Restrict data for multiple users - yii

I add multiple users as teacher. And I create a table where every teacher update his data that is documents etc.,but when another teacher login he can also view that data how user to restrict to show that to other users?

You need to read more about Yii, and how you can use it.
For your case you can read this: add condition
For your question you can do this in your action in controller:
0) ensure that user is logged in: \Yii::$app->user->isGuest || //redirect to login page or via Access control filters
1) get user id from user. (\Yii::$app->user->identity->id)
2) set this id in teacher document query. like andWhere(['teacher_id' => $userId]);
public function actionViewDoc()
{ $userId = \Yii::$app->user->identity->id;
$model = TeacherDoc::find()->andWhere(['teacher_id' => $userId]);
return $this->render('viewDoc', [
'model' => $model,
]);
}
This will resolve your issue.
UPD: For more advanced solutions you could use:
1) Access control filters
2) RBAC.

Related

lucene query filter not working

I am using this filter hook in my Auth0 Delegated Administration Extension.
function(ctx, callback) {
// Get the company from the current user's metadata.
var company = ctx.request.user.app_metadata && ctx.request.user.app_metadata.company;
if (!company || !company.length) {
return callback(new Error('The current user is not part of any company.'));
}
// The GREEN company can see all users.
if (company === 'GREEN') {
return callback();
}
// Return the lucene query.
return callback(null, 'app_metadata.company:"' + company + '"');
}
When user logged in whose company is GREEN can see all users. But when user logged in whose company is RED can't see any users whose company is RED.
I need to make this when user logged in, user should only be able to access users within his company. (except users from GREEN company).
But above code is not giving expected result. What could be the issue?
This might be related to a little warning note on the User Search documentation page
Basically they don't let you search for properties in the app_metadata field anymore. Unfortunately, this change was breaking and unannounced.
We had to make changes to our API so that we keep a copy of the app_metadatas in a separate database and convert lucene syntax to MongoDB queries, so that we can query by a chain of user_id:"<>" OR user_id:"<>" OR ....
One caveat though, you can't pass a query that's longer than 72 user_ids long. This number is so far undocumented and obtained empirically.
Also, you can't rely on Auth0's hooks to add new users to your database, as these don't fire for social logins, only for Username-Password-Authentication connections.
I hope this gave you some explanation as for why it wasn't working as well as a possible solution.
If I were you, I would look for an alternative for Auth0, which is what we are currently doing.
I finally ended up with this solution.
Used search functionality to filter users. I had to change below two files.
fetchUsers function in client\actions\user.js
changed
export function fetchUsers(search = '', reset = false, page = 0)
to
export function fetchUsers(search = '#red.com', reset = false,
page = 0)
AND
onReset function in client\containers\Users\Users.jsx
changed
onReset = () => { this.props.fetchUsers('', true); }
to
onReset = () => { this.props.fetchUsers('#red.com', true); }

How to setup one-to-one relation in yii2 and also other functionalities mentioned below

One User has One Profile(obviously). How do I design the logic behind this?
I have two tables namely "tbl_users" and "tbl_profile".
When I open the profile page, I should be able to see the "Create
Profile" button only if the profile does not exist.
Once the profile has been created by the user, "Create Profile"
button should not appear next time.
Please describe me in detail how the columns of both tables are linked and what changes I have to include in both the models and other changes too.
Thank you.
In your controller you could write something like this:
$user = User::findOne(Yii::$app->user->id);
$profile = $user->profile;
return $this->render('view', ['user' => $user, 'profile' => $profile]);
Then in your view
if(null !== $profile) {
/*show your button here. It's going to work once because...*/
} else {
/*...here you could show form to create your profile*/
}
In your User model use code like this
public function getProfile()
{
return $this->hasOne(Profile::className(), ['id' => 'profile_id']);
}
This is just an example to give you idea.

How to use a single form to collect data for two or more models in Yii2?

