Is it possible to combine # Functions with sessionAsSigner in XPages SSJS? - xpages

I have a processes that uses the sessionAsSigner to do some things that the signer has access to do, but not the current user does not. This works well enough. example:
var db = sessionAsSigner.getDatabase(session.getServerName(),"somedb.nsf");
But now I am trying to add the use of a # function into the mix, but there doesn't appear a way to use that sessionAsSigner when calling the # function.
Is there a way to do this or will i have to create my own replacement function that uses the session to do the same thing as the # function?

You can use the evaluate statement for your #DBLookup, f.e.
sessionAsSigner.evaluate('#DbColumn("":"";"":"";"All";1)');

Related

Best way to implement ACL with Mongoose

I have my data model already defined and implemented. I can very easily write manually the filter to filter out non-authorized results for the user who sent the query (which would be in the style of: "collection.acl.personId": queryPersonId )
My problem is, where and how should I write this "thing" to be as automatic as possible?
I tried to do it with a custom query and a static method, but did not had any luck on both.
Static method con: I don't want to rewrite all my code to use .then(). I want to keep the current chaining.
Custom query: it simply did not worked, even by following the doc.
Ideal the result would be something like
Model.findWithAcl(filters).lean()
Model.findOneWithAcl(filters).lean()
Note that we are using Typescript. The priority would be to have something working, but having the ability to have a working type would be the second priority right after.
Thanks for any help
Casl mongoose gives a very good way of filtering both results (row level) and fields from collections. Note that it also can be used in the front end.
Great package that works very well with auth0 rights.
https://casl.js.org/v5/en/guide/intro
https://casl.js.org/v5/en/package/casl-mongoose

Is there a way to prevent callback until the input `id` is loaded?

I am new to Dash Plotly.
Is there a way to prevent a callback if an Id (at the current moment) used as a INPUT to one of the callbacks.
A nonexistent object was used in an `Input` of a Dash callback. The id of this object is `some-dropdown` and the property is `value`.
Or Is there a way to register all the component id in dash and later it can be used for rendering ?
You could use pattern matching callbacks. That's the most flexible solution. If you have a known number of IDs you'll add, then you could also include all of them in the app on initialization, and use callback logic to update them only after the specific trigger occurs. They could be hidden initially as well, then shown later by updating the style prop.

Purpose of AssertRequiredRoles?

I am implementing my own RequiredRole attribute called RequiredAnyRole, whereby I pass in a list but the user only has to be in 1 of the roles. I have implemented my own method called HasAnyRole which simply queries based on .Any() instead of .All().
I have then overridden the Execute method to use my method rather than HasAllRoles. The problem is im not sure what the method: AssertRequiredRoles is doing? It doesn't seem to be called?
Should I override that to use .Any() rather then .All() too? Here is the original code:
https://github.com/ServiceStack/ServiceStack/blob/82241fc96e187d12f9db2556aea37cf327813adc/src/ServiceStack.ServiceInterface/RequiredRoleAttribute.cs
AssertRequiredRoles is a static helper method that's can be used by other plugins like RequestLogsService to ensure access is only granted to users with the required roles. It's not called when used as a normal attribute filter.
Once you override Execute you retain full control of what gets executed, so you only need to override what you need.

Is there anything that provides the kind of support PHP's filter_var does in ColdFusion?

I've found filter_var to be extremely useful in validating and sanitizing user input with PHP, but I've yet to find anything even remotely as convenient in ColdFusion (more specifically, CF8).
Obviously I can hack together something using REReplace, but that would take significantly more time to code up and would be much uglier than using the pre-defined filters available in PHP. Is there a more efficient way or do I just need to bite the bullet?
There are three different options available to you. Since you're attempting to manage user input, I assume you're using forms. isValid most closely mimics your functionality, allowing you to check if a value specified matches either a data type or a regular expression and returns true or false, and includes attributes by default to define a range. It does not support the ability to create a custom 'filter' beyond defining a regular expression however.
The second option would be using cfparam tags on your POST processing page, which allows you to specify the existance of a variable, test against a data type or define a regular expression, and optionally assign a default value if the variable doesn't exist. If you attempt to process a page where the field is not defined and no default value is assigned however, ColdFusion throws an error.
Finally, you can do validation by using cfform and cfinput fields on your form itself; which allows for client-side data validation for existence and types (it also supports server-side validation but it's implementation is sloppy), regular expressions, and input masking: taking user-inputted data and conforming it to a specific format (like adding dashes to phone numbers and zip codes).

Referring to session-based data in a Mongoose virtual attribute

I have a Mongoose model that holds Places. Each place has a lat/lng. I can define a Mongoose virtual attribute called distance that would be used to sort Places in ascending order. What's the best way to refer to the user's location information (let's assume it's stored in a session variable for now) from inside the distance virtual attribute?
For anything involving external data, adding a method to the schema would be a better choice than a virtual property.
I'm solving a similar issue. The problem is that methods are fine if you want perform an operation on a single value but I'm retrieving a list and want to inject a new virtual field into every record in the list - but use session data to generate the field. to do this safely (avoiding globals), I think I'll need to use a QueryStream and inject the new field using an ArrayFormatter that takes the session variables as constructor parameters.
This also looks like a job for LINQ so another approach might be to use one of the ports of LINQ to JS.
If you sill prefer to use virtuals, you can store user location info in NodeJs globals. For example this code may be set after user login:
global.user_location = user.location;

Resources