Is it possible for me to port my design considering the structure when it comes to users and access control?
I develop a solution where a patient can report some data related to himself several times every day, and this can be read by a doctor. The doctor can have access to more than one patient but can only view the data in form of reports and visualizations. Currently I am working in Symfony2 (php framework) but I want to use only CouchDB JavaScript front end.
I have briefly reviewed couchdb and installed it. I have noticed that there are admin users and readers. Is it possible to tweak this for my use case?
My own answer, based on http://wiki.apache.org/couchdb/PerDocumentAuthorization is that CouchDb does not provide the suited authorization system. Therefore, I will probably not use couchdb.
EDIT: I could make each patient have his own database, make him an admin and make the doctors users with read privileges to the DB. I could then not use views. Any thoughts on this?
http://wiki.apache.org/couchdb/PerDocumentAuthorization
Related
I want to bulk create thousands of web stories (of the AMP/Google variety) using a standardized AMP web stories template populated with text and images from my database.
Anyone have any ideas? I am not a coder, but may be able to follow if you assume I know nothing :) Thanks for your consideration and time.
I have looked in GitHub and at several online services that provide tools to make web stories, but none offer it. VisualStories claims to offer an API that does this, but when I asked for paid access said they were not sharing this with customers anymore because they found that creating stories individually produced better results.
Thanks!
Michael
I have been reading up a lot about CouchDB (and PouchDB) and am still unsure what the best option would be for a project of mine.
I do have a possible way to solve the project in my head based on what I have read so far, but I am unsure about things like performance and would love to get some insights. Or perhaps there's a better place to ask this question? Please let me know if that's the case! (Already tried their IRC channel and the mailing list, but no answers there as of yet)
So the project is basically an 'offline-first' mobile application. The users are device installers. They get assigned a few locations and devices to install every day. They need to walk around buildings and update the data (eg. device X has been installed at location Y; Or property A of device B on location C has been changed to D, etc...)
Some more info about the basic data.
There are users, they are the device installers. They need to log into the app.
There are locations, all the places that the device installers need to visit.
There are devices, all the different devices that can be installed by the users.
There are todos, basically a planned installation for a specific user at a specific location for specific devices.
Of course I have tried to simplify the data, but this should contain the gist.
Now, these are important characteristics of the application:
Users, locations and devices can be changed by an administrator (back-end software).
Todos can be planned by an administrator (back-end software).
App user (device installer) only sees his/her own todos/planning for today + 1 week ahead.
Multiple app users (device installers) might be assigned to the same location and/or todos, because for a big building there might be multiple installers at work.
Automatic synchronization between the data in each app in use and the global database.
Secure, it should only be possible for user X to request his/her own todos/planning.
Taking into account these characteristics I currently have the following in mind:
One global 'master' database containing all users, locations, devices, todos.
Filtered replication/sync using a selector object which for every user replicates only the data that may be accessible for this specific user.
Ionic application using PouchDB which does full/normal replication/sync with his/her own user database.
Am I correct in assuming the following?
The user of the application using PouchDB will have full read access on his own user database which has been filtered server-side?
For updating data I can make use of validate_doc_update to check whether the user may or may not modify something?
Any changes done on the PouchDB database will be replicated to the 'user' database?
These changes will then also be replicated from the 'user' database to the global 'master' database?
Any changes done on the global 'master' database will be replicated to the 'user' database, but only if required (only if there have been new/changed(/deleted) documents for this user)?
These changes will then also be replicated from the 'user' database to the PouchDB database for the mobile app?
If all this holds true, then it might be a good fit for this project. At least I think so? (Correct me if I'm wrong!) But I did read some 'performance' problem regarding filtered replication. Suppose there are hundreds of users (device installers) (there aren't this many right now, but there might be in the future). Then would it be a problem to have this filtered replication running for hundreds of 'user' databases? I did read about CouchDB 2.0 and 2.1 having a selector object to do filtered replication instead of the usual JS MapReduce which is supposed to be up to 10x faster. But my question is still: does this work well, even for hundreds (or even thousands) of 'filtered' databases? I don't know enough about the underlying algorithms and limitations but I am wondering whether any change to the global 'master' database does or does not require expensive calculations to run to decide which 'filtered' databases to replicate to. And if it does... does it matter in practice?
Please, any advice would be welcome. I did also consider using other databases. My first approach would actually have been to use a relational database. But one of the required characteristics of this app must be the real-time synchronization. In the past I have been able to handle this myself using revision fields in a RDBMS and with a lot of code, but I would really prefer something as elegant as CouchDB/PouchDB for the synchronization. This is really an area that would save me a lot of headache. Keeping this in mind, what are my options? Am I going in a possible right path or could performance become an issue down the road?
Also note that I have also thought about having separate databases for each user ('one database per user'), but I think it might not be the best fit for this project because some todos might be assigned to multiple users and when one user updates something for a todo, it must be updated for the other user as well.
Hopefully some CouchDB experts can shed some light on my questions. Much appreciated!
I understand there might be some debate but I am only interested in the facts and expertise of others.
Is there a way to monitor statistics on usage of documents within a database?
I have a lotus notes database hosted on a local server. I know I can get some info from 'User Detail...' in Info tab of Database property (right click on the database from domino designer), which basically shows me which user accessed database and which CRUD action was performed, but I was looking for something more in depth i.e. which document in particular is read the most and by who.
