Bonitasoft Bonita Newbie: Showing and editing data entered by user before - bonita

I'm new to Bonitasoft Bonita Studio.
I want to design a form with UI Designer with three input boxes: name, surname, order.
The input shall be thrown to another pool via a message. In the second pool, there is a "catch message event". The data that was entered by the user should be shown in another task/form in this pool and it should be possible to edit the inputs.
That should be very easy, but I can't get this mini-project to work. Could anybody help me please?
Main question is: How can I show the data that was entered before in a new form?
I use a business data model and have a business variable for each pool. I try to use "throw message" and "receive message" to pass the business variable data from one pool to the other pool, but unfortunately i can't use the data from first poll in the second pool.
Could anybody help me please?
Pool 1: Business variable called "bestellung"
Pool 2: Business variable called "kundenbestellung"
In pool 1: throw message event. message variable "nachrichteninhalt" takes value of "bestellung"
in pool 2: receive message event. business variable "kundenbestellung" takes valoue of message variable "nachrichteninhalt"
in pool 2: task to show data of "kundenbestellung" (i tried it with normal Bonita-function and with REST-API, but nothing works)
Screenshots: (sorry, I'm not allowed to include pictures directly into this topic as I'm to new in this forum)
Diagram
Pool 1 variable
Pool 1 message throw event
Pool 2 variable
Pool 2 Receive message event
Pool 2 show data task
Pool 2 show data task form

Related

Can hackers impact information inside state?

in my react application I calculate the price of the order in the back-end, and then transfer it to the state. But at the end, the paypal order amount is passed through the state. Which means, if a hacker can find a way to change the state to "$1", they can get the items cheaper.
This is just one case of me calculating stuff inside my state, and I was wondering if a scenario of hacker changing the state is possible.
One more case of me doing sensitive stuff with state :
When a user tries to reset password and their ip is not blacklisted for too many tries, I transfer them to a page where they need to enter the pin-code that they received to their phone. If they enter invalid pin I increase the "failedTries" state and won't accept their submission if they have failed 3 times. This is done instead of going all the way to the db and storing their failed pin codes. If a hacker changes the state to 0, they can simply brute force the phone pin which is only 6 digit long.
I think you should save failedTries in database not in UI part, as calculated price.
You should get the protected content from a server, and this server should only deliver the content when the user sends a valid token.
This way, yes, anyone can flip the switch in the client, but that only shows the UI components, without any data.
This is the usual approach when creating single-page applications. As long as you don't have secret or sensitive data right in your client from the beginning, they are as safe as your server / API that delivers the data.

Problem with dialog nodes and intents in Watson Assistent

I'm using IBM Watson Assistant for creating a chatbot. I'm using the web interface with the intents, entities and dialog flow|tree (I don't know how it is called, I'm just calling it web interface). I have four problems and hope that someone can help with it.
I have created two intens: #how_are_you with an example "How are you?" and intent #feeling_good with example "I'm good". Of course I have much more examples for these two intents. In the dialog I have now a parent node looking for #feeling_good and a child node looking for #how_are_you (skipping user input in-between). When a user now inputs the sentence "I'm good. How are you?" then only #feeling_good is triggered but not #how_are_you. How can I trigger both intents with only one user input?
I would like to have one node in the dialog which waits for say 100s and then sends another message to the user. Waiting is no problem (using pause) but how can I do it that only a message is sent after the 100s if the user did not send another message during the waiting period? That means when the user sends a message the waiting node should be canceled.
I have a node which checks for a certain intent. When the intent does not match I'm jumping back to the parent node. The problem is that the text from the parent node is repeated each time. How can I prevent this repetition when jumping back?
The last question is perhaps a bit more tricky. I would like to define an array of the numbers [1,2,3,4,5]. Then one node should sample a random number without replacement from that array (e.g. 2), i.e. the remaining array is then [1,3,4,5]. After some time another node should pick another number at random from the array (say 4). And so on. How can this be implemented? I know about variables (e.g. $var) but I don't know how to represent arrays and sample random numbers.
Thank you so much for your answers in advance. And happy new year to everybody.
1) In Watson Assistant always the intent with the highest confidence is used first. Hence processing multiple intents triggered by one sentence is tricky. The "best" solution is to use composite intent - #HELLO_HOW_ARE_YOU. Alternatively you can create conditions that would check if the first two intents returned are a comination of #HELLO and #HOW_ARE_YOU
2) Waiting and sending messages due to inactivity should be ideally handled by the client implementing the chat console in your interface. WA is not well suited for these types of operations, while there is some support, better way how to handle these is get your client application - when inactivity detected - to send something that will be mapped to #INACTIVITY_INTENT and WA will respond with your message coupled with that intent.
3) Don't jump to the node but jump to the first child of that node and use wait for user input.
4) This is possible. WA expression language supports getting random number, getting the size of an array and removing elements from the array.
E.g. <? $array.remove(new Random().nextInt(3))?>

