I'm new on the SharePoint world and right now I'm facing a little adversity.
Right now I do have a list that represents a collection of books. I also created a button with JavaScript that will allow the users to order them for a temporary time.
For this matter when the user clicks on the button, it'll change some column values from that list item, such as: the status, order and return date, some counters... I tested with my account and everything was working fine until I remember that I do have the permissions to edit this list. However if it's a end user, he'll receive (correctly since they haven't permission to edit) the "Request failed. Access denied. You do not have permission to perform this action or access this resource" message and won't be able to order the book.
Well, I could give the permission to this users in order to edit the list, but that way they would be able to delete and edit some columns that they aren't suppose to.
Do anyone have any suggestion/solution?
Thanks in advance!
With this type of scenario, I would suggest using more than one list, so you can manage the books and orders separately. Also, create a workflow in SharePoint Designer that starts when an order is created. This workflow will perform the operations that you are doing in JavaScript.
Here's a basic implementation plan:
Book List - Give users read only permission to this list.
Book Order List - Give users Add permissions to this list. Add a lookup column to the Book List.
Book Order Workflow - Perform the management of the order and inventory statuses here. App Steps can be utilized to run specified actions in the workflow with elevated privileges.
Related
Has anyone figured out a solution to this? I seem to have gotten to the same conclusion with no solution.
If I were to go the my app's checkout page, the payintent is created in the backend (explained the process below). So no after the payIntent is created, if i open a new tab and go the menu and add a new menu item, firestore will show the new (correct) total, but since the payment intent is created stripe charges the old (wrong) total.
What I am doing is
Every time the page loads, I send a GET request to my backend which verifies the identity of the user (using firestore/firebase).
Checks if there is a payment intent (payement intents are stored in firestore corresponding to the user)
A. if payintent does not exist under user create one
B. if payintent does exist retrieve payintent from stripe and check if it has .status===succeeded. IF it has succeeded create a new one and if it has not succeeded update the old one. The amount for all payIntents is calculated using total in firestore
(and ofc if the users cart is empty a payintent is not created)
Send back to the frontend the payInent.clienSecret and cart items to populate page
From the front end using stripe elements and confirmPayment confirm the payment
(using ngrok the page loads in about 800-1200ms so not too bad i think)
Possible solutions are using webhooks, when payintent is processing check and update the pricing but that seems like duct taped solution (if it were to even work). OR using webhooks when payment has succeeded update the payment, again seems like a duct tape solution (if it were to even work).
EDIT: possible solution 3 cofirmPayment in the backend but according to documentation that takes away 3ds authentication which is the reason I am doing confirmPayment in the front end anyways
SOLUTION: The missing piece is that you need to update the Payment Intent's amount when something is added to their cart. Once you add that I think that will solve your issue.
So a function to create payment intent and update payment intent (when there is already a payment intent created) on add to cart. And then a final update paymentIntent on the checkout page whenever they delete an item or if they edit the item
Thank you Justin Michael
I'm not sure I completely understand your question. If you confirm a Payment Intent client-side using its client secret the Payment Intent will attempt to charge whatever the current amount set on it is. Stripe will never use a previous or "old" amount.
As far as a solution, I recommend you retrieve the Payment Intent client-side using Stripe.js when your customer clicks on your "pay" button and see if the currently-set amount on the Payment Intent matches what you're currently displaying to them. If it doesn't match abort the payment process, update your state client-side based on the latest version of the Payment Intent you just retrieved, prompt the customer to confirm the new amount, and ask them to click on "pay" again.
I have an idea of doing a back office for my website. The problem is that, when I introduce a user who has, for example, two roles, I want the user to choose the role to work with, but I can't figure out how to do that. I've tried so different things such as putting the two roles separate with commas in MySQL and separating them in PHP but it didn't work.
let say you have a user table, and a user can have multiple role.
you can create a master table for role ( let say roles )
you can have a field on user table say user_roles -> it can have values like 1,2,4
note:- there should not be gaps between the numbers / comma
on the front-end you can take a mutiselect / tags UI element to input role for the user.
to fetch the role of a user at server side - you can use explode() + in_array() to check the role if exists
comma separated example
EDIT:-
It requires validation when adding roles ( ie: which user's role is allowed to select when already selected specific types )
For authorization, the user's roles should be added to the session :- this will help when allowing the user to do tasks he is allowed to do.
you can take a third table to maintain user's roles ( as suggested by #ADyson ), this will help if you want to join tables based on user + roles but you will need to join roles table for getting user data when starting session for the user.
Currently doing a chat app where a user could join multiple chat groups, something similar to what Telegram and Facebook Messenger has. Pretty straight forward. We're mainly using Firebase database for storing the chat groups and message details.
Sample DB structure:
To only get the chat groups a user has:
root/
users/
chatGroups/
$uid/
$chatGroupId: true
We then get the details of the chat group from a different node, same with the latest chat message in that group:
root/
chatGroups/
entries/
$groupId/
group details here...
messages/
$groupId/
$messageId/
message details here..
Everything above to get the data for a single group item that looks something like this:
All works fine. We initially get at most 5 chat groups at first, then just sort the list. The problem lies where we have to listen for updates for the chat groups -- group with the most recent chat message would go to top of the list.
