. Here is an article that lets you assess where this is a safe thing to do based on your environment. http://sharepoint-one-stop.blogspot.com/2008/06/moss-2007-interview-questions.html

User Control and Custom Control

I'm purely new to this topics.(User Control and Custom Control)
Even i saw some other sites for learning,i'm totally confused about these topics.
Which site is best to start these topics with examples from beginning?
I think, MSDN is the best one.
See following link :
http://support.microsoft.com/kb/893667

No-code or little-code website

What is a (free) technology which requires the least amount of code for creating a website with the following requirements:
Sign-up/login
Form for adding your personal info. which gets databased
Each person can view and edit their own info
Admin can view and edit any
The form needs to be easily customizable and extensible (by the website's owner, not during run-time)
Is there a beginner tutorial for such a thing?
(For me, this question is about a friend who wants me to do this, but I want him to do it himself so I don't have to get roped into maintenance. I also want to keep it more general for the sake of Stack Overflow and future readers.)
Edit: I thought I remembered some ASP.NET tutorials that were mostly drag/drop or things where it was all but made for you from the database schema (which can be made with SSMS's GUI) but I can't seem to find them now.
Responding to posts below requesting specifics: this site will be for potential clients to sign-up and enter their company's info and fill out a form about their advertising needs.
I thought about putting this on SU instead, but since there was likely going to be some coding involved (I assumed no-code was an unreachable goal) SO seemed more appropriate.
Your friend can consider a framework like drupal. It has a bit of a learning code but, you can create a website with everything you ask for without code. You may want to modify it to change the look but there are themes for that.
Also, some hosts like godaddy.com have this installed and you do not have to worry about the complex installation procedures. Just start modifying the content of the site, select a built in template and go...
PhpBB? I think you need to specify what the website is going to be used for before you can get better/more specific answers.
... have a look at Drupal or Joomla, expect a learning curve nevertheless.
Is this friend a programmer as well? If so, I'd suggest building such a site using a PHP framework. Deploying an existing forum/wiki is also an option of course, but will probably have much more features than you describe. But if s/he's not a programmer, I don't see how s/he will be able to develop a site like that in a reasonable amount of time.
Why not using a CMS like wordpress, drupal and co. ?

Resources