I am trying to build a real world application with xstate but I am having trouble with modeling the application startup.
a user can enter the application start by typing the www.ex.com to go the home page
but a user can also enter the application www.ex.com/any-page
can someone give an example of modeling application with multiple pages
a user can be unauthenticated an be on the login page or home page but not secure page
or
a user can be authenticated and be on any page
I want each page to have there own state that is what is prompting the question.
I want each page to have there own state that is what is prompting the question.
Don't think of it that way; at least not at first. Use a data-first approach, such as in this example: https://codesandbox.io/s/xstate-react-back-example-4q2vh
The reason is that each page isn't necessarily a "finite state" - it's just data, and all part of the same state (e.g., "viewing a page"). The best way to think about finite state is as an application's behavior at any given time. Does the behavior change when changing pages? Probably not, so use context instead of finite state.
Related
I authorized the group of a user to the cockpit-application. I gave the group full access to the Process Definition and Process Instance authorizations. (so pretty much as described in the documentation)
When I try to log the user in, I see the Welcome screen and in the application overview the option to navigate to the cockpit-application.
However, when I click this, I get the Login screen again.
For a fraction of a second I see the cockpit application, but then it immidiatly redirects to the login page. When I try to log in again, it keeps redirecting me to this login screen.
I configured another group to use the Tasklist application and that is working as expected.
I tried to give the authorization on user-level instead of group-level but the same problems occurs.
(n.b.: I am using the Spring-Camunda-Starter for this application.)
I found the problem, I accidentally removed one of the authorizations the system automatically creates when the user is created. I think I might have removed this, as I thought it was not necessary.
It is in the User Authorizations, every user has an authorization from it's own user to that user. When I added this, it fixed the problem.
I found the solution when another user logged in and had no problems. And the found this to be the only difference between the two accounts.
Hopefully this will help someone in the future!
Being in a view and you know the area-name, controller-name and action-name of a destination to which you want the user to provide a link to, how can I figure out if the area/controller/action is authorized for the authenticated user.
Imaginary Use-case:
I have a table with a list of books (the result of bookscontroller.index). To the far right are some icons to edit or delete a specific book. The edit link refers to bookscontroller.edit and the delete link to bookscontroller.delete.
On the actions there are custom authorizationattributes and this works perfect. If a user want to access books/edit/1 and the user is not allowed to edit books, the user gets redirected to the logon page.
It is a bit stupid to have that edit-icon there if the user is not allowed to edit books. So at view level I would like to be able to figure out if the user is allowed to use the edit action of the bookscontroller. If he is, show the icon if not, do not show the action.
Goal: use that knowledge to create a custom tag-helper.
The go-to method is reactive, i.e. you check if a user can do action when the user tries to do. Since you do not want to go that way, here is how. (yet, this is anti-pattern)
Have the authentication token of the user send back to backend. The backend should have an API end point for each button on the page user can click. With the authentication token, the back-end resolve whether to dim or enable the buttons.
Now, what the backend does to resolve this is not very efficient. The backend needs to literally attempt certain actions and aborts the transaction. For create and retrieve, it is trivial (you can pre-resolve them) but for edit and delete, this requires a lot of resources.
The standard way of controlling such actions on UI is to use role based authorization.
For the buttons or other such UI elements, setup role tags, e.g. "admin:edit", "viewer:readonly" etc.
When you are authenticating a user, send the applicable roles from the backend server, store them in a way that is globally accessible to your UI and use them for filtering UI elements across your application.
I want to have app which has some default route and controller (Let's say Login page). I can register this at the Configure method but after the user successfully logs in I want to fetch the pages related to the user and register them so he can have access to it. Is there a way to achieve that?
As long as I read that's impossible but who knows, I'm new to ASP NET Core?
Based on the wording, this sounds like a security question. You only want users to have access to certain pages. If that's the case then I would look at something like role-based authorization.
If the question is more about showing the user a list of resources they can access, then the most obvious solution I can think of is to store that information in a relational database. When the user logs in, select the relevant pages / resources by user ID.
In any case, changing the registered routes is not the correct approach.
So I'm trying to develop a website using Ruby on Rails and I'm new to the concept of BDD. I've worked through both the Ruby on Rails Tutorial and the RSpec book and starting to strike out on my own, but was hoping to get some feedback on an initial feature.
Feature: User Signup
As a user (anyone who may use the system, to include persons outside the unit)
I want to sign up
So that I can access the website
Scenario: sign up
Given I have not yet signed up
When I go the signup page
Then I should be redirected to the signup page
Am I on the right track here..?
Yes, I think it makes sense to have some reference to "I click the signup link" if that's how users will be accessing the form. Another question this scenario raises relates to the overall user journey - where will the user be in order to click that link?
To me, this scenario should document that aspect as well.
I'd also recommend keeping non-relevant technical terminology out of scenarios. A scenario should cover the most important aspects of a business rule or user journey from the perspective of the user to whom the user story concerns. Therefore from a user's perspective the term 'redirect' won't mean much and it's not important to them if the page was redirected or if they just followed a plain link.
You may wish consider something along this lines of :
Scenario: sign up
Given I have not yet signed up
And I am on the homepage
When I click the signup link
Then I should be on the signup page
I am developing an application in ASP.NET and I have a page that depening on user's role displays different parts. If the user is an Admin s/he sees for instance a page part where to input a new user and role that a normal user cannot see. Let's think about this page as a portal.
I already wrapped all the different sections in with Id and I can control their visibility. However this is not the optimal solution concerning security since the user or a malicious robot can still fill and access the parts that are not visible in the browser.
With MVC it is easy since I just create several partial views and render them upon users' credentials but how do you do it in standard Web Forms? Thanks
You can use the ASP.NET LoginView control. The control has an AnnonymousTemplate which you can use to specify which content should be shown to Annonymous users, and a LoggedInTemplate which you would use to specify the content shown to logged in users. But is also has RoleGroups which can be used to specify content that can be shown to users in different roles.
The article in this link will walk you through the use of this control.
http://weblogs.asp.net/sukumarraju/archive/2010/07/28/role-based-authorization-using-loginview-control.aspx