Firstly, I love the Directus CMS and I chose to implement it on my new project. So far I am just loving it.
Now I have this issue where the user create functionality was added, with email verification etc all was good. Until I added a new o2m field in the directus_fields & proper relations were made. Works well in the admin panel, but while I want any user to signup from frontend the api now throws error code 3, 401 Unauthorized request. I tried all the permissions, for the junction collection, the field one collection and also the directus_users collection.
PS: It works back normal when I tried deleting the field from the directus_fields table. Thats why I am actually guessing that the issue is from the relations related permissions. And the relation works well and fine from the admin panel.
So again my question is, if an o2m 'many-to-many' field is added to 'directus_users' collection what are the permissions, alterations required for public user/create functionality. The field is not marked as required.
I am using version 8.8.1
For now, I made a temporary solution.
Removed the o2m field from the directus_users table, instead created a new collection containing the additional users_data and created the many-to-many field in it so the registration is secure and also doesn't require to tamper the directus_users table. All I had to do in addition was to modify the extra request parameters from the frontend.
Although, I still believe my question is a valid one.
Related
In my Sitefinity back-end there is a user section that I would like to add some setting. Something like DisplayLink where it would be a boolean value that I can set on Login of the user. Is there a way I can do that? I am using sf 14 and can't find anyway to add some setting for the user.
I believe this is what you need ...map the view externally and modify.
However keep in mind these views pull in the XHR JSON and you just expose it to the grid... Open your console and view the XHR network traffic to see the JSON object per user. There's a "Comment" field you might be able to leverage, but man the best way would be to just use a ROLE... because they can be filtered, and already come across in that JSON.
Another thing to note, is this is an OLD UI screen and likely will get revamped in the next few releases of Sitefinity rendering everything you're doing pointless... (have to re-do it with likely the new AdminApp Extensions)
I've been using Netlify for storing 100% of my app (both frontend and backend) for the last three months. So far, so good.
The only problem now is that I need to store a custom property for each user (say, the phone number), and apparently Netlify Identity doesn't support this (only email, name and roles https://www.netlify.com/docs/identity/).
I don't want to change the whole app to migrate to another hosting provider just for this detail (actually, I can't, it's for a client and I just don't have time), because it works great, but at the same time I need it.
Can you think of any workaround to this? The less "hackish", the better, but I understand that I'm going beyond the intended use of Netlify Identity.
So it actually does look like Netlify's GoTrue API has a specific endpoint for updating custom user data. After a user is created, you can update metadata by including it as "data" within an authenticated PUT request to /user.
PUT /user
{
"data" {
"custom_key": "value",
}
}
See https://github.com/netlify/gotrue for more info.
There are dozens of ways to do this, so I'll talk about two generally applicable ways now:
the most "generally capable" one is probably using lambda functions: https://www.netlify.com/docs/functions . This lets you run dynamic code, such as "store to database hosted elsewhere" or "email to our office manager to update a spreadsheet" or even "commit to our closed git repo so it's available in-code" (last one is probably a worst practice, but is possible). You can similarly use a function to read that data back out without exposing API tokens (code example: https://github.com/netlify/code-examples/tree/master/function_examples/token-hider)
you could have the data gathered via a form submission (https://www.netlify.com/docs/form-handling). I'd probably use zapier.com to receive a notification of the form submission (https://www.netlify.com/docs/form-handling/#notifications). Zapier can of course connect to just about anything on the planet :) . Getting the data back out if you want to show it in your UI is a bit more of a challenge, but you could use the above mentioned functions if you need to connect to some private data store to pull it out. Or for an MVP, just not show it, only let people enter/update it ;)
ive been digging through quite a few questions on here about restful relations but havent quite found what im after.
consider this scenario
GET /api/users(?include=custom_fields) - returns an array of users, optionally including relations as nested properties
GET /api/users/1(?include=custom_fields) - returns a single user object
POST /api/users - creates a new user (if the request includes an array of "custom_fields" these are created and linked)
PUT /api/users/1 - replaces user entity with supplied payload
PATCH /api/users/1 - updates the user properties provided
DELETE /api/users/1 - deletes
GET /api/users/1/custom_fields - gets all users custom_fields
PUT /api/users/1/custom_fields - deletes all existing custom_fields and creates ones provided
PATCH /api/users/1/custom_fields - appends if not exists, or creates new custom fields for this user
DELETE /api/users/1/custom_fields - deletes all custom fields for user
DELETE /api/users/1/custom_fields/{id} - deletes custom field for use by id.
this all makes sense to me and is working as expected, however im now implementing a "user edit" screen in my admin area, this shows the user object AND the custom fields.
right now the only RESTFUL way i can see to save this form is to:
PATCH to /api/users/{id}
to save the user. when thats done,
PUT to /api/users/{id}/custom_fields
to update the custom fields.
not ideal but would work, however going forward i know for sure i will have other related resources like user roles, emails, etc.
this doesnt change the situation it just means alot more endpoints.
something about this smells to me. to simply save a user im having to make requests to at least two endpoints.
how would you suggest best to handle this without the two different requests?
