I am new to Yii and not familiar with the RBAC feature of Yii. My question is, Is it possible to use RBAC on per Model record basis e.g.:
Table Project_users:
| user_id | project_id | role |
================================
| 1 | 1 | admin |
---------------------------------
| 1 | 2 | member|
In this scenario, user 1 can edit project 1 but not project 2. Can I use Yii's RBAC feature here with minimal configuration or do I need to create my own filter code?
I provided a response for a similar question here : Yii RBAC: access to specific items/rows
This allows you to create custom filter rules in a few steps :
specify the 'accessControl' flag in your filters() override method.
In your accessRules() method, specify a reference to your custom function to perform the access control check
Create your access control function to perform your checks and return true or false accordingly to specify if the access is allowed or disallowed.
You can see the code examples in the linked question.
Related
is there a way for building a list of unique user domains in a delimited format from sentinel signin logs? Signin logs has user principal name and can be extended to split the domain name as below.
extend UserDomains = split(UserPrincipalName,'#')[1]
You can use the make_set() aggregation function, for example:
T
| extend UserDomains = split(UserPrincipalName,'#')[1]
| summarize UserDomains = make_set(UserDomains)
I want to get competition.name from a list of submissions.
In my setup, competitions and teams share a M2M relationship (with an associated competition-team object. Each competition-team pair can submit any number of submissions. I now have a dashboard page which I am trying to create a table of all submissions by the team accompanied by the respective competition's name. The output should look like:
| Submission Name | Submission Date etc. | Competition Name |
| Sub01 | 2020-12-30 2000 | Competition01 |
I have trouble retrieving the competition name from the submissions. Here are my models:
class Competition(models.Model):
id = models.AutoField(primary_key=True)
name = models.CharField(max_length=30)
class CompetitionTeam(models.Model):
competition_id = models.ForeignKey('Competition', on_delete=models.CASCADE, to_field='id', db_column='competition_id')
team_id = models.ForeignKey('Team', on_delete=models.CASCADE, to_field='id', null=True, db_column='team_id')
class CompetitionSubmission(models.Model):
competitionteam_id = models.ForeignKey(CompetitionTeam, on_delete=models.CASCADE, db_column='competitionteam_id')
I wish to annotate a set of submissions with their respective competition names. I tried with:
submissions.annotate(competition_name=Subquery(Competition.objects.filter(id=Subquery(CompetitionTeam.objects.get(id=OuterRef('competitionteam_id')).competition_id)).values('name')))
"ValueError: This queryset contains a reference to an outer query and may only be used in a subquery."
I also tested with the following command:
CompetitionSubmission.objects.prefetch_related('competitionteam_id__competition_id')
It runs but the command seems to do nothing. I will update this post with other methods I try.
Thank you.
EDIT
submissions.annotate(competition_name=Subquery(Competition.objects.filter(id=Subquery(CompetitionTeam.objects.filter(id=OuterRef(OuterRef('competitionteam_id_id'))).values('competition_id'))).values('name')))
Seems to work correctly.
You can traverse ForeignKeys directly using double underscores.
CompetitionSubmission.objects.values(
'competitionteam_id',
'competitionteam_id__competition_id',
'competitionteam_id__competition_id__name',
'competitionteam_id__team_id',
'competitionteam_id__team_id__name',
)
This will only produce a single database query. Django ORM takes care of everything.
P.S. I would avoid using '_id' in field names as Django model fields are supposed to be referring to related objects themselves. Django automatically adds extra attributes with '_id' that contains the related object's id. Please see https://docs.djangoproject.com/en/3.1/ref/models/fields/#database-representation
I'm looking to query Azure Network/"trafficManagerProfiles events from Log Analytics and more specifically when Traffic Manager Profile is in status Disabled.
I've managed to find a specific event and found that I need to look at "profileStatus" which is nested in "Prorperties" -> "requestbody" -> "properties" -> "profileStatus".Check image
AzureActivity | where ResourceId contains "trafficManagerProfiles" | where Properties contains 'profileStatus'
I need to fetch events in LA when Traffic manager Profile and more specifically when "profileStatus" is equal to "Disabled"
Found the answers in this post: Log Analtyics - How to use "inverted commas" within search query
AzureActivity | where ResourceId contains "trafficManagerProfiles" | where Properties contains '\\"profileStatus\\":\\"Disabled\\"'
I have different users, some of them are plain users, and a few are admins.
What I need is that the admins can login as any of the other users by just clicking a button in the user list.
