how to create ACL with mongoose-acl node.js - node.js

I found this library for creating an ACL (access control list) for mongoose:
https://github.com/scttnlsn/mongoose-acl
It looks like a good module, but I'm a little confused on how to use it for my purpose.
I have a site where anybody (logged in or not) can visit a profile page, like example.com/users/chovy
However if the user 'chovy' is logged into this page, I want to give them admin privileges for editing the details of the account.
If the user is not 'chovy' or is not logged in, they would just see the read-only profile page for 'chovy'.
Can someone give me a concrete example of how I would do this?

That sounds so common, that I don't think you need an ACL. You will need to have sessions, and then you can change how the view looks based upon the current logged in user. An incomplete example would like like this:
// Assumes:
// - You set req.session.user when user logs in
// - The url route has a :name so you can do req.param() to get the name of the page being viewed
db.users.getCurrentUser(req.session.user, gotLoggedInUser)
db.users.getUserByName({name: req.param('name')}, gotUser)
And then pass this to the view, when you do a res.render():
var is_viewing_own_page = currentUser._id.toString() === loggedInUser._id.toString()
And then the view can do something like this (assuming jade):
- if (is_viewing_own_page)
div You are looking at your own page
- else
div You are viewing someone else's page

Related

Show different routes to user than actual in angular

I am working on a full stack web development using Angular, Node(Express) and mySQL. I want to show user some different route than what it actually is. How can I do that?
For example, this is my dashboard page.
http://localhost:4200/#/dashboard
I want it to be viewed as something else to the user like:
http://localhost:4200/#/Welcome
OR
http://localhost:4200/#/Welcome/LandingPage
Meaning, this page can only be accessed if you enter the Url:
http://localhost:4200/#/dashboard
and, if the user tries to access this page by entering the Url that is being shown to him:
http://localhost:4200/#/Welcome
OR
http://localhost:4200/#/Welcome/LandingPage
then, he gets an error.
I have done this all in app.routing.ts. I just want to ask how can I do the above mentioned. To show that route to the user that actually doesn't exist.
For further clarification: When the user will open the page then it will be shown to him as "localhost:4200/#/Welcome". I want to just show the user this route. In my code, it actually should remain dashboard. In easy words, when the user enters the url: "localhost:4200/#/Welcome" it should throw an error because in code such route doesn't exist. It was just shown to the user as a kind of fake route. In actual, it should be "localhost:4200/#/dashboard" but, shows to user as "localhost:4200/#/Welcome"
I guess maybe using location will do the trick if I understood question right.
constructor(private location: Location){}
replaceState(){
this.location.replaceState("/Welcome");
}
You will have to import Location module:
import {Location} from '#angular/common';

Netsuite, how to show popup after login into netsuite account?

I am new to Netsuite and I have a requirement to show one alert message displaying "welcomeuser" after the user loggedin into Netsuite account.
I have tried this client script but its not showing any message.
function employee_PageInit(type){
debugger;
alert('Dear UserName, The data in NetSuite is confidential and the property of the company.');
nlapiLogExecution('DEBUG', 'user role', nlapiGetContext().getName());
alert('ok'+ nlapiGetContext().getName());
}
I have logged in with the role ADMINISTRATOR,
any help is appreciated thank you.
Here is a sample with 2.0. It's not pretty and would need some work. But this is one way to inject javascript logic onto the homepage with a portlet.
/**
*#NApiVersion 2.x
*#NScriptType Portlet
*/
define(['N/runtime'],
function(runtime) {
function render(params) {
var user = runtime.getCurrentUser();
params.portlet.title = 'Welcome Message';
var content = '<script>alert(\'Hello ' + user.name + '\');</script>';
params.portlet.html = content;
}
return {
render: render
};
});
U can try using custom portlet it stands out in the dashboard for showing the content.Then also alert is not possible.
I've struggled with this idea in the past and what you want is not technically possible, since there are no scripts that run when you are viewing the homepage. Here are some weird workarounds:
Schedule a calendar reminder, which can trigger a pop-up with your message.
Before assigning their full NetSuite rights, tell users to go to a specific page or form: Maybe a custom record... (the record could serve as a log of who consented to and read your policy) On this form you could have your message. Then when the user fills it out, have a back-end script enable their permissions.
Make your text into a tiny image, and make it your company logo for all of NetSuite. ;)
You can add the custom Javasript to display the alert on a Suitelet which would be set as the Landing Page under General Preferences, then once the user accepts redirect to their home page, and if they don't accept send an alert to the admin...
E.g.
<script>
var accepted = confirm('Dear UserName, The data in NetSuite is confidential and the property of the company.');
if (accepted)
window.open('https://99999.app.netsuite.com/app/center/card.nl?sc=-29&whence=');
else
//Send email to admin
</script>
Hi please follow the following steps :
Create a suitelet script - Login Script with pageInit() in clientscript action to alert your welcome message.
Goto Setup > Company > General Preference and under Centers tab add appropriate URL of the Login Script Suitelet's deployment and save the preferences.
Note : You can add different messages to different center's based on the roles in your account.
General Preference > Centers Tab
Hope this solves your issue please revert back if anything is missed.
Basically, the homepage of NetSuite is not scriptable.
There are some ways to check if the record/page is scriptable:
Look up the specific record type in the NetSuite Help Center; specifically on the Records Browser
On the Browser's developer console, you may run nlapiGetRecordType() and if it returns the record name, it should be scriptable -- please note that the record should be on edit mode for the console tool to run correctly with NetSuite pages
Hope this helps with your development!
you can write a function
function pageInit(type){
var context= nlapiGetContext();
var username = context.getName();
alert(hello+username);
}

Logged in user can only access 1 page?

