I've been working with realm db in a React Native App for the last couple of days.
I'm wondering how to implement sharing of realms: https://realm.io/docs/javascript/latest/#permissionofferpermissionresponse
I understand that you have to create a permission offer and then send it to the specified user. Then that user accepts the offer and he is granted access to this realm. What I have difficulties understanding is - how do I know what realms a user has access to? Where do I keep this - I can't find information about the shared realms in the managementRealm object. Am I supposed to keep track of the realms a user has access to myself?
We have the following structure:
company -> field -> comments
Each user of the App is able to create companies & to share those companies with other users. Upon start of the App the user sees the companies he has access to:
Company 1
Company 2
Each company is a realm (database). Do I need a special realm (e.g. company_track) to keep track of realms that a user has created and has been granted access to?
So when the app starts I would provide the url to the company_track realm and from there I would read the data necessary to load the other realms.
Having worked with Realm, but not with the permissions stuff, I can't say this for certain, but it seems each user's management realm should contain permission objects representing all the realms they can access.
After reading a bit on the Xamarin docs, it says that the management realm is supposed to hold an object of type Permission for each realm the user has access to. The permission object contains the url to the realm and the access levels a user has.
There should be something similar for use in javascript as the underlying tech is the same.
Related
Hello again every one,
I have a question: I successfully implemented django-auth-ldap, the LDAP users can request successfully my DRF API. But nows, for my projetc needs, I have to define permissions depending of the group.
Indeed, I will have like 12 groups in my app. Depending of the group, I will authorize or not the user to request a given route, BUT even if I defined the global var AUTH_LDAP_MIRROR_GROUPS = True, and saw in my database the are linked to a group (see capture):
Users in database
Groups from LDAP inserted in db thx to django-auth_ldap settings
User linked to the groups defined
But now, I have some other problems: I do not know how to implement permissions depending of the group the user belong. In fact, if a user belong to the group ServerAdministrator, I want to allow him to access to every route accessible, but I dont know where to see this in the received request in my view?
As I understood, I should implement custom permissions I should write programmatically in a User object (which should inherit from django AbstractUser)
If yes, How does it work? Should I empty my whole Database and then let django-auth-ldap insert users and it also will create the given permissions defined inside the database?
Maybe it is not clear, do not hesitate to ask questions if I can be more precise.
Kind regards.
Benjamin
Newbie to Parse Server here.
I have an app which reads data from Parse Server and displays it to users without logging them in.
I want to create another 'Admin' app which will allow ONLY ONE pre-populated admin user to login and change the data. Is this possible via Facebook login? I would prefer Facebook login because with normal (user, password) login I can't implement 2FA easily on Parse Server. Facebook login would take care of the issue since the user is already logged into Facebook using 2FA.
Is this possible? Any suggestions / pointers would be appreciated. I am coding both apps in React Native. The first app is complete.
The type of login has nothing to do with the abilities a user has. The simplest solution for your desired setup is using class-level permissions:
create a new Role object and name it accordingly, e.g. admin
add your admin user to that role
set class-level permissions for your data classes: grant public read access, limit write access to the admin role
Now every user can see all the data, but only members of the admin role are able to manipulate them. If you want you can add more users to the role to also give them write access.
BTW: all these steps can be performed in Parse Dashboard, no coding required.
EDIT
Actually you can have it even simpler, the class-level permissions can also be granted to a single user -- so no need for a role, if you really only need one admin.
I'm utilizing the Realm Platform/Cloud with my React Native app. My user-base are teams working together on documents. Because of this, it seems to make sense to create a single realm for each team, and allow the entire realm to sync for each user as part of that team.
However, there doesn't seem to be an obvious way to do this outside of creating a realm for the very first user of the team, and then having the initial user create a permission token for each new user, which upon signup would accept the permissions and join that realm rather than creating a new realm.
My first question: Is that the correct way to do this?
My second question: (If this is the correct way) In the scenario that one of the invited users logs out and logs back in, I need to specify a realm URL for them to go to. When I loop through the permissions to find the realms that user has access to, there a few (including perm and management). How should I pinpoint the realm they were invited to?
One thought was to append /team to the end of realm names, this way I could always find the realm where the last 4 characters are team. Is that logical? Is that the way?
Thanks!
Planning on creating a Google Assistant Application that allows our customers to access business data. The problem I am having is understanding how a given user would link his account to his "instance" of our multi-tenant solution. I think the deeper problem is know which Tenant URL to associate with a particular account. I know I can implement the Accounting linking using Oauth, I have just yet to see how this could work with a single Assistant App accessing multiple tenants depending upon account.
You can get additional info from the user, by asking him, and save that in your context, and then you can request for a sign in. this way, during the sign in process, you can use the context to sign in the user into the proper tenant
I am a new member of a team at my company reviving a legacy product that had Facebook integration, and we wish to continue developing the Facebook side of things, but we can't seem to find the credentials for logging into the app, or even who has access to it.
The app we are trying to recover is "HaloMobile". One thing to note though is the app name on posts is no longer a link. Does this mean the app has been disabled somehow?
I'm obviously not asking for credentials. At this point I'm just trying to "find" the app and possibly determine who is currently assigned as the administrator role, or what my options are. If there is an email address associated with the app, perhaps we can send a transfer request to that email?
If you could get retrieve two piece of information from your code-base, which are App ID and App Secret then you can retrieve the list of roles assigned in app using the following end point,
https://graph.facebook.com/<App_ID>/roles?access_token=<App_ID>|<App_Secret>
And once you know the role, along with the user Ids of the user assigned to it, you can move forward to recover the App by contacting him.
Also, you might want to give this documentation about Application a look, which lists out various fields you can retrieve for getting the required information to get access to your application back, like user_support_email
https://graph.facebook.com/<App_ID>?
fields=name,description,creator_uid,user_support_email
&access_token=<App_ID>|<App_Secret>