What I have so far is:
index.blade.php (the users list):
<a href='{{URL::route('users.loginas', array('id' => $user->id))}}'>LoginAs</a>
routes.php:
Route::group(array('before'=>'auth'), function()
{
Route::get('/', array('as'=>'index', 'uses'=>'HomeController#showWelcome'));
Route::resource('users', 'UsersController');
Route::any('users/loginas/{id}', array('as'=>'users.loginas', 'uses' => 'UsersController#loginAs'));
});
UsersController.php:
class UsersController extends BaseController {
...
public function loginAs($id)
{
Auth::logout();
Auth::loginUsingId($id);
return Redirect::route('provalogin');
}
}
When I click the link for the user with ID 2 from the users list while logged in with the user with ID 1, I am correctly redirected to mysite.com/users/loginas/2 but then it throws an ErrorException:
Argument 1 passed to Illuminate\Auth\Guard::login() must implement
interface Illuminate\Auth\UserInterface, null given, called in
/var/www/mysite.com/web/vendor/laravel/framework/src/Illuminate/Auth/Guard.php
on line 368 and defined
Then, if I change the URL to mysite.com/users I can see that I'm in fact logged in as the new user, so the Auth::loginUsingId(2) worked.
What am I doing wrong? or how should I do it?
What I do is use Session to set userID equal to the auth user id. Then if I want to switch users I just change the session userID but keep the auth user id as myself. In my application I always pass the session userID when querying for data. If I update, create or soft delete a record I pass my auth user id. That way I have a record of who actually changed the data. I never have to log out to switch users, just set the Session userID.
It sounds like you user model is not setup correctly, inheriting UserInterface.
Your User model should look something like this:
class User extends Eloquent implements UserInterface
And your auth.php config should look something like this:
return array(
/*
|--------------------------------------------------------------------------
| Default Authentication Driver
|--------------------------------------------------------------------------
|
| This option controls the authentication driver that will be utilized.
| This drivers manages the retrieval and authentication of the users
| attempting to get access to protected areas of your application.
|
| Supported: "database", "eloquent"
|
*/
'driver' => 'eloquent',
/*
|--------------------------------------------------------------------------
| Authentication Model
|--------------------------------------------------------------------------
|
| When using the "Eloquent" authentication driver, we need to know which
| Eloquent model should be used to retrieve your users. Of course, it
| is often just the "User" model but you may use whatever you like.
|
*/
'model' => 'User',
/*
|--------------------------------------------------------------------------
| Authentication Table
|--------------------------------------------------------------------------
|
| When using the "Database" authentication driver, we need to know which
| table should be used to retrieve your users. We have chosen a basic
| default value but you may easily change it to any table you like.
|
*/
'table' => '',
/*
|--------------------------------------------------------------------------
| Password Reminder Settings
|--------------------------------------------------------------------------
|
| Here you may set the settings for password reminders, including a view
| that should be used as your password reminder e-mail. You will also
| be able to set the name of the table that holds the reset tokens.
|
*/
'reminder' => array(
'email' => 'emails.forgot-pass', 'table' => 'forgot_pass'
),
)
For me it worked with \Session::flush(); . It seemed that some variables were still remembered in the session.
I found out that my user was empty and I solved by loading a correct user, I don't know if it will work for you too but you can try.
Preamble
I'm developing a card game server in Rails. The application records what a player is expected to do via a tree of instances of the PendingAction model.
class Player < ActiveRecord::Base
has_many :cards
has_many :pending_actions
end
At any time, the player needs to act on any leaf PendingActions - there may be more than one, for instance:
1. End turn
|
+- 2. Do thing A
| |
| + 3. Do thing pre-A
|
+- 4. Do thing B
|
+ 5. Do thing pre-B
The view code presents the player with one or more forms, requesting their choice for each leaf action. For instance, in the above case, forms would be presented to solicit input for actions 3 and 5.
When the player makes a choice for, say, action 5, that action is destroyed. However, processing their choice may cause them to need to make another choice before the parent (action 4) can happen. Like so:
1. End turn
|
+- 2. Do thing A
| |
| + 3. Do thing pre-A
|
+- 4. Do thing B
|
+ 6. Do other thing pre-B
Action 4 therefore needs to be on-hand, so action 6 can be created as its child. At present, I am simply passing action 4 around as a function argument. However, I've just come across a situation where it would really help to be able to have access to it in a before_save hook on a Card object.
Question
Where is the best place to store an object, associated with a Player, that I can access from all models related to that Player, which is valid throughout - but not beyond - a single HTTP request?
I am running under Heroku, with 1 dyno - so I believe I'm single-threaded.
It depends on which environment you work, but lets assume that this is single-threaded environment. Next, first thought was to create instance attribute to manually assign and retrieve anything. It is will work fine when Player instance is the same for all places.
If not, I suggest to introduce class variable, some sort of cache, that will hold Player#id => <some_obj> reference, and with helper accessors, like Player#some_obj which will query Player for object by self.id.
That way you will be ensured that for all Player with the same Id, some_obj will be the same. Also, you will need to deside, when to empty that class-cache. For Rails, i suppose after_filter is good enough.