My question is how to enable a particular link for multiple user class. Currently I am doing in the following way for one user class
in layouts/main.php
array('label'=>'Users', 'url'=>array('/user/index'),
'visible'=>Yii::app()->user->checkAccess('admin'))
But what if I want to allow another class called superadmin then how should I do it?
I can't do it like this
array('label'=>'Users', 'url'=>array('/user/index'),
'visible'=>Yii::app()->user->checkAccess('admin'),
'visible'=>Yii::app()->user->checkAccess('superadmin'))
No, you cannot do it, because arrays cannot have duplicate keys. What you can do is to use || (or) on that:
array('label'=>'Users', 'url'=>array('/user/index'),
'visible'=> Yii::app()->user->checkAccess('admin')
|| Yii::app()->user->checkAccess('superadmin'))
Related
I know how to get an item of the particular table. Like for user we can have
$userItem = Engine_Api::_()->getItem("user", $userId);
or for a custom table
$customItem = Engine_Api::_()->getItem("custom", $customeId);
I want to know the code or method how can I make my $customItem to work the same way as $userItem works for users table. So that I can get data or manipulate the data of custom table
Thanks for your help. :-)
You can achieve that by creating a model. Check how it's done in /application/modules/User/Model. There is User.php file that declares User_Model_User and methods available for User such as getTitle, get Href etc.
You may use similar approach for your custom item. You will also need to create a file similar to /application/modules/User/Model/DbTable/User.php to declare table for your custom items.
Good afternoon,
Please let me know if this question is not clear enough, I'll try my best to make as straight-forward as possible.
How can I add access control to objects that are generated by an end-user using my data object?
Example: I have a class that extends a DataObject. Someone logs in the back-end; fills out the form that's generated by the CMS for the data object. A record is then created in the database by the CMS.
I would like to add an access control to that newly created record in the database.
For a code scenario you can take a look at one of my posts: Silverstripe 3 - Unable to implement controller access security from CMS
The only other way I can think of asking this question is: How to Dynamically (or programmatically) create permissions for records that are created by a DataObject extension via the CMS?
Thanks for your assistance.
Update - Sample Code
///>snippet, note it also has a Manager class that extends ModelAdmin which manages this!
class component extends DataObject implements PermissionProvider{
public static $db = array(
'Title' => 'Varchar',
'Description' => 'Text',
'Status' => "Enum('Hidden, Published', 'Hidden')",
'Weight' => 'Int'
);
///All the regular permission checks (overrides), for the interface goes here, etc...
///That is: canView, canDelete, canEdit, canCreate, providePermissions
}
Now, from the back-end an end-user can add components using the Manager Interface that's generated by extending ModelAdmin. How can I add individual permissions to those added components by the end-user?
Thanks.
Update 2
Example: Add Process Data Object that extends ModelAdmin will give you this in the back end
Then, when you click on the generated 'Add Process' button, you'll get this:
Finally, someone fills out the form and clicks on the 'Create' button, which saves the data in the database. That looks like this:
Now, on that record thats created in MySQL I'd like to add granular permissions to that record. Meaning, for every record created I want to be able to Deny/Allow access to it via a Group/Individual, etc.
Is that even possible with the SilverStripe framework? Thanks.
Implement the functions canView, canEdit, canDelete, and/or canCreate on your DataObject.
Each function will return true or false depending on the conditions you set - any conditions, not just what is defined in the CMS.
See the example code on the tutorial site.
I am currently making an app on apex.oracle.com, and I've been trying to solve this for a couple hours now, but I have no idea how to.
Alright, so basically my application has custom authentication based on a user table I created inside of my application. Therefore, it seems to render useless most APEX_UTIL functions to retrieve info on the current user. The issue is, I am trying to find a way to store the user's numeric ID from my table in the session, so I could retrieve it directly in the queries throughout my application, in order to do something like WHERE id = :MEMBER_ID instead of WHERE UPPER(username) = UPPER(:APP_USER).
Now, the way I attempted to do this is by creating a Post Authentication procedure that retrieves the user ID based on the username, and stores that value in the session using APEX_UTIL.SET_SESSION_STATE( p_name => 'MEMBER_ID', p_value => member_id ). However, it seems that SET_SESSION_STATE is unable to create custom session values or something, returning an ERR-1002 every time I use a value name that isn't specifically mentioned in the documentation.
I am a total newbie to APEX so I am probably unaware of something, however I have done many searches, but I could not find anything specifically related to my issue.
Thanks a lot if you can help.
