I'm facing an issue here that happens when the final user edit the HTML in the browser and change the pages behavior. Lets say I have an input with disabled="true" and another attribute that makes the two way binding happen ng-model="MyModel".
Our pages were designed to support insert and edit in the same page (it was built on top of the ASP.NET MVC Framework), so we use the routes provided by it (and I can't change it).
So, deppending on the user role or any other condition, some fields may have the disabled attribute equals to true or false, and here is where the problems appears.
If the user edit the HTML and change the field that was previously disabled, he can now edit and change my model that he should not be able to change.
Sometimes, such fields cannot be handled(validated) in the backend because the backend knows that it may be changed by a user that has permission to do it.
Note: The user with roles to edit those fields is just an example, sometimes is just impossible to identify using validations in the backend when the field can or cannot be edited, in that case, we apply some view logic to decide when setting a field as disabled or enabled.
Iwas wondering, is there any good approach to handle with this situation? Does anyone faced the same problem? How did you solved the problem?
Related
I started with admin-on-rest recently and I love what it brings. However, I am stuck on 2 issues and I was hoping to get some help:
Question 1
I created a custom theme with custom color pallette etcetera. How can I reduce the spacing around buttons? You can see it on the demo here: https://marmelab.com/admin-on-rest-demo/#/customers/121, the save button has an indent of maybe 20-30 pixels. Can I remove this and align the button with the input fields, title, etcetera?
Question 2
What is the best approach for creating an /#/user/details/ view for example, where users can edit their own account details, re-using the EDIT component? I have now added this resource:
<Resource name="user/details" edit={EditDetails} />
I can edit the account by going to /#/user/details/ID (replacing ID with the actual user ID). But I don't want to expose the ID. Better yet, the SPA doesn't need to know about the ID at all, because the API can understand a PUT request to /user/details/ as a request to update the current user details. So I don't actually need the SPA to send or need this ID. Any ideas on this?
Question 