How to define alias variable in yii?
In my yii app their are 3 types of role,
super-admin
admin,
user,
super admin can do admin functionalists and some more things, so
how can i define a alias role super-admin==admin but not vise-versa
See Auth Hierarchy from the guide, you can define that admin is a child of super-admin, also user could be a child of admin.
You may use an extension, such as yii-rights to handle this.
Related
I am doing a project in Flask. I am using sqlalchemy to work with database. I want to create the following roles and assign permissions to that roles as given below.
Roles :
Student,
Teacher,
HOD,
Admin
Peremissions :
Student can only insert into and select from table1. Should not be able to update any column of table1.
Teacher should have the permissions to insert, select, delete and update on table1.
HOD also have similar permissions as teacher.
By default when a user register, role of user will be 'Student'. Only admin should have the ability to change the role of a user.
How to impliment these role and permissions ? Or without assigning these permissions is ther e a way to handle this ? Can someone help ?
How to
This post may help.
Implementing Flask-Login with multiple User Classes
To my understanding, flask-login is actively maintained which is a good start for using any flask extension.
Based on what you're trying to solve, you could include a role property to the classes. Then on the API side of things, you could add a decorator for each route that requires different authorization levels. A decorator is kind of like a middleware that gets invoked before function at the route gets invoked.
Hope this helps!
Hello again every one,
I have a question: I successfully implemented django-auth-ldap, the LDAP users can request successfully my DRF API. But nows, for my projetc needs, I have to define permissions depending of the group.
Indeed, I will have like 12 groups in my app. Depending of the group, I will authorize or not the user to request a given route, BUT even if I defined the global var AUTH_LDAP_MIRROR_GROUPS = True, and saw in my database the are linked to a group (see capture):
Users in database
Groups from LDAP inserted in db thx to django-auth_ldap settings
User linked to the groups defined
But now, I have some other problems: I do not know how to implement permissions depending of the group the user belong. In fact, if a user belong to the group ServerAdministrator, I want to allow him to access to every route accessible, but I dont know where to see this in the received request in my view?
As I understood, I should implement custom permissions I should write programmatically in a User object (which should inherit from django AbstractUser)
If yes, How does it work? Should I empty my whole Database and then let django-auth-ldap insert users and it also will create the given permissions defined inside the database?
Maybe it is not clear, do not hesitate to ask questions if I can be more precise.
Kind regards.
Benjamin
I'm trying to find a way to limit access to certain pages based on whether they are logged in as a keystone.js admin - is there a way to extend their existing admin auth to apply to pages outside of the admin interface?
If you're using the Yeoman generator, the User model has an isAdmin property. Within your Express route, you can determine if req.user exists, then if req.user.isAdmin is true.
I have defined security properties of a login
I have 200 users .
How can I apply dynamically the same security properties of a login for all users login ?
Create a Role (through the GUI or T-SQL) with the required permissions, then add all 200 users as members of that role. Not sure if you can force the role to 'copy' permissions from a particular user, but from an auditing and maintenance perspective, it's far simpler to make required changes to a Role once and have them instantly inherited by all members.
I want to use a single form to login normal users and admins, i have a flag on entity 'isAdmin'. If it's an admin redirect to panel and set ROLE_ADMIN, if not redirect to site and set ROLE_USER.
this is possible, have other method to do this?
That seems to make no sense at all. You should set the user's role on registration not on login.
When user loggs in you can retrieve its object from database and get the role attribute to decide which view to load.
Check the console commands for fosuserbundle, you can "promote" a user with the ROLE_ADMIN. On every login he'll be assigned with that role automatically.
It won't be working with a "isAdmin" flag on your Model Entity, more likely to use a mechanism provided by fosuserbundle itself (didn't dig into that myself to be honest).
You also might want to check out https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/groups.md