My Task is to create a permission system that is not pre-defined by roles. E.g the system does not define the roles which an admin can assign to other users.
Instead the system only provides all the database tables and the admin can create their own roles on the fly be choosing tables and the grant level (CRUD) and also which fields should be visible. That would be the easy part.
The current implementation without any permissions is to fetch the data with an RESTful API and then create the DOM by javascript. Since the javascript knows what to display on the current page it can grab the properties from the data object or even fetch related data.
But now the returned fields from the API call may be different from user to user. How can i display only the data a user is granted to see?
Example:
In the image below we see the current element only showing the name and description fields. These can the current user edit. There is also a position input to define the ordering of the image but the user has no permission to change that and it is not generated.
Initial state, data fetched from API
When we click on "new image" a new row is added with javascript but now the field "position" is visible.
After clicking "new image"
The JS code does not now what fields the user can see and what not. How can i control that behavior?
Should i create a new API that will fetch the "structure" of the page based on the current users permission or should i alter the javascript code with php to output only required logic for the current user?
What should be the general approach and is there already something available in cakephp?
my current solution is to make a request to a new endpoint which gives me an empty data object but only with fields visible to the user.
button event ->
fetch api/newEmptyObject ->
render input fields
the downside is that it adds a delay from user click-event to displaying the input fields.
Related
In my workplace, there is a web based workflow management system. My job is to upload documents to the system and follow up if the relavent department have completed the job. Department people view the documents and change the status from "uploaded" to "Assigned", "Completed", "Rejected" etc.
I have to search the documents every time by entering the date range and clicking on search button in the form.
Is there any way to make a shortcut like something where I don't have to feed the date every time. My requirement is to fill two date fields with today's date and click the search button automatically.
The said system is a simple web page with a form and uses HTTP POST method.
Edit:
In HTML-GET I can pass whatever I want with URL, like on google if I want to search "stackoverflow" I can staright away type the url like "https://www.google.com/search?q=stackoverflow..."
Is such a thing possible in HTML-POST also.
I'm new to php and have read lots of posts here in SO but couldn't find an answer for my specific question.
I have a database in which I store information about projects (project name, start date, status, etc...). I'm trying to create an updating api, so the user can update the project info.
What I would like to do is to let the user choose a project from a regular html "select". Once the user chose the project I would like to display a new form containing all the fields that the user can update. The issue is that I would like to have all the project current information (before the update) as values of the form. (So I must send the user selected project name and get back all the info in order to display it on the second form).
For example: let's say that there are 2 possible project statuses: "on execution" and "frozen", then I would like to put as "selected" the current status, and let the user change it if he wants to and then send the second form so I can update the db info.
I would like to know what is the best way to implement that. Solutions can contain javascript if needed.
Thank you in advance for your time and pacience.
I am writing this web app which enables user to upload some set of data, and sort them into different categories, and enable to store in the server database. However, I am not sure how do I update the database when user trigger some events (say input change) in the browser? It will be great if someone can help
Say my model is just like:
class Data(models.Model):
name = models.CharField(max_length=20)
category = models.CharField(max_length=20)
And there is a table in html displaying the data, showing the name and category, and the user can dynamically change the table content.
I suppose there will be a table entry which will be a <input> tag
Upon any change event, I should be able to verify the change, and update the model database. Or more general some javascript events triggered and how to synchronize back to the database please?
Right now, the only way I can think of is to fire a request, and in the url includes all the information, and then have a function in the views.py handling in the update and finally return back the same page. But this is just not acceptable right? I am just being stupid and there must be a better way!
I have a page with Client side paggination and Filtration. The page lists around 200-300 prouducts.
The page contains some filters like Category,Manufacturer and Weight.
Clicking upon any of the page number or filter, I am manupulating the page content on client side using Jquery.
Everything is working fine till this step. Now there is a usecase where I am facing problem.
Lets say a user comes to our product listing page and click on some of the filters and gets a list of products.
Now he clicks on a particular product , which redirects him to the product page to view the details of the product.
But now when the user clicks on the back button , the user gets the page with the intial state without any filter selected.
Is there any way user will get the page with the filters previously selected on clicking the back button?
You can use some of the following to store data across multiple pages.
Store data in cookies.
Store data in local storage.
Store data in the session on the server.
Make the data part of your URL (use hash or query string for the filter parameters). Note that changing query string causes page reload.
If using cookies, local storage, or hash, you'll need to add JavaScript code to your page that loads and applies the stored data on page load.
There is a number of ways to do this:
If you are dealing with html5 history and a single-page application, then you are not reloading the page. But based on your question, I assume this is not what you are dealing with.
Store something in the URL. For an example of this, look at the filters on TotalHockey, e.g. http://www.totalhockey.com/Search.aspx?category_2=Sticks%2fComposite%20Sticks&chan_id=1&div_main_desc=Intermediate&category_1=Sticks so when you go backwards, the URL contains the entire state.
Use localstorage, if you have a browser that supports it.
use cookies with the $.cookie API
Store it on the session in the server.
You can store the Search Filter Data in session just after submitting on the filter input and on each ajax request (Loading your product listing), you can check the search filter inputs stored in the session and show the data according to them. If search session is empty then show whole listing.
You can also store the full ajax request URL (if GET method is used) in the session after searching the record and hit that particular URL again after coming back from product detail page.
I have added a column in the User class that holds the users score in a game, this is an ios app. I also have a javascript that runs seperate to the app that changes all the users scores based on other variables. I can access the user class via a query and get the variables but if I try
user.save();
if does not work. Is there a different save method I need to use to save the new user details. This cannot be done based off the current user as this javascript changes every user in the User class.
Thanks,
You don't have access to the user object without being signed in, so for anything you need to do with other user objects than your own, you should separate this out to another class.
You CAN circumvent this by using a master key, though. Check this post:
https://parse.com/questions/bypass-acl-on-cloud-code