I have database of Workspaces with members and some other data. For each workspace there is a members Map, where key is the UserId and value is the email
It is structured like this:
\Workspace01
--- name:
--- color:
--- members:
------ userid: "email#email.com"
I am trying to query workspaces where the current user is a members.
In Security Rules for instance, I can try something like
allow read if uid in resource.members.keys()
and it works fine (I think). It allows read, etc.
However, if I try to query the same thing, for instance in kotlin/android, it gives a permission error:
collection.whereArrayContains("members.keys", uid )
I have also tried FieldPath.of(), or whereNotEqual("members[uid]", null), still the same thing.
I also tried using emails as keys and uid as values... Obviously no difference
There also was a suggestion of using orderBy("memebers.uid"). That also gives a "bad permission". However, this orderBy query works just fine in the Firebase console
I am completely out of ideas.
Help?
You say that the members field is a map, so it makes sense that you can't query it with whereArrayContains.
If you want to check if the uid subfield has a specific value, that'd be:
collection.whereEqualTo("members.theUidValue", "theEmailValue")
I'm not entirely sure that your security rules will allow this, so I'd start with more relaxed rules to first see if the query works.
If you want to simply check whether the UID exists, that isn't possible on a map structure. To allow that, add an additional array field with just the UID values from the map (e.g. memberUIDs), and then query with whereArrayContains on that.
Related
I am trying to fetch a list of users from the Microsoft Graph API.
A lot of users don't have an email address, those users are systems users that I don't need.
So my query looks like /users?$filter=mail ne null
For another overview I need to show the manager of each user so I tried to add &$expand=manager. But doing so will result in an Unsupported Query.
When I remove the filter parameter it does work.
How can I only fetch relevant users and their managers in a single query?
Optionally I'd like to only receive the ID from managers, as an optimization. I only need the ID because I already fetched all users and their data. /users?$expand=manager($select=id) is what I was trying but I get the error Invalid $select properties.
If you want to use $select inside $expand to select the individual manager's properties, the $levels parameter is required, such as expand=manager($levels=max;$select=id). For more details, please refer to here
For example
https://graph.microsoft.com/v1.0/users?$expand=manager($levels=max;$select=id)
Update
If we want to use Not equals (ne) operators on the $filter query parameter, we must set the ConsistencyLevel header set to eventual and, with the exception of $search, use the $count query parameter (either as a URL segment or $count=true query string). For more details, please refer to here
For example
https://graph.microsoft.com/v1.0/users?$filter=mail ne null&&$expand=manager($levels=1;$select=id)&$count=true
For authentication in Jitsi Meet, we would like to read out a Windows AD group with an ldap query. Unfortunately our ldap query does not work.
LDAP_URL=ldaps://server.domain.local:636/
LDAP_BASE=DC=domain,DC=local
LDAP_BINDDN=CN=bind_user,OU=Administrative Accounts,OU=Benutzer,DC=domain,DC=local
LDAP_BINDPW=*
LDAP_FILTER= (&(|objectclass=user))(|(memberof=CN=group,OU=Jitsi,OU=Sicherheit,OU=Gruppen,DC=domain,DC=local)
(primaryGroupID=4989))
The error must be due to the filter, it works with the filter LDAP_FILTER = (sAMAccountName =% u).
Can you tell me what is wrong with our query.
A few things stand out to me:
The | in front of objectClass should not be there.
You have two closing parentheses after the objectClass condition, but the second one should be moved to the end of the whole query.
Oddly, objectClass=user will actually end up including other objects than just user accounts (like computer accounts). If you want to filter to only user objects, you have to use both (objectClass=user)(objectCategory=person). But that would only matter if you have other types of objects as members of that group.
Maybe this is just an error with pasting into the question, but there is a line break before (primaryGroupID=
I've never used Jitsi, but it may or may not like the space after LDAP_FILTER=. The other examples I see online don't show a space there.
It should look like this:
LDAP_FILTER=(&(objectclass=user)(objectCategory=person)(|(memberof=CN=group,OU=Jitsi,OU=Sicherheit,OU=Gruppen,DC=domain,DC=local)(primaryGroupID=4989)))
That means: find all user objects that are either members of that group, or have a primary group ID of 4989.
In my jobs I'd like every source/sink/operator should to have uid and name property defined for easier identification.
operator.process(myFunction).uid(MY_FUNCTION).name(MY_FUNCTION);
Right now I need to manually review every job to detect missing settings. How can I tell Flink to fail job if any name or uid is not defined?
Once you get a StreamExecutionEnvironment you can get the graph of the operators.
When you don't define a name Flink autogenerates one for you. In addition if you set a name, in case at least of sources or sinks, Flink adds a prefix Source: or Sink: to the name.
When you don't define a uid, the uid value in the graph at this stage is null.
Given your scenario, where the name and uid are always the same, to check all operator have been provided with the name and uid you can do the following:
getExecutionEnvironment().getStreamGraph().getStreamNodes().stream()
.filter(streamNode -> streamNode.getTransformationUID() == null ||
!streamNode.getOperatorName().contains(streamNode.getTransformationUID()))
.forEach(System.out::println);
This snippet will print all the operator that doesn't match with your rules.
