I am developing a component, and i am having my own login form and tables.
After authentication of user through my component, userinfo is being stored in Session.
Everything is fine. but user is able to access the views that are supposed to be viewed by logged in users.
I wanted to restrict the access through link. How to do it? Is it possible to so.
Note: I am not using joomla user login. I am using my own component.
Kindly help me to protect the views, and must be displayed after user logged in.
How can i accomplish this task?
Thanks in Advance
Check for advanced settings and set view access to Registered. 9jera.com
Related
I am using Keycloak to secure my application but I am using an extra database too. I am holding my users in both of them. Thus whevener a change is made to a user, the user needs to be updated in both the Keycloak db and my db. Thus whenever the application's main page loads, I update the user (everytime). Because maybe the user was changed from the Keycloak User Account Management service. And I need to put the change in the db.
But I don't want to do this everytime the app loads. I would like to know if there's a way to know Keycloak acocunt page was opened by the user. (So that I can update the users only then) Maybe Keycloak returns a parameter or smt? I don't know.
If anyone can help, I would be grateful.
Being in a view and you know the area-name, controller-name and action-name of a destination to which you want the user to provide a link to, how can I figure out if the area/controller/action is authorized for the authenticated user.
Imaginary Use-case:
I have a table with a list of books (the result of bookscontroller.index). To the far right are some icons to edit or delete a specific book. The edit link refers to bookscontroller.edit and the delete link to bookscontroller.delete.
On the actions there are custom authorizationattributes and this works perfect. If a user want to access books/edit/1 and the user is not allowed to edit books, the user gets redirected to the logon page.
It is a bit stupid to have that edit-icon there if the user is not allowed to edit books. So at view level I would like to be able to figure out if the user is allowed to use the edit action of the bookscontroller. If he is, show the icon if not, do not show the action.
Goal: use that knowledge to create a custom tag-helper.
The go-to method is reactive, i.e. you check if a user can do action when the user tries to do. Since you do not want to go that way, here is how. (yet, this is anti-pattern)
Have the authentication token of the user send back to backend. The backend should have an API end point for each button on the page user can click. With the authentication token, the back-end resolve whether to dim or enable the buttons.
Now, what the backend does to resolve this is not very efficient. The backend needs to literally attempt certain actions and aborts the transaction. For create and retrieve, it is trivial (you can pre-resolve them) but for edit and delete, this requires a lot of resources.
The standard way of controlling such actions on UI is to use role based authorization.
For the buttons or other such UI elements, setup role tags, e.g. "admin:edit", "viewer:readonly" etc.
When you are authenticating a user, send the applicable roles from the backend server, store them in a way that is globally accessible to your UI and use them for filtering UI elements across your application.
Newbie to Parse Server here.
I have an app which reads data from Parse Server and displays it to users without logging them in.
I want to create another 'Admin' app which will allow ONLY ONE pre-populated admin user to login and change the data. Is this possible via Facebook login? I would prefer Facebook login because with normal (user, password) login I can't implement 2FA easily on Parse Server. Facebook login would take care of the issue since the user is already logged into Facebook using 2FA.
Is this possible? Any suggestions / pointers would be appreciated. I am coding both apps in React Native. The first app is complete.
The type of login has nothing to do with the abilities a user has. The simplest solution for your desired setup is using class-level permissions:
create a new Role object and name it accordingly, e.g. admin
add your admin user to that role
set class-level permissions for your data classes: grant public read access, limit write access to the admin role
Now every user can see all the data, but only members of the admin role are able to manipulate them. If you want you can add more users to the role to also give them write access.
BTW: all these steps can be performed in Parse Dashboard, no coding required.
EDIT
Actually you can have it even simpler, the class-level permissions can also be granted to a single user -- so no need for a role, if you really only need one admin.
I'm not very used to Apostrophe and currently checking out that CMS.
What I want to do is implementing a user login at the frontend.
I tried using the apostrophe-user module but users that were created using that module are able to login to the backend and I don't want them to be able to do this.
Is it somehow possible to achieve what I want to do?
Thank you very much in advance!
Edit: I'm also using apostrophe-headless
You can use apostrophe-groups to create a sub group of users with specific permissions and then check those permissions in various places (like templates) to show or not show certain admin experiences.
https://apostrophecms.org/docs/tutorials/intermediate/permissions.html
You could further customize the login experience of these users by tapping in to the apostrophe-login, redirecting them to a special part of the website, etc https://apostrophecms.org/docs/modules/apostrophe-login/index.html
Can we restrict a user to view and use only one page and hide all other pages in the apex application in oracle apex 5?
The scenario is similar as we assign a particular responsibility to a particular user in Oracle EBS and he has the access to use that particular responsibility and rest are hidden to view.
How to achieve this??
Yes ,You can do it by using authorization schemes.
By using authorization scheme ,you can restrict the user for viewing other pages.
Regards,
Nikita
Easiest way is to create an Access Control page. It will automatically create three authorization schemes for you. Admin, Edit, and View. You can assign users to those. Set application mode to Public read only. Edit and administrative privileges controlled by access control list. This will open the application for all the users, except for the pages that you control using authorization schemes.