registration process in sip protocol

I am new to sip protocol,i went through the basics and have these following doubts
1)In registering process when i captured using wireshark,i figured out that from and to headers are same when i read rfc 3261,it says that "to" header indicates whose registration is to be done and from" indicates person responsible for registration.The to and from fields are same unless it is a third party registration.it is not clear to me,how can it both be same and what is a third party registration.
2)Does sip have any keep alive mechanism,in zoiper we have the option of giving expiry time (3600 default),but for registration it is 70,for subscribe it is 60 and for invite it is 3600. how these values are automatically selected?
3)The user agent finds registrars using configuration.dns look up and multi-casting.In what case multi casting is preferred,pls explain the method also
what i did was ,installed an asterisk server ,zoiper applicationregister msg capture is attached,created a zoiper account,captured using wireshark in loop back mode.attaching screenshots of captures.Thanks in Advance
Regarding to and from fields in REGISTER:
The "from" field here is just a logical field which should not be checked. If differs from the "to" field that means that "from" registers in name of "to".
But I can't think of any scenario when this should be checked (maybe it can be used for something -app specific- in some complicated scenario). You should just follow the usual authentication process (digest auth or other) and skip this field.
Regarding point 2 (expiry time):
Your mentioned settings in Zoiper are just arbitrary.
Low values (below 200) can be used if client or server doesn't support NAT keep alive (via NOTIFY or simple \r\n\r\n messages). In this case the REGISTER message will keep alive the UDP binding in NAT routers.
Higher values can save some server side processing work and CPU resources
I usually recommend a 600 sec expire timer and 40 sec NAT keep-alive messages.
For INVITE the expire field actually means maximum ring time and it is rarely used.
Regarding point 3 (finding registrars):
The SIP server (registrar server) is usually entered manually in client configuration or set by auto-provisioning. If the server is on the same LAN, then you might be also to detect it also by multicast but this is rarely used.
Here is a good tutorial.

Need advice on Entity Manager

I open up a Member form for Add/Editing members. It has its own entity manager and when the Save button is clicked I close the form and go back to a list form.
When the save is processed, I call a routine called CalculateOwing which calculates the members balance. This method is in a separate .cs file cause it can be called from many areas in the application.
Should the CalculateOwing method be in a separate entity manager or in the same entity manager as the member record being processed?
A response to this question can be seen at http://www.ideablade.com/forum/forum_posts.asp?TID=4686&title=need-advice-on-entity-manager
EDIT:
Including the response here.
"If you want the results of CalculateOwing to be part of the same database transaction, you need to call it before the Save completes and on the same EntityManager that the Save is using."

Multi-threading issue + DataReady already open

We are developing a WinForms application in my company.
We are facing a threading issue.
A thread TH is started in the runtime beginning.
TH reads regularly a record from a table TB.
A DataTable is used for retrieving the record.
The DataTable is filled by a SqlDataAdapter.
The DataTable is disposed as soon as an object is created modeling the retrieved record.
A DataGridView in a Form could be filled with data from TB during the runtime.
The DataGridView must be filled on the main thread that is the thread where user controls are created.
But an exception is thrown when filling a DataTable.
The exception message adverts that a DataReader is already open on the Command used to retrieve records from TB.
I have tried without success to surround a statement executed on TH in a lock block.
I am not used to threading programmation so I do not know what I can do to prevent the exception.
Any help will be greatly appreciated.
I have got useful information from this web page : http://msdn.microsoft.com/en-us/library/haa3afyz(v=vs.80).aspx
The web page contains this information :
Note that while a DataReader is open, the Connection is in use
exclusively by that DataReader. You cannot execute any commands for
the Connection, including creating another DataReader, until the
original DataReader is closed.
In my context :
DataReaders used respectively on the main thread and thread TH execute a select command for the same connection.
The SqlDataAdapter.Fill method probably uses an internal DataReader.
A try to execute the Fill method can be made on the main thread while another call to the Fill method is not yet finished on thread TH.

Resources