when received a scan results how salesforce-Checkmarx will do code scan, so my question is, as per some blogs and salesforce standard documentation I checked delete permission before deleting a record, but still I am getting CURD Delete Issue, (security submission done 2 time, got same results). I am specifying a my code
if(Schema.SobjectType.Tracking_path__c.isdeletable())
{
Delete tpList;
}
else
{
ApexPages.addMessage(new ApexPages.message(ApexPages.severity.FATAL, system.label.delete_access));
return null;
}
Got the fix for this issue. If you change your code like below you will get it fixed in review report.
List<CustomObject__c> listOfCustomObject = [Select Fields from CustomObject__c];
if(CustomObject__c.sObjectType.getDescribe().isDeletable()){
delete listOfCustomObject;
}
Related
I'm new to Entity frameworks and got some questions. I've got an EFcore project where there needs to be a database around users, with roles, groups,..
First I had Razor CRUD pages where everything worked. I could add, update and delete users, roles, groups,... But along the way I realised that I rahter needed a SwaggerUI so I could use that API for an other frontend project.
So I changed the razor pages to Swagger and for some reason the database doesn't change when I Update, delete or post something. Without any warnings. I even get succes codes back as feedback.
But the action doesn't really go through.
(When I delete, it says deteled but record is still the same. Same with Update and with a post, it says that the creation succeeded but the new record is not in my database.
I can view all records with Get & specific Records with Get:ID so I'm kind of lost why my update, post or delete action don't work.
I'm kind of new in this area so any feedback is much appreciated.
Thanks in advance.
Try to update/delete/post a record in db. Always gives
UserController : ( this worked with the Razor pages but not with the swagger page)
[HttpDelete("{id}")]
public ActionResult<User> Delete(int id)
{
var user = _userRepo.Get(id);
if(user != null)
{
_userRepo.Delete(id);Console.WriteLine("is deleted.");
}
else
{
return NotFound();
}
return NoContent();
}
[HttpPost()]
public IActionResult Add([FromBody] UserCreateViewModel model)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
var newUser = new User
{
FirstName = model.FirstName,
LastName = model.LastName,
Email = model.Email,
Platform = model.Platform,
Is_enabled = model.Is_enabled,
};
Console.WriteLine(newUser);
_userRepo.Add(newUser);
return CreatedAtAction(nameof(Get), new { newUser.Id }, newUser);
}
Note: The Console.WriteLine("is deleted."); does run and is shown in the console. But it doesn't delete the record.
In Entity Framework, the SaveChanges() method internally creates a
transaction and wraps all INSERT, UPDATE and DELETE operations under
it. Multiple SaveChanges() calls, create separate transactions,
perform CRUD operations and then commit each transaction.
https://www.entityframeworktutorial.net/entityframework6/transaction-in-entity-framework.aspx#:~:text=In%20Entity%20Framework%2C%20the%20SaveChanges,and%20then%20commit%20each%20transaction.
I have a problem related to firestore updating in fields .
allow update, delete: if request.auth != null && resource.data.id == request.auth.uid;
In the above security rule i am able to update my all documents field except when i change my image array which store link of all my images in storage. if i cannot change images array then update work successfully for me. otherwise permission error occurs on the console and when i call update method all other fields except image array deleted
allow update, delete: if request.auth != null;
But when i change my security rules to the above line, I did not get permission error and update work successfully. But i don't want to change my security as it is necessary for my application.
My code look like this
let projectData = {
projectName,
images,
}
await db.collection('projects').doc(projectUid).update(projectData);
there is another field of id which added to document when creation so i am not updating it
so anybody knows why error occurs when i am trying to update my images array field ?
I am currently setting up a new project using Laravel 8. Out of the box, Laravel is configured to use auto-incrementing ID's for the user's ID. In the past I have overrode this by doing the following.
Updating the ID column in the user table creation migration to
$table->uuid('id');
$table->primary('id');
Adding the following trait
trait UsesUUID
{
protected static function bootUsesUUID()
{
static::creating(function ($model) {
$model->{$model->getKeyName()} = (string) Str::orderedUuid();
});
}
}
Adding the following to the user model file
use UsesUUID;
public $incrementing = false;
protected $primaryKey = 'id';
protected $keyType = 'uuid';
On this new project, I did the same as above. This seems to break the login functionality. When the email and password are entered and submitted, the form clears as though the page has been refreshed. Thing to note is there are no typical validation error messages returned as would be expected if the email and/or password is wrong.
To check that the right account is actually being found and the password is being checked properly, I added the following code to the FortifyServiceProvider boot method. The log file confirms that the user is found and the user object dump is correct too.
