Im quite stuck here. In my cwebuser I've already defined my roles. My logins to my modules are restricted by roles, which is great! But my problem is restricting the modules to specific users within the roles. In webuser isShop is defined as a certain user id (user_role_id) in database to see if the user is user or shop. The issue is shop module can be seen by all roles who are isShop. My question is is there a way to authorize so that shop module gets user's id and shop id?
Something that mimics yii::app()->user->user_id;
like yii::app()->getmodule(shop)->shop_id;
Or must this be defined in model through criteria by shop_id? Doesn't sound right though, doing it this way.
I think if you are using the following function in model, you can apply the SHOP relations in here
public function defaultScope() {
if(isset(yii::app()->user->user_id)) return array('condition'=>'');
// here you can apply your conditions with the relation feilds
}
Related
I am trying to adapt the following query to find out if a user is a member of a specific group (security group) but I do not get it to work and I fail to understand it completely.
(&(objectClass=user)(sAMAccountName=yourUserName)
(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))
in my case, the user is XYZ and the security group is called [SecITGroup].
The user is however located under OU=USERS OU=GO OU=AzureSync.
I have tried the following:
(&(objectClass=user)(sAMAccountName=XYZ)
(memberof=CN=SecITGroup,OU=AzureSync,OU=GO,OU=USR,DC=de,DC=domain,DC=int))
yes, I set the domain name to the actual domain and No result is shown is displayed.
What is the return attribute am I supposed to get back?
I found a solution or a workaround to this.
The LDAP Query is rather to say show me users in the specific group:
(&(objectCategory=user)(memberOf=CN=Administrators,OU=Admin,OU=Groups,DC=domain,DC=com))
The attribute is sAMAccountname which displays the user's name.
I'm trying to add account payable and receivable fields for a partner in Odoo via API. However, they are only being applied to the default company. I hope the following images clarify.
How it appears for our default company :
How it appears for the other company :
I'm creating a partner as follows :
user_id = models.execute_kw(db, uid, password, 'res.partner', 'create', [{'name': name,'email':email,'company_id': odoo_company_id,'property_account_payable_id':account_payable_id,'property_account_receivable_id':account_receivables_id,'property_product_pricelist':pricelist_id}])
Any idea how this can be done ? Thanks in advance.
Those are properties and values are stored in ir.property objects. You probably have to write those entries for each company.
Remember that accounts are company-depending objects as well, so you cannot use same account.account object to every company. They are different objects with different ids in database even if accounts may have same code and name and you cannot see any difference on user interface.
You can also define default property for each company, if that is what you want. It can be done through GUI.
I am creating a webapp that allows users to communicate in several different rooms and am hoping that I can use GraphQL and Hasura for this project. There will be admins which can create/delete rooms (wow-room, lol-Room, pubg-room), create/delete users, and create/delete permissions (admin, wow, lol, pubg) along with assigning roles to users. Users will be able to see any the rooms which they have the permisions to.
The problem is, I want to be sure that only the admins can create/delete these rooms/users/permisions and that only the correct users can see these rooms. Is there a way I can get Hasura to check the permissions of the given user and return the appropriate data? I believe that I need to write a custom resolver but am not sure how that is done or if it is the correct solution.
While Hasura can handle dynamic roles (you can use the API to create new roles and new permission rules on the fly) with Hasura, I think in this case that's not required.
The problem is, I want to be sure that only the admins can
create/delete these rooms/users/permisions and that only the correct
users can see these rooms. Is there a way I can get Hasura to check
the permissions of the given user and return the appropriate data?
Hasura allows you to set a permission rule that traverse relationships which makes this possible. Check out the article-collaborators example in the Hasura docs.
Assuming that your models are rooms, users and room_users and you have the relationships set up so that room.users returns the list of users for a particular room, the permission for a user role on the rooms table can be expressed as follows:
Allow SELECT on a row in rooms if
rooms.users.id: _eq: x-hasura-user-id
This translates to: if a room's users list contains atleast one user_id that is equal to x-hasura-user-id then grant access to that room.
I've set this up on a heroku app: https://multiple-roles-hasura.herokuapp.com/console/api-explorer
Try the following queries out in GraphiQL:
Set the headers to:
x-hasura-role: user
x-hasura-user-id: 1
Run the following query:
query {
rooms {
id
name
}
}
You'll see that the response only contains the rooms that user1 has access to
Switch x-hasura-user-id through different values 1, 2, 3, 4, 5, 6 and you'll see different results for the same query. Basically the right rooms that the only the current user has access to.
Checkout the models and the permissions for the models on:
User & Room mappings: https://multiple-roles-hasura.herokuapp.com/console/data/schema/public/tables/room_users/browse
Room permissions: https://multiple-roles-hasura.herokuapp.com/console/data/schema/public/tables/rooms/permissions
Is there a filter in LDAP that would let me filter out users that don't have a groupMembership? I can find information on filtering by group, but I'd like to say "if a user is not in any groups, then don't include them".
That would be something like: (&(objectClass=person)(!(groupMembership=*))). That just asks for all users where groupMembership is not present. Assuming groupMembership is a backlinked attribute on the user.
Not all directories store a static attribute on the user for each group they are a member of.
eDirectory for example stores Member on the Group, listing the users who are members. It stores GroupMembership on the user, listing all the groups the user is a member of.
Active Directory on the other hand stores Member on the Group but does not statically store the group membership data on the User. Rather it defines a dynamic attribute on the user, called MemberOf, that is evaluated, each time you query for the attribute.
That is, when you ask AD for the value of that attribute, it does an LDAP query in the background that is functionally something like (&(objectClass=Group)(Member=cn=MyUser,ou=MyOU,dc=domain,dc-local))
Thus the attribute is MemberOf, but I am not certain that a query for (!(memberOf=*)) would work, since that implies doing that implicit query on every object, which could be painful.
I am fairly new to Silverlight and RIA services, and I am trying to build a small project to understand it. So basically I created a Business Application, and I have the normal Login screen where I can add a user. That is fine and I can add a user and get him into the aspnet_Users table. Now I have created some extra fields, like Mob No, Tel No, DOB, Locality etc, which I have put in a table I have created called the UserProfile, and my idea is to get the username that was registered, and insert it into my UserProfile table with the other relevant data.
So I created a page called Profile.xaml, I created a UserProfileDomainService.cs where I have just one query, to get the user profile data from the table, and then created a Details DataGrid on my page, and the QueryName in my case is GetUserProfilesQuery(). Now what i wish to do is, get the user logged in, get his username, and check in my table to see if there is already data in the table. If there is populate the fields on the DataGrid with data, so that the user can modify this data, and if not, allow the user to insert data into the table.
So I have created a UserProfileViewModel class, and I want to create the query to get the data relevant to this user. However I got stuck on how to do all this, and how to get the user logged in.
Can anybody give me some advice or point me to some tutorials on how I can achieve this?
Thanks a lot and your help is very much appreciated.
In your domain service query you can use ServiceContext.User.Identity.Name to get the information specific to that user to include in your db query. I do something similar in our project.
We use entity framework so the LINQ to Entities query looks like:
return this.ObjectContext.UserSnapins
.Include("Snapin.EvolutionModule")
.Where(si => si.User.UserName == ServiceContext.User.Identity.Name)
.OrderBy(si => si.PageOrder);