I have two table
User
---------
id
username
password
level
company_id
Company
-----------
id
name
website
Now I want to show user list(Gridview) with their company name WHERE company_id = 1
You must use relations in your models. After creating your models via gii go to your User model and change relations method like below:
public function relations() {
return array(
'company'=>array(self::HAS_ONE,'Company','company_id')
);
}
Then, you can do like below:
$user=User::model()->findByPk(10); //for example user with id=10
echo $user->company->name; //it returns the relative company name
Notes:
I assumed that each user has one company. That's why I wrote self::HAS_ONE
In CGridView you can do : $data->company->name
company is just a name for relation, but the Company is the related model
Yii has a powerful and comprehensive document. So, it is better to take a look at its official document. Relational Query Options
Related
I have learned about the database concepts in django tutorial book. I have some doubts about to fetch data from the table in sql database server. In django book they explained something like this to filter data as like as below
Entry.objects.filter(pub_date__year=2007).update(headline='Everything is the same')
Here Entry is the class name which is defined in models.py file like below
models.py
class Entry(models.Model):
blog = models.ForeignKey(Blog)
headline = models.CharField(max_length=255)
body_text = models.TextField()
pub_date = models.DateField()
mod_date = models.DateField()
authors = models.ManyToManyField(Author)
n_comments = models.IntegerField()
n_pingbacks = models.IntegerField()
rating = models.IntegerField()
def __str__(self): # __unicode__ on Python 2
return self.headline
In the above method there is nothing mention about the table to modified. Then which table it is going to be modified in the below query.
Entry.objects.filter(pub_date__year=2007).update(headline='Everything is the same')
If i asked anything wrong please forgive me. Can anyone clear my doubts.
From the docs on table names:
To save you time, Django automatically derives the name of the database table from the name of your model class and the app that contains it. A model’s database table name is constructed by joining the model’s “app label” – the name you used in manage.py startapp – to the model’s class name, with an underscore between them.
For example, if you have an app bookstore (as created by manage.py startapp bookstore), a model defined as class Book will have a database table named bookstore_book.
To override the database table name, use the db_table parameter in class Meta.
You don't need to know the table name, if you use the API like you have listed:
Entry.objects.filter(pub_date__year=2007).update(headline='Everything is the same')
Django will know what table to update, because of the model you have referenced.
The name of table is determined by model parameter "table_name". If you don't specified it, django automatically derives the name of the database table from the name of your model class and the app that contains it: https://docs.djangoproject.com/en/dev/ref/models/options/#db-table
If your question is about performing SQL queries in django, this will be helpful: https://docs.djangoproject.com/en/dev/topics/db/sql/
In a multiple decision profile scenario I want to create a policy for a particular Tenant and for the root resources like Customer. Here my scenario is like I have a Tenant T1 and Tenant T1 is allowed to access Root resource Customer. Customer is the Top level resource and it will contain sub child resources like: Sub-Resources: name, email. In my scenario how can i create a policy so that i can enforce multiple rules for each sub resources like:
Rule-1:
Admin Permit access to resource-
{name: create,read,update,delete},
{email: create,read,update,delete}
Rule-2:
Employee Permit access to resource-
{name: read,update},
{email: read}
Please share the policy structure and the Request format for the same.
In the request format i want to pass only the Tenant Id and the Root level resource Customer .
In this scenario, what you would want to do is pass in the field id you are interested in.
The request would be: "Can Alice view the name field of customer record #123"?
You could express this as a multiple decision request e.g.:
"Can Alice view the name, email, and job title fields of customer record #123"?
Either way your policy would be field-centric. It would protect a given field or set of fields. You could actually define a set of non-sensitive fields and a set of sensitive fields. You could also even write the policy in terms of field metadata. Instead of saying "a user can view field 'email'", you could write "a user can view a field if the user's clearance > field's sensitivity".
Alternatively, you could also use Reverse Query - that's specific to Axiomatics' APIs though. Reverse Query lets you do the following type of requests / responses:
Q: list the fields Alice can view
A: name, email
Im quite stuck here. In my cwebuser I've already defined my roles. My logins to my modules are restricted by roles, which is great! But my problem is restricting the modules to specific users within the roles. In webuser isShop is defined as a certain user id (user_role_id) in database to see if the user is user or shop. The issue is shop module can be seen by all roles who are isShop. My question is is there a way to authorize so that shop module gets user's id and shop id?
Something that mimics yii::app()->user->user_id;
like yii::app()->getmodule(shop)->shop_id;
Or must this be defined in model through criteria by shop_id? Doesn't sound right though, doing it this way.
I think if you are using the following function in model, you can apply the SHOP relations in here
public function defaultScope() {
if(isset(yii::app()->user->user_id)) return array('condition'=>'');
// here you can apply your conditions with the relation feilds
}
It's fairly obvious how to model a database table that would act as an access control list (ACL) when you're just dealing with discrete users who have some level of access to a discrete resource. Something like this:
TABLE acl (
user_id INT,
resource_id INT,
access_type INT
)
... where access_type is a number representing something like:
0 (or lack of record for user_id and resource_id) means no access
1 means read-only
2 means full control
However it starts getting trickier when you've got scenarios like users can be a member of one or more groups and groups can contain other groups. Then a resource could be a folder that contains other resources.
Other than the obviously poor approach of doing a whole bunch of recursive queries at runtime to determine the level of access a user should have to a resource, how do these scenarios tend to get handled? Are there commonly-accepted designs for modelling an ACL like this?
Are you using a DB with support for connect by, or something similar?
In oracle, I've implemented the following.
Table Group //Just the parent groups
{
groupCode varchar
groupDesc
}
Table groupMap //associates groups with other groups
{
parentGroup
childGroup
}
table userGroup //can assign user to more than one group
{
userId
groupCode
}
then use connect by to get all child groups for user
SELECT rm.CHILDGroup as roleCode
FROM groupMap rm
CONNECT BY PRIOR rm.CHILDGroup = rm.PARENTGroup
START WITH rm.CHILDGroup in
(SELECT ur.groupCode
FROM userGroup ur
WHERE ur.userId = &userId);
This query will get all the groups that were assigned to the user in userGroup and all the child groups assigned to the groups that the user belongs to.
Spring ACL is a solid implementation of ACL with inheritance for java. It is open source so I would check it out if it is what you are looking for.
I'm currently logging all actions of users and want to display their actions for the people following them to see - kind of like Facebook does it for friends.
I'm logging all these actions in a table with the following structure:
id - PK
userid - id of the user whose action gets logged
actiondate - when the action happened
actiontypeid - id of the type of action (actiontypes stored in a different table - i.e. following other users, writing on people's profiles, creating new content, commenting on existing content, etc.)
objectid - id of the object they just created (i.e. comment id)
onobjectid - id of the object they did the action to (i.e. id of the content that they commented on)
Now the problem is there are several types of actions that get logged (actiontypeid).
What would be the best way of retrieving the data to display to the user?
The easiest way out would be gabbing the people the user follows dataset and then just go from there and grab all other info from the other tables (i.e. the names of the users the people you're following just started following, names of the user profiles they wrote on, etc.). This however would create a a huge amount of small queries and trips to the database in a while loop. Not a good idea.
I could use joins to retrieve everything in one massive data set, but how would I know where to grab the data from in just one query? - there's different types of actions that require me to look into several different tables to retrieve data, based on the actiontypeid...
i.e. To get User X is now following User Y I'd have to get my data (User Y's username) from the followers table, whereas User X commented on content Y would need me to look in the content table to get the content's title and URL.
Any tips are welcome, thanks!
Consider creating several views for different actiontypeids. Union them to have one full history.