Fortify::authenticateUsing(function(Request $request) {
\Log::debug('running login flow...');
$user = User::where('email', $request->email)->first();
if ($user && Hash::check($request->password, $user->password)) {
\Log::debug('user found');
\Log::debug($user);
return $user;
}
\Log::debug('user not found');
return false;
});
Undoing the above changes to the user model fixes the login problem. However, it introduces a new problem that is the login will be successful but it wont be the right account that is logged in. For example, there are 3 accounts, I enter the credentials for the second or third account, but no matter what, the system will always login using the first account.
Anyone have any suggestions or ideas as to what I may be doing wrong, or if anyone has come across the same/similar issue and how you went about resolving it?
Thanks.
After digging around some more, I have found the solution.
Laravel 8 now stores sessions inside the sessions table in the database. The sessions table has got a user_id column that is a foreign key to the id column in the users table.
Looking at the migration file for the sessions table, I found that I had forgot to change the following the problem.
From
$table->foreignId('user_id')->nullable()->index();
To
$table->foreignUuid('user_id')->nullable()->index();
This is because Laravel 8 by default uses auto incrementing ID for user ID. Since I had modified the ID column to the users table to UUID, I had forgotten to update the reference in the sessions table too.
I have been asked to report an issue with connecting to Snowflake using the node connector here.
Issue: https://github.com/snowflakedb/snowflake-connector-nodejs/issues/113
The issue is I can't find any documentation on how to re-use an existing token to avoid taking a long time when connecting to Snowflake.
Would appreciate any help.
EDIT
Here is the code I use:
// Tokens are retrieved from a DB
if (tokens) {
connection.masterToken = tokens.masterToken;
connection.masterTokenExpirationTime = tokens.masterTokenExpirationTime;
connection.sessionToken = tokens.sessionToken;
connection.sessionTokenExpirationTime = tokens.sessionTokenExpirationTime;
}
connection.connect(async function (err, conn) {
if (err) {
reject(err);
} else {
resolve();
}
});
This might not be a full answer, but hopefully it helps you or someone else. I've had similar issues. For us the process is to get a JWT token via a web service. I haven't tested this, but suspect this could be re-used.The JSON response includes a "lease_duration" property. I'm guessing this is in seconds, but do not know though I tried to check. To give you an idea, one value I got for this is 2764800. You could calculate the do something like:
Long leaseDurationInMs = Long.parseLong(result.get("lease_duration"));
Date estimatedLeaseExpiration = new Date(leaseStartTime+leaseDurationInMs);
System.out.println("Estimated lease expiration timestamp (human readable): "+estimatedLeaseExpiration);
Long estimatedLeaseExpirationInMs = estimatedLeaseExpiration.getTime();
and if then check this value each time you would have fetched whatever this token thing is to see if you need to get another one.
Sorry for answering my own question but I ended up caching the data on my side to avoid connecting too often.
this is my first grails project, so sorry if it's a newbish question but I didn't find anything about it.
I'm using Grails 3.3.2 with mongoDB and the calls to the DB are made with GORM.
I created a method that receives a list of users to create a MAP with the users and their specific roles and render it in a view. Only the admin has access to this page and now I don't want for a logged in admin to have access to his privileges/role, in other words, an admin can ONLY change the roles for other admins.
This way the system don't be with no admin by mistake.
This is the method:
#Secured(["ROLE_Administrador"])
def renderListUsers(def listUsers) {
//remove o proprio utilizador antes de tudo!
// THIS PRINTLN !!
//println(listUsers)
listUsers.remove(User.findByUsername(getPrincipal().username))
def usersWithRole = [:]
for (user in listUsers) {
usersWithRole[user.username] = UserRole.findByUser(user).role.toString().split("_")[1]
}
render(view: "listUsers", model: [users: listUsers, userRoles: usersWithRole])
}
This method is working perfectly, the issue is that as soon as I added the "listUsers.remove(...)" (line 7) to remove the logged in user I was getting this error and I didn't understand why, then I find out that the error only occurs if the user removed is in the index 0 of that list.
Now I found if I add that "println(listUsers)" before it just works always! Even if the object removed is in the index 0.
Is this a known error on groovy or what am I doing wrong? I don't want to leave that print there.
Thank you for your time!
EDIT:
Got it to work! This way:
def loggedUser = User.findByUsername(getPrincipal().username)
if (loggedUser in listUsers) {
listUsers.remove(loggedUser)
}
I knew that I needed to add this verification, but I didn't thought that it would resolve this.