The simplest solution would be to just include all those (custom fields, roles, etc.) into the User representation, you already seem to be doing that anyway on GET and POST. Just extend that to PUT and PATCH too.
If you already support some media-type for the PATCH method on Users, then you could conceivably extend that to define adding/removing custom fields, roles, whatever you need.
An example problem:
On Stack Overflow, a question page shows a number of different answers. In displaying these answers, the site also gives information about the author of the answer. This means that although the number of badges a given user has has nothing to do with an answer in and of itself, that data still needs to be retrieved in order to display the page.
From what I can see, there are three different ways to go about pulling this view data in a model:
A Post object could include a full User object as a member. The view would then access the user like this: $post->user->getReputation(). This seems cleaner, since a Controller could just request the posts and be done with it, but yet inefficient since a Post probably doesn't always need a full-blown User. I suppose it works well enough if the User object is relatively light, which it probably would be. The problem would then be that you would need to duplicate User retrieval code as part of the Post retrieval query.
The Post object could hold just an ID for a User. When the Post, or Posts, are returned to the Controller, the Controller could then extract the unique User IDs from the returned set and pass them to a User factory. The returned User objects would then be passed along with the original Posts set to the View as a separate collection. The view could then grab user info using something like $users[$post->getUserId()]->getReputation().
A hybrid approach: Include the User object inside the Post object, but have the unique id extraction and User retrieval as part of the Post retrieval method. i.e. Post::getPosts() would grab all relevant posts and convert them to objects with null User members, then it'd extract all user ids and pass them to User::getUsers(), then assign the Users to the relevant Posts before returning the set of Posts to the caller.
I guess what I'm getting at is, how do I know when an object needs to contain another object fundamentally? Is it unclean/a code smell to instead have such related objects returned separately, with neither object knowing the other has been retrieved. I'm leaning towards the separate retrieval concept - it seems the most efficient - but it really does feel like they're too related for that to make sense.
There is also a solution in between 1 and 2. You can have a lazy loading proxy for the user class. With this solution you can have best of both worlds because the proxy is interchangeable with the real thing so depending on the situation you can have the object itself or the proxy.
Edit:
I'll try to explain this with an example.
Say that you have a view where you don't need user info, then you can instruct/configure your post factory to use the lazy proxy (see wikipedia)for the user which will only contain an ID. So no access to users is needed.
In another view you occasionally need to access user info but only for some posts, here again you instruct/configure your factory to include the lazy proxy for the user.
But when you actually need access to the user info, you can access the proxy object that will then load the actual user object and redirect messages to it.
In yet another view you need both post and user info, so here you instruct your post factory to use actual user objects.
It seems to me that this is another case of dependency injection. A general enough idea that could help you.
DEPENDENCY INJECTION WIKI
Read something about the Inversion Of Control also.
why not add optional member to model to know informations?? you can ignore when you don't need and can use when you do need.
Hi I'm am trying to get the list of issues from a JIRA server using the SOAP API provided by JIRA.
I'm trying to filter the issues based on a custom field (and latter I will want to set that custom field).
If I get the list of issue it returns the custom fields for those issues along with them (I get customfieldId, key, values for each custom field) and I can get the custom field with getCustomFields methods provided by the API (to look for the ID of the field with a given name).
The issue I have is that if I login with an account that is not an admin (using the API) I can't call the getCustomFields method (it throws an exception saying I have to be an admin to do that).
My question is: Is there any other way to know which is the ID of the custom field I desire that can be done using a normal user account?
Also if you know how to set a custom field for an issue, it would also be very helpful :) (I would also like to be able to do it with a regular user account).
You have to be an admin to get a list of custom fields. Any 'normal' account can act on the custom fields via the API provided the user knows the customfield ID.
You can set the value of a custom field too, even with a 'normal' account. Again, the user needs the appropriate permissions to do this. Example provided here.
More here and here.
You can also use getFieldsForEdit(token, issueKey), which will return RemoteField[] for all fields available for edit on that issue (even if it has not yet been defined on the issue). It does not require admin permissions, but because it has the word "Edit" in the method, it does require that you have permission to edit the issue (which means, e.g., if the issue is status=Closed, it will raise an exception unless you allow editing closed issues. Unfortunately, I have yet to find a way to retrieve the RemoteField[] list (in order to map id to name), so getCustomFields() and getFieldsForEdit() appear to be the only options.
Have you tried getting a list of issues from the project, picking one, zeroing out the data, and using that as a template? That might work.
SOAP is being deprecated in favor of the REST API, which also has a better method to get this information