Since this is StackOverflow, not SuperUser or ServerFault, I'm going to treat this as a programming question. (On those other sites, they would tell you that tracking actions at the document level is not built into Notes and Domino's functionality, but there are some 3rd party add-on products that can do it for you.)
You can implement tracking features down to the document level in Notes and Domino using the Extension Manager API portion of the Notes C API. There is also a free package on the OpenNTF.org web site, called TriggerHappy, which provides a framework for using the Extension Manager features to call Java agents when events that you want to track occur. This can make it significantly easier to accomplish what you want, but it will not scale as well for large user bases.
You should also bear in mind that since Notes and Domino are designed for use in a distributed environment in which users can do their work in local replica databases, a tracking mechanism that is based on an Extension Manager plugin running on the server may not see changes at the moment that users make them. Instead, it might see them when those changes replicate from the user's computer to the server -- and replication does not guarantee that order is preserved, so the server might see some things happen in a different order than what the user actually did.
Have a look at the activity trends, see notes help.
If you need more details, you have to implement it by yourself.
A client I am beginning to work with has a very specific need that I can't seem to find the best solution too nor any definitive yes or no because of conflicting answers in forums and documentation.
Goal: We are looking to use Moodle to handle the clients course management and course subscriptions. While using EE for other content as well as a store and cart to manage course related materials and supplies that will not be sold through Moodle.
Requirement: A synchronous cart so that if a student purchases a subscription to a course, they can also purchase any materials from the EE store in one go.
Upon doing my research I have found one piece that can help: aMember, but I cannot find a definitive Yes or No to these things:
Is Single Sign On between EE, Moodle, and aMember possible?
Is the cart functionality possible?
I apologize if this question is out of place here, but I'd very much like an answer because many of the proposed solutions have a relatively high cost if they don't work.
Any one here dealt with this kind of integration before?
I've never tried to integrate with Moodle or any other third party, but I know you'd have to create a way for the two to talk to each other. Would you use Moodle as the root authentication method? EE? I'm not sure which approach would work best. You can learn more about how to create that integration by browsing the EE add-on development documentation.
Also, depending on what your goals are, you may not need aMember at all. Take a look at Membrr, which excels at managing membership subscriptions. CartThrob and Brilliant Retail are two popular ecommerce add-ons for EE, and they're worth checking out, too.
Sorry I couldn't be more targeted with my answers. Hopefully someone with more experience can chime in as well. Best of luck!
I just completed a full EE/Moodle integration and would love to share how I did it. In a quick overview, We are using EE and CarthThrob to manage the purchases of the actual courses and Moodle for course delivery. What I ended up doing was a bit complicated but hopefully this will point you in the right direction.
Courses are sold through the EE site. When they're sold, I have a table that is populated on the cartthrob_on_authorize hook to populate a table with email address, role (student) and course id. I run a cron through Moodle to do remote enrollment so it will grab that data and enroll the student. This works both ways so if you delete a row from the table in EE, it will also un-enroll the student in Moodle.
I am using Moodle's user sync to pull in all of my EE users into Moodle on a cron job as well as using their remote authentication. One issue is that Moodle only offers SHA1 and MD5 out of the box so I had to modify their remote login script to first query the salt and then do a SHA512 hash of the salt and password for it to authenticate. What this does is allow users to log into Moodle using their EE credentials and creates the record to enroll the students against.
The biggest caveat is that you essentially have two different accounts on two systems and since EE stores its user data across multiple tables, you can't easily pull in data like First Name, Last Name so moodle prompts for this information (again) before taking a course. Not a great solution but it works. I am sure there are ways you could get around this (create an enrollment table that has all of this data in it to sync against Moodle with an EE extension).
Hope that helps move things in the right direction if you're still trying to do this.
We have created a solution close to what you are looking for in WordPress. Here we integrate Moodle with WooCommerce, an ecommerce solution for WordPress, to sell Moodle courses online.
Other features include:
Automatic registration to Moodle LMS
Single Login Credentials for registered users
Export Customer Information from WooCommerce
You can read indepth about the features here. http://wisdmlabs.com/woocommerce-moodle-integration-solution/
I've always wonder what security mechanisms are there to prevent an employee (dba, developer, manager, etc.) from modifying users' data. Let say a user has a Facebook account. Knowing who database works, I know that at least two employees in that company would have root access to it. So my question is what if such employee decides to alter someone's profile, insert bad or misleading comments, etc.?
Any input is appreciated. Thanks.
If a person has full write access to a database, there is nothing preventing them from writing to that database. A user who has unrestricted access to Facebook's database engine has nothing other than company policy to prevent them from altering that data.
Company policy and personal honor are usually good enough. In the end, though, there's always that risk; a Google employee was fired in July for reading users' private account data. In short, the people who write software for a system can make that system do whatever they like, and there is absolutely no way to prevent this; people who can read a source of data can read that source of data, and people who can edit it can edit it. There is no theoretical way to prevent this from being the case.
In short, all that can be done is to have more than one person watching the database, and fire people who try to damage it. As a user, all you can do is trust the company that controls the data.
This is a user access control problem. You should limit who has DBA access. You should limit what code developers have access to, such as only the projects that they need to do their job.
An after thought is to keep backups and logs. If someone does change a record in the database you should have a system in place to identify and fix the problem.