My problem is to dynamically create forms through jquery.
The user should be able to dynamically generate inputs such that he can save multiple rows into the corresponding model/table in one go.
Now I don't know how do I generate the name attribute for the forms for multiple models. I suppose it should be something like ModelName[Property][] (but I would preferably want to do it in 'Yii way' instead of hardcoding the names)
To understand this better, Here I found a similar post in Yii Wiki.
using a single form to collect data for two or more models
How can this be modified for Yii2? So that the user should be able to fill in data for all the (dynamically generated) rows and submit them in one go.
Tutorial of tabular form for multiple models.
Try this, Reference
public function actionCreate()
{
$user = new User;
$profile = new Profile;
if ($user->load(Yii::$app->request->post()) && $profile->load(Yii::$app->request->post()) && Model::validateMultiple([$user, $profile])) {
$user->save(false); // skip validation as model is already validated
$profile->user_id = $user->id;
$profile->save(false);
return $this->redirect(['view', 'id' => $user->id]);
} else {
return $this->render('create', [
'user' => $user,
'profile' => $profile,
]);
}
}

Laravel role based page access - Trying to get property of non-object - Auth::user()

Still very new to Laravel 3 and working through some issues.
I'm trying to set up a role based access to page. Users are currently able to log in and that part works well but I want to restrict access to certain pages based on the users role eg admin, editor etc.
So, I've created a filter as follows:
Route::filter('check_roles', function () {
$current_url = URI::current(); //get current url excluding the domain.
$current_page = URI::segment(2); //get current page which is stored in the second uri segment. Just a refresher: //the first uri segment is the controller, the second is the method,
//third and up are the parameters that you wish to pass in
$access = 0;
$counter = 1;
//excluded pages are the pages we don't want to execute this filter
//since they should always be accessible for a logged in user
$excluded_pages = array(
'base' => array('login', 'user/authenticate'),
1 => array('user/profile', 'dashboard','dashboard/index','articles','articles/index', 'articles/create', 'articles/preview', 'articles/edit', 'user/profile', 'user/logout'),
2 => array('articles/publish','user/create', 'user/edit'),
3 => array('user/delete')
);
if (!in_array($current_url, $excluded_pages['base']) ) { //if current page is not an excluded pages
if(Auth::user()->level < 4) {
do {
if (in_array($current_url, $excluded_pages[$counter])) {
$access=1;
}
$counter++;
} while ($counter < $user_level AND $counter < 4);
if ($access == 0) { //if user doesn't have access to the page that he's trying to access
//redirect the user to the homepage
return Redirect::to('dashboard')
->with('error', 'You don\'t have permission to access the following page: ' . $current_url);
}
}
}
This is based on tutorial I found https://gist.github.com/anchetaWern/4223764
My thoughts were depending on user access level which is 'level' in the user object I'd filter the pages etc.
However I'm getting an error 'Trying to get property of non-object' this relates to this code:
if(Auth::user()->level < 4) {
testing Auth::user()->level in a view confirms the user is logged in. Can anyone advise why this doesnt work in the routes.php as a filter?
Thank you
Problem solved - I was using the incorrect syntax in my script which I realised once I posted here.
if($user_level = Auth::user()->level < 4) {
Should be:
if(Auth::user()->level < 4) {
Filter works now. However I'm looking at ways to improve as not sure this is the most efficient way now!
Thanks

JCarousel widget on Yii framework don't load image

I'm trying to use JCarousel widget on Yii framework.
My JCarousel must show images of specific user that belong to a specific gallery (for that user).
I retrieve the information about the images from a MySQL DB, in the specific from Photos table, where gallery_id have a determined value. The column from Photos table that contain the name of the photos is "path".
In the code I have written this:
$DataProvider = new CActiveDataProvider('Photos', array('criteria'=>array(
'condition'=>'gallery_id = :id',
'params'=>array(':id'=>$gallery->id),
),));
$this->widget('ext.JCarousel.JCarousel', array(
'dataProvider' => $DataProvider,
'thumbUrl' => '"/images/upload/".$data->id."_".$data->path',
'imageUrl' => '"/images/upload/".$data->id."_".$data->path',
'target' => 'big-gallery-item',
'vertical' => false,
));
With this code I get, on the div, the written message: "No result find"
Where I did i go wrong?
Check your dataProvider. Try get results via $DataProvider->getData() and check that you photos exists.
I do not think that the error in the extension, most likely you do not select data from the database.