The structure we have listens only to the list of groups the specific user has -- we could detect groups joined (onChildAdded) and left (onChildRemoved) by the user, but it doesn't contain the timestamp we need to sort the chat group list by the most recent changes timestamp.
Has anyone tried this similar behavior with Firebase before (we're doing a client for both Android and Web -- Javascript)? Any ideas or suggestions would be appreciated. Let me know if you need some relevant details to make things clearer.
Because there is no auto-created metadata in Firebase about when a child was added, updated or deleted and also because those operations doesn't contain the information you are searching for, you need to create your own mechanism by adding the local timestamp for each operation or by writing a server-side timestamp.
There is another approach in which you can use denormalization. Add those chats to a new created section named uxChats. The chats will need to contain only the text message and the timestamp. If you are using FirebaseUI then you can reverse the order just using this lines of code:
LinearLayoutManager layoutManager = new LinearLayoutManager(getActivity());
layoutManager.setReverseLayout(true);
layoutManager.setStackFromEnd(true);
recyclerView.setLayoutManager(layoutManager)
Latest chat goes on top.
Hope it helps AL.
I've been searching a ton and maybe I'm using the wrong search terms, but essentially I want to have a user select items to add to a favorites list and then create a unique url they can share. An example can be found at http://www.sortfolio.com
When you click the "shortlist?" button at the bottom of an item it'll get added to the "My Shortlist (Your Favorites)" and when you click there it'll show what you've added to your favorites list and provide a shareable unique url with your favorites.
I have a MongoDB database and using Node with Express. I'm assuming you'd collect the items database id's and then make a get call to grab them, but how would I then create the unique shareable url. I think sortfolio is built with Ruby on Rails which I am not using. If anyone can point me in the right direction to replicate this type of functionality it would be a great help.
Hi just like you said you've to create one another Mongodb collection like favorites
{
favouriteid:unique id/if you want short uid the u can us npm uid,
Item:ref to production product collection
}
Then create an api for getting favorites according to favorites.
And in given site example user can shortlist and share item without login also. So in this case on Frontend side store shortlist in product in sessionstorage and if user want to see favorite list then add new favorite record with items fetching from sessionstorage or locals to rage. Provide sharable url which have unique sharable I'd. Above thing manage according to cookie basic.
I am learning web development and lately Meteor has caught my fancy.
I went through the starter tutorial of creating to-dos and use save button to commit the list to database. It allows everybody who opens the website to see the same to-dos list.
I added user log in system in to-dos so that people can login and see only their own to-do list.
Now, I'm trying to extend above example, for Collaborative to-dos.
Here is a sample use case:
My boss logs-in at do.com and starts creating his to-do list. While the Boss is logged in, I also happen to open do.com from my laptop and I see a message flashing - A session is already open. Do you want to collaborate with Boss? If I say 'Yes', Boss will be notified at his screen to allow me access to his list, and on granting access, I will be able to collaborate with Boss's to-do with both of our changes in the list reflecting on each other's screen but the final save/commit button remains frozen for me (because I came later) and remains active only for Boss. So, when Boss hits the save button, the list is committed to database with his and my changes.
If Boss chooses to not allow me to contribute, I get to see my own to-do.
On the other hand, if I choose NO, I get a fresh start at my to-do list with no bearing on already open sessions elsewhere.
The scenario should work other way round too. If I am the one who has an active session at do.com and Boss happens to open his own later, he should get the message whether he wants to collaborate with me and so on.
What would be the best way to implement this in Meteor? I came across this Persistent Session package which could be the solution but I am not able to adapt it to my use-case of allowing/denying another user via message/notification. Appreciate, any help on this. I'm a complete newbie here, pls excuse of any un-necessary verbiage, I wanted to explain my question well.
Thanks in advance.
Session is not the right tool for this, you want to use the server db (Collections) to mediate this collaboration.
Given that you created todo lists specific to users, I'm going to assume you have a publication somewhat like this:
Tasks = new Mongo.Collection("tasks");
if (Meteor.isServer) {
Meteor.publish("tasks", function () {
return Tasks.find({owner: this.userId});
});
}
So the next step is to change this so you can see your own tasks, and also those belonging to any user who shares their tasks with you. This could be created like this:
Tasks = new Mongo.Collection('tasks');
CanView = new Mongo.Collection('canView');
// CanView holds docs with this schema:
// {
// user: 'DzxiSdNxEhiHMaoi6',
// taskLists: ['DzxiSdNxEhiHMaoi6', '7X97ZhPxjX6J4eNWx']
// }
if (Meteor.isServer) {
Meteor.publish('tasks', function () {
var canView = CanView.findOne({user: this.userId}).taskLists;
return Tasks.find({owner: {$in: canView}});
});
}
On the client tasks could be displayed as one single list, or segregated by the owner property.
How you add and remove ids into the CanViews tasklist list will depend on the workflow for requesting access/offering to share, etc.
The other part of the workflow you mentioned is only the Boss being able to save the changes, but still have them reactively update on both screens. This would take more work as you would need to implement a 2 step process, with two collections on the server. i.e. Boss's (task owner's) saves are committed directly to the canonical Tasks collection, and other users saves to a second TaskUpdates Collection. Both published to the clients, which then have to overlay the data from TaskUpdates over the actual Tasks in a way that is clear and meaningful.