This won't work in the 100% of cases, like using a uid which is a substring of the name. But you have here a general way to access to the operators information and apply the filters that fits in your case and perform your own strategy.
This snippet can de used as part of your CI or use it directly in your application.
In a legacy project we had issues where if a developer would forget a project_id in the query condition, rows for all projects would be shown - instead of the single project they are meant to see. For example for "Comments":
comments [id, project_id, message ]
If you forget to filter by project_id you would see all projects. This is caught by tests, sometimes not, but I would rather do a prevention - the dev should see straightaway "WRONG/Empty"!
To get around this, the product manager is insisting on separate tables for comments, like this:
project1_comments [id,message]
project2_comments [id,message]
Here if you forgot the project/table name, if something were to still pass tests and got deployed, you would get nothing or an error.
However the difficulty is then with associated tables. Example "Files" linked to "Comments":
files [ id, comment_id, path ]
3, 1, files/foo/bar
project1_comments
id | message
1 | Hello World
project2_comments
id | message
1 | Bye World
This then turns into a database per project, which seems overkill.
Another possibility, how to add a Behaviour on the Comments model to ensure any find/select query does include the foreign key, eg - project_id?
Many thanks in advance.
In a legacy project we had issues where if a developer would forget a project_id in the query condition
CakePHP generates the join conditions based upon associations you define for the tables. They are automatic when you use contains and it's unlikely a developer would make such a mistake with CakePHP.
To get around this, the product manager is insisting on separate tables for comments, like this:
Don't do it. Seems like a really bad idea to me.
Another possibility, how to add a Behaviour on the Comments model to ensure any find/select query does include the foreign key, eg - project_id?
The easiest solution is to just forbid all direct queries on the Comments table.
class Comments extends Table {
public function find($type = 'all', $options = [])
{
throw new \Cake\Network\Exception\ForbiddenException('Comments can not be used directly');
}
}
Afterwards only Comments read via an association will be allowed (associations always have valid join conditions), but think twice before doing this as I don't see any benefits in such a restriction.
You can't easily restrict direct queries on Comments to only those that contain a product_id in the where clause. The problem is that where clauses are an expression tree, and you'd have to traverse the tree and check all different kinds of expressions. It's a pain.
What I would do is restrict Comments so that product_id has to be passed as an option to the finder.
$records = $Comments->find('all', ['product_id'=>$product_id])->all();
What the above does is pass $product_id as an option to the default findAll method of the table. We can than override that methods and force product_id as a required option for all direct comment queries.
public function findAll(Query $query, array $options)
{
$product_id = Hash::get($options, 'product_id');
if (!$product_id) {
throw new ForbiddenException('product_id is required');
}
return $query->where(['product_id' => $product_id]);
}
I don't see an easy way to do the above via a behavior, because the where clause contains only expressions by the time the behavior is executed.
What I am looking to do is Make it the "Account" name field require a unique name.
Basically If one of my reps tries to create an account, and that account all ready exists it tells them no that account all ready exists.
Salesforce tells me this funicality is not build into sales force. Any help or dirrection would we wonderfull.
Make a new text field, call it Name__c. Mark it as unique, length... probably 80, same as Name field length.
Create new Workflow rule with condition ISNEW() || ISCHANGED(Name) || ISBLANK(Name__c) and the action should be a field update that simply has Name in the formula that determines new value.
Remember to activate the workflow and to fill in the newly created field because it will be blank for all your existing accounts!
Your call if you want to show the field on page layouts (it's quite "technical" so could be hidden). If you do - it's a good idea to make it readonly!
You can use this validation:
AND(CONTAINS(VLOOKUP( $ObjectType.Account.Fields.Name , $ObjectType.Account.Fields.Name, Name), Name), OR(ISNEW(), ISCHANGED(Name)) )
Salesforce offers duplication management for this purpose.
You just set up Matching Rules and Duplicate Rules for your Account object in Setup > Administration Setup > Data.com Administration > Duplicate Management.
Link: https://help.salesforce.com/apex/HTViewHelpDoc?id=duplicate_prevention_map_of_tasks.htm&language=en_US
You could write a trigger to prevent duplicates. It'd be a "before insert" trigger that queried for existing accounts with the same name. If an Account name already exists, you'd call addError() on the new Account record, preventing the insert from continuing.
Have you searched the AppExchange for solutions? Might want to check out something like DupeCatcher
You could always make a custom field to contain the account name (something like "Business Name") and then ensure that's required and unique.
You'd need to do some basic Data Loader gymnastics to move your account names to the new field, and come up with a strategy for populating the existing Name field for accounts.
AND(VLOOKUP($ObjectType.Object_Name.Fields.Name, $ObjectType.Object_Name.Fields.Name, Name) = Name, OR(ISNEW(), ISCHANGED(Name)))