You're trying to store a value into an item, whether page or application level. This requires that the item with that name exists in one of those scopes. So, do you have an item somewhere that is called MEMBER_ID?
I'd suggest you create one in the application scope. Go through Shared Components > Application items. Once created, you should be able to assign a value either through apex_util.set_session_state or with bind variable syntax eg :MEMBER_ID := somevariable;
There are a number of ways you can do this. Some have already been suggested in other answers.
Application Item (as per Tom's answer)
PL/SQL package global (as per hol's answer) - although you'd have to reset it for each call (e.g. by adding code to the application's Security Attribute Initialization PL/SQL Code and clearing it by adding code to Cleanup PL/SQL Code).
Globally Accessible Context - this method, while a little more complex, has some benefits especially for security and debugging. I've described it here: http://jeffkemponoracle.com/2013/02/28/apex-and-application-contexts/, but basically:
Create a globally accessible context:
CREATE OR REPLACE CONTEXT MY_CONTEXT USING MY_PACKAGE ACCESSED GLOBALLY;
In the post-authentication procedure (in the database package MY_PACKAGE), you can store the data you wish to keep track of, e.g.
DBMS_SESSION.set_context
(namespace => 'MY_CONTEXT'
,attribute => 'MEMBER_ID'
,value => '12345whatever'
,client_id => v('APP_USER') || ':' || v('APP_SESSION'));
(note the caveats in my blog article and the subsequent comments from others about CLIENT_IDENTIFIER not being reliably set at the post-auth stage)
In your views, code, etc. you can access the MEMBER_ID by simply referring to SYS_CONTEXT('MY_CONTEXT','MEMBER_ID').
I am attempting to assign a unique id to each table row in Yii's CGridView.
Preferably something like $data->id from the database table.
I have been unsuccessful at adding an id attribute to each rendered <tr>.
Any suggestions would be most appreciated.
CGridView have an option called 'rowHtmlOptionsExpression' , you can declare like the followings to assign row an id
'rowHtmlOptionsExpression' => 'array("id"=>$data->id)',
It's better than hacking into 'rowCssClassExpression'
Good luck !
Modern solution (since Yii 1.1.13)
This is now possible to do using the rowHtmlOptionsExpression attribute, which allows assigning arbitrary HTML attributes to each rendered table row. For example:
'rowHtmlOptionsExpression' => '["id" => $data->id]'
Original answer (earlier versions)
Not directly possible because CGridView does not support it, but there are a couple of straightforward solutions that you can try.
Subclass CGridView (good)
Simply create your own class MyGridView extends CGridView and override the renderTableRow method to spit out ids on every row. Have a look at the stock implementation, which does for the class attribute exactly what you 'd like to do for the id attribute.
Use a CSS class instead (not so good)
Speaking of class attributes, the rowCssClassExpression property can be used to dynamically generate classes out of the box. IMHO this is a bad workaround, but it's there.
You could extend CGridView to add that functionality.
or be a bit hacky with rowCssClassExpression.
'rowCssClassExpression' => '\'" data-id="\' . $data->rowID'
Try the information I posted here:
How to set key value in CGrideView when grid is populated from table-view
In essence, as long as your dataprovider to the CGridview provides the data->id in a form that it understands, it will auto handle the $data->id stuff for you automatically so that it's easily available to javascript.
CGridView.rowHtmlOptionsExpression is undefined
I don't think that we can use rowHtmlOptionsExpression
I'm working with : Liferay 6.0.6 with JBoss 5.1 and Struts2.
My question is, how to get the current user in Liferay once logged in, using a Java code.
In your doView/processAction method do following
User user = (User) request.getAttribute(WebKeys.USER);
or use the ThemeDisplay object. It contains another information like companyId, groupId, ...
ThemeDisplay td =(ThemeDisplay)request.getAttribute(WebKeys.THEME_DISPLAY);
User user = td.getUser();
Classes ThemeDisplay, User nad WebKeys are part of portal-service.jar.
If you need just some id to identify current user you can also use
String userId = request.getRemoteUser();
This solution is not Liferay specific and should be portable among jsr-286 portals.
Liferay provides Util class
com.liferay.portal.util.PortalUtil
This class contains all utility methods to get the frequently used attributes.
Try using PortalUtil.getUser(PortletRequest portletRequest) method to avoid creating new objects and references.
This is an other possible way to do it :
private LiferayFacesContext liferayFacesContext = LiferayFacesContext.getInstance();
User currentUser=liferayFacesContext.getUser()