I need to modify a form validation because some of the inputs are generated by the system instead of human input, those input fields will be filled in a controller. In other words, its DTO has fewer fields with validation constraints than the entity class. I am investigating
$v.myEntity.$invalid
I have a look at all related typescript files and don't see how it is done. Vue is the framework for the front end. I assume that it is the same for the front end regardless of the Javascript framework.
JHipster + Vue uses vuelidate for form validation. Look for an object called validations near the top of your .component.ts files.
Something like this:
const validations: any = {
testEntity: {
testField: {
required,
},
},
};
For example, to make testField no longer required on the front end, remove required, on that .component.ts and the required keyword on the corresponding input on your .vue file.
Remember to also remove the #NotNull on the entity DTO so it's not rejected, and then you can fill it up with whatever you need on the server side.
Related
Without going into depth, I need to remove all validation objects from a Validation Controller without having access to those objects outside of the controller. Basically this is to cleanup existing validation objects before adding new ones. It's complex.
Very simply, I need to do this:
this.validationCtrl.removeAllObjects();
One possibility I've attempted is to inspect the validation controller and iterate through its objects property, but I'm unable to correctly access these or give the .removeObject() what it needs.
const validationObjects = this.validationCtrl.objects;
validationObjects.forEach(obj => this.validationCtrl.removeObject(obj));
This also doesn't work.
What is the best way to blindly remove all existing validation controller objects?
The following code works to delete all existing objects from the current controller:
const validationEntries = Array.from(this.validationCtrl.objects);
validationEntries.forEach(([key]) => {
this.validationCtrl.removeObject(key);
});
I want to implement a mechanism to obfuscate the id fields in my application . Right now all the id fields are integers. I want to use some sort of reversible hashing to create random strings corresponding to the id fields. Also, I am trying to accomplish this with minimal changes to the overall project.
One thing that came to my mind was to write a middleware to intercept every request and response object and check for the presence of id field. If the request contains id field and it is an obfuscated version, decode the string and replace the request parameter with the integer id.
If the response contains the integer id, run the encode function on it to send the obfuscated id to the client.
The problem I am facing is with modifying the req object. The id field can be present in req.body or req.params or res.query. However, in the middleware, I cannot see the id field when it is present in req.params.
I tried using policies. But the problem I am facing there is even after changing the req.params, the changes are lost when the control reaches the controller. What would be the recommended way of solving this problem ?
Here is the sample code:
In the policy:
module.exports = function (req, res, next) {
req.params.id = '12345';
req.query.pageSize = 30;
req.body = {};
sails.log.info('req.params', req.params);
sails.log.info('req.query', req.query);
sails.log.info('req.body', req.body);
return next();
};
I am just modifying values of req.params, req.query and req.body.
When I try to access these values in the controller, the values of req.query and req.body are the modified values as changed in the policy. However, req.params changes back to what was sent by the client and the changes made in the policy are lost
I think you are confusing policy and middleware? Is your code above in api/policies? If so, you still need to define which controller(s) this policy is applied to in config/policies.
So config/policies.js should look like:
modue.exports.policies = {
// If you really want this policy for every controller and action
'*': 'policyName.js',
// If you want it for a specific controller. '*' denotes every action in controller
specificController: {
'*': 'policyName.js'
},
// If you want it for a specific action on a specific controller
specificController: {
'specificAction': 'policyName.js'
}
};
Also I'd like to add. Policies are generally meant for authorization of controllers but this seems like a decent use case. Since every single request is not going to have these fields this should be a policy. Policies are great when applying something to a handful of controllers/actions. Middleware is great when you need to apply to every single action that comes into your app.
http://sailsjs.org/documentation/concepts/policies
http://sailsjs.org/documentation/concepts/middleware
Gitter response:
sgress454 #sgress454 10:45
#mandeepm91
In the policy, if I change req.body or req.query, the changes persist in the next policy or controller. However, changes made to req.params are lost.
This is one of the main use cases for req.options. This object is intended to be used to store request data that can be mutated by one handler before being passed on to the next. The req.params object is meant to provide each handler with a copy of the original request parameters.
How you approach this really depends on what your goal is. If you really need each request handler (that is, policies and controller actions) to see an encoded version of the ID, then a good approach would be to encode the ID in a policy as #S-Stephen suggested, store that value in req.options.id and refer to that in your other request handlers. If, on the other hand, you're really only concerned with the response having the encoded ID, the suggested practice is to use the res.ok() response in your handlers (rather than res.send() or res.json), and adjust the code for that response in api/responses/ok.js to encode the ID before sending. You can also use a custom response if this is only required for certain requests. See custom responses for more info.
