I have created 3 api, one with
owner=apicreator
visibility=public
and the others two with
owner=admin
visibility="restricted by role".
Once I opened the store home page the only api visible is the one created with apicreator, then when I logged in as admin I can see the other two apis (final count of 3).
Is it possible to show all the api (doesn't matter by the owner or creator) in the store home page, without login?
Is there any configuration change to apply or any change in the jaggery code(I don't want to change the visibility)?
Thank you in advance
Claudio
Is it possible to show all the api (doesn't matter by the owner or
creator) in the store home page, without login?
If an API's visibility is based on roles, how do you expect API Store to show it to public?
Once a user logged in to the API Store only, we can identify their roles and based on that, API will be visible to him
Related
I have Strapi V4 and 2 custom user roles - seller and buyer.
On the front-end, I have 2 routes that define which role will be assigned to new users /account-buyer/signin and /account-seller/signin.
I tried to make a copy from node_modules\#strapi\plugin-users-permissions\server\controllers\auth.js to src\extensions\users-permissions\controllers\auth.js. but nothing seems to happen.
Also, I’m not sure how to throw the user type (buyer/seller) through all of these back-and-forth redirects of Google (for example).
How could I solve it?
Or let’s say:
save the needed role in localstorage at the moment the provider button is clicked
register the user with the default Authenticated role
on the frontend's /redirect page read the value that has to be set.
Send the value from localstorage and reassign user's role
How can I update the user’s role in this case?
Thank you.
I would start with setting up the Google auth flow with your frontend and Strapi first. On sign in for a non-existing user this will register a user with the default role. Depending on your frontend authentication framework you can pass arguments to the redirect url, e.g. /api/user-registered?role=<some-role>&redirect=<original-redirect-url> (this route can also exist within Strapi instead of your frontend). On this page I would call the Strapi API (or e.g. query engine API inside Strapi itself) and update the role of the current user (you know who this is because they just signed in).
i have an old asp.net web-form based application, which i want to convert to Vuejs based front-end and Asp.Net Core base api as back-end.
The current application has a login page, where the user inputs his credentials, once the credentials got verified, user is taken to application home page, which has side menu bar.
The side menu bar is loaded based on the current users role/privilege. Say for example, a user with role of admin may have 10 menu items, while a normal user may have only 5 menu items.
I'm very new VUE, so pls guide me, how to set up the vue application and routing for above scenario.
Thanks in advance.
There are many ways to go about this, your goal is to load data about your user into your application.
One way to solve this is to create an API function that returns information about the currently logged on user.
The authentication of the request can be done through cookies, jwt header or something else.
The api call to get the authenticated user data will also help you figure out if the user is already logged on when the app starts up.
Putting aside how you make the network request, lets say you now have the data in your application.
There are a few choices on how to store it, this is an architecture choice as the results of this will likely have effect on many other parts of your application.
The common solution to storing application-wide (global) state is to use Vuex.
This will also play well together with vue-router.
Lets say that in Vuex you will make a field roles that will hold an array of strings, indicating the roles the user has.
In a vue component you can reach the vuex store from the $store property (this.$store in the code, $store in templates).
The state of the store is then reachable via $store.state, and your roles array would exist over at $store.state.roles.
To set the roles you will have to setup mutations that will let you save the roles, and the api call would be part of an action. You can read more about that on the vuex documentation on how to update the state.
I'm new to Piranha CMS and just trying to get my head around it. I'm using the MVC implementation and I need to do the following:
I need to extend the User with a property that stores an account number.
I need a page that is only accessible once the user logs in
On this page, I need to call a REST API on another server, using the account number a parameter, to retrieve a list of documents that the user has stored on this server.
When the user clicks the document, it will be downloaded as a PDF using the REST API once again
I just need general guidance on how to do this. How do I store the account number against the user (and manage this) and do I need to create a new Region that will show the list of documents from the remote server. Is there an example of creating a new Region anywhere and maybe returning a list from SQL that I can adapt?
Any help gratefully received.
Thanks in advance
Mike
The easiest way is to implement an extension with your custom fields that you attach to the user where you store this information.
When editing a page, go in under "settings" and select which groups should have access to your page. For this purpose I suggest creating a new group for site users that are not admins.
This should be easily implemented in either the controller or model for your page. When the user is logged in "User.Identity.Name" is the user id. Get the user, load the extensions & use the account number.
See number three.
Regards
I am developing an application in ASP.NET and I have a page that depening on user's role displays different parts. If the user is an Admin s/he sees for instance a page part where to input a new user and role that a normal user cannot see. Let's think about this page as a portal.
I already wrapped all the different sections in with Id and I can control their visibility. However this is not the optimal solution concerning security since the user or a malicious robot can still fill and access the parts that are not visible in the browser.
With MVC it is easy since I just create several partial views and render them upon users' credentials but how do you do it in standard Web Forms? Thanks
You can use the ASP.NET LoginView control. The control has an AnnonymousTemplate which you can use to specify which content should be shown to Annonymous users, and a LoggedInTemplate which you would use to specify the content shown to logged in users. But is also has RoleGroups which can be used to specify content that can be shown to users in different roles.
The article in this link will walk you through the use of this control.
http://weblogs.asp.net/sukumarraju/archive/2010/07/28/role-based-authorization-using-loginview-control.aspx
I'm a person with a non-programming background working on a web application that must store user-generated content and always associate that content with the user who created it. I just had the developer tell me since the application must do this, using Facebook as an alternate login method is pointless because Facebook only let's a third-party web application hang on to Facebook profile information for a certain amount of time, and therefore users who login via Facebook cannot actually contribute content that would remain in the web application's databases.
I'm having trouble swallowing this. I just signed up and logged in to stackoverflow using my Facebook account, and it appears to have generated a site-specific user ID that was automatically associated with my Facebook account - thereby allowing me to save/store content on the site without having to actually create a site-specific profile.
My questions:
Where is the misunderstanding here? To what extent do alternative login options affect the ability of my application, which will consist largely of user-generated content, to store user-generated data and consistently associate it with that user? Appreciate the help!
Alternative login allows users to use an existing account to sign in to multiple websites, without needing to create new passwords. Alternate login using facebook, OpenID, gmail or any other provider doesn't affect the ability of your application to store user generated content.
When a user logs in using a login option for e.g. facebook, user enters the facebook login credential(if he isn't already logged in), facebook generates a authenticated token which is utilised by your application for future use.
In case of alternative logins only the login information (User ID/Password) isn't stored in your application, it totally depends on how you are implementing it in your application. But in any case it doesn't affect your application in saving storing and using the user generated content in your website.
Please refer to this link for more info -
http://openid.net/get-an-openid/what-is-openid/
http://oauth.net/
Hope this helps!