Using Orchard 1.6 Iv created a new role 'FactoryWorker'. When this user logs in from the front end I want them to be navigated to one page only.
OrchardLocal/System/ManufacturedProducts
I have set this page to be a print screen of the order details so the factory worker will know what products to get ready for ship out & they wont be able to navigate as no menu appears, but also need the other pages blocked incase the user decides to enter the URL of a page they arnt allowed access to.
This is the only page I want this particular user to be able to access(after they login), and I have added a logout button, which logs out the user and returns them to the home page.
So iv been looking through editing a role, with permissions and content etc...but this all seems to be applying to forms and content in general. where the user can access any content type etc...
So can someone advise me on how to do this?
thanks for any replies
UPDATE
I forgot to mention that this is not a content type, item or part I am talking about.
I have created my own controller & View & VM which is accessible from the dash board (using the AdminMenu, which brings the admin user to OrchardLocal/System/ManufacturedProducts)
I have looked at Orchard.ContentPermissions Feature but it only seems to allow me to 1)Grant permissions for others or 2)Grant permission for own content
any ideas?
You can use a Request Filter, (I do not know if it is the best way) :
FilterProvider – defines the filter applied to each request. Resembles the way default ASP.NET MVC action filters work with the difference that it’s not an attribute. All FilterProvider objects are injected into the request pipeline and are applied to all requests (so you need to check if the current request is suitable for your filter at the beginning of an appropriate method).
From : http://www.szmyd.com.pl/blog/most-useful-orchard-extension-points
So you could implement something like this
public class Filter : FilterProvider, IAuthorizationFilter {
private readonly IAuthenticationService _authenticationService;
public Filter(IAuthenticationService authenticationService) {
_authenticationService = authenticationService;
}
public void OnAuthorization(AuthorizationContext filterContext) {
//If route is the restricted one
if (filterContext.HttpContext.Request.Url.AbsoluteUri.Contains("OrchardLocal/System/ManufacturedProducts")) {
//Get the logged user
IUser loggedUser = _authenticationService.GetAuthenticatedUser();
if (loggedUser == null)
return filterContext.Result = new HttpUnauthorizedResult();
//Get the Roles
var roles = loggedUser.As<IUserRoles>().Roles;
if (!roles.Contains("FactoryUser")) {
//User is not authorized
return filterContext.Result = new HttpUnauthorizedResult();
}
}
}
}
Note: Untested code!
EDIT: Also you could invert the logic and check if the logged user has the role 'FactoryUser' and restrict its access to every page except the one they should see.
Your module can create a new permission (look at one of the permissions.cs files for examples), then create a role that has only that permission. Have your controller action check that permission (again, many examples found by finding usage of the permissions defined in one of the permissions.cs).
You can use the Content Permissions module. Using this module you can attach a content item permission part to a content type. This part allows you to choose which roles can see the content when you create it.

Displaying additional profile fields that are synced with AD using JavaScript

Along with the thumbnail photo, I may want to display other properties in my master pages that are imported from AD such as "company" using User Profile sync
If I use SPServices.SPGetCurrentUser() (https://spservices.codeplex.com/documentation), I can get selected properties held in user profile settings. However, I can't make this call since the property does not exist here (yet).
var company = $().SPServices.SPGetCurrentUser({
fieldName: "Company",
debug: false
});
It is however, is displayed both in http://mysite.mydomain.com/_layouts/EditProfile.aspx when in Mysite and _layouts/ProfAdminEdit.aspx (Edit user properties in Central Admin). I guess my question is then to be able to use SPServices, do I somehow edit the default properties and include my "Company" attribute held in the user' mysite profile? Alternatively, is there another way to access the properties held in the user profile with JavaScript ?
Thanks
Daniel
$().SPServices.SPGetCurrentUser calls this page : http://you.site.com/_layouts/userdisp.aspx?Force=True&1376982818371. For me the function is not able to parse the page correctly, but you could simply use jQuery (or pure JS or whatever) to get by yourself the same page, and then parse it to find the data you want.
Otherwise you can use $SP().people() to query the User Profile Service and gets the info for the user. See the example from the provided link. In theory that should return you the same information or even more info.

NetSuite - Check if user is properly logged

I have a little question. I am working with NetSuite eCommerce and I need to check something, my site runs a script when user is logged, but sometimes it asks for a login even when still getting NetSuite Attributes. Something like this:
var loginEmail = "<%=getCurrentAttribute('customer','email')%>";
if(loginEmail==null || loginEmail=="") {
$("#cart").hide();
}
else {
$("#cart").show();
}
Do you know a specific NetSuite attribute or tag that I should be calling/using?
User sessions do time out after a period of inactivity, and user sessions are tracked with a cookie.
Try testing with a different browser - ie run NetSuite in FireFox and test the eCommerce functionality in Chrome or Safari, for instance.
Try nlapiGetLogin(). From NetSuite Help:
nlapiGetLogin
Returns the NetSuite login credentials of currently logged-in user.
This API is supported in user event, portlet, Suitelet, RESTlet, and SSP scripts. For information about the unit cost associated with this API, see API Governance.
Returns nlobjLogin
Since Version 2012.2
Example
This example shows how to get the credentials of the currently logged-in user.
//Get credentials of currently logged-in user
var login = nlapiGetLogin();
It doesn't say, but my thought is that this would return null if no user is logged in.
Use this code:
<%
var shoppingSession = nlapiGetWebContainer().getShoppingSession();
if (!shoppingSession.isLoggedIn())
$("#cart").hide();
else
$("#cart").show();
%>
In place of
<%=getCurrentAttribute('customer','email')%>
try using
<%=getCurrentAttribute('customer','entityid')%>

Resources