Hi #sadlerw, you should be able to modify the code for res.ok() in your api/responses/ok.js file to have it always return JSON if that's what you want for every response. If it's something you only want for certain actions, you could create a custom response instead and use that where appropriate.
Good afternoon,
Please let me know if this question is not clear enough, I'll try my best to make as straight-forward as possible.
How can I add access control to objects that are generated by an end-user using my data object?
Example: I have a class that extends a DataObject. Someone logs in the back-end; fills out the form that's generated by the CMS for the data object. A record is then created in the database by the CMS.
I would like to add an access control to that newly created record in the database.
For a code scenario you can take a look at one of my posts: Silverstripe 3 - Unable to implement controller access security from CMS
The only other way I can think of asking this question is: How to Dynamically (or programmatically) create permissions for records that are created by a DataObject extension via the CMS?
Thanks for your assistance.
Update - Sample Code
///>snippet, note it also has a Manager class that extends ModelAdmin which manages this!
class component extends DataObject implements PermissionProvider{
public static $db = array(
'Title' => 'Varchar',
'Description' => 'Text',
'Status' => "Enum('Hidden, Published', 'Hidden')",
'Weight' => 'Int'
);
///All the regular permission checks (overrides), for the interface goes here, etc...
///That is: canView, canDelete, canEdit, canCreate, providePermissions
}
Now, from the back-end an end-user can add components using the Manager Interface that's generated by extending ModelAdmin. How can I add individual permissions to those added components by the end-user?
Thanks.
Update 2
Example: Add Process Data Object that extends ModelAdmin will give you this in the back end
Then, when you click on the generated 'Add Process' button, you'll get this:
Finally, someone fills out the form and clicks on the 'Create' button, which saves the data in the database. That looks like this:
Now, on that record thats created in MySQL I'd like to add granular permissions to that record. Meaning, for every record created I want to be able to Deny/Allow access to it via a Group/Individual, etc.
Is that even possible with the SilverStripe framework? Thanks.
Implement the functions canView, canEdit, canDelete, and/or canCreate on your DataObject.
Each function will return true or false depending on the conditions you set - any conditions, not just what is defined in the CMS.
See the example code on the tutorial site.
I tend to use dojox.data.JsonRestStore as my grid's store, but I am always failed to access struts2 action, I am unfamiliar in REST, is it only can be used in servlet rather than struts2, etc.
Currently, My project is using struts2 + spring as backend skill and dojo as front-side skill, have you any ways for me to make dojox.data.JsonRestStore access a structs2 action class?
Thanks in advance.
to get the data, all you need is an HTTP GET that returns an array of JSON objects. The return value from the action must be a string with something like:
[
{
"penUser":"Micha Roon",
"submitTime":"12.03 13:20",
"state":"Eingang",
"FormNumber":"001001"
},
{
"penUser":"Micha Roon",
"submitTime":"12.03 13:20",
"state":"Eingang",
"FormNumber":"001001"
}
]
If you want to be able to update objects you have to have a method that reacts to PUT with the same URL as the one you used for GET and if you need to delete, DELETE will be used. The important part is that it must be the same URL.
In order to have JsonRestStore pass the ID in a GET parameter instead of appending it to the URL, you could specify the URL like so:
target:"services/jsonrest/formstore?formId="
When you call yourStore.get("123") the request will try to get http://yourserver:port/AppContext/services/jsonrest/formstore?formId=123
REST is nothing more than a convention.
You can use a RESTFull API like jersey.java.net in order to make your life easier and your URL more RESTFull.
I was thinking about giving end users the ability to drop Partial Views (controls) into the information being stored in the database. Is there a way to execute a string I get from the database as part of the Razor view?
Update (I forgot all about this)
I had asked this question previously (which lead me to create RazorEngine) Pulling a View from a database rather than a file
I know of at least two: RazorEngine, MvcMailer
I have a bias towards RazorEngine as it's one that I've worked on but I have a much simpler one at Github called RazorSharp (though it only supports c#)
These are all pretty easy to use.
RazorEngine:
string result = RazorEngine.Razor.Parse(razorTemplate, new { Name = "World" });
MvcMailer
I haven't used this one so I can't help.
RazorSharp
RazorSharp also supports master pages.
string result = RazorSharp.Razor.Parse(new { Name = "World" },
razorTemplate,
masterTemplate); //master template not required
Neither RazorSharp, nor RazorEngine support any of the Mvc helpers such as Html and Url. Since these libraries are supposed to exist outside of Mvc and thus require more work to get them to work with those helpers. I can't say anything about MvcMailer but I suspect the situation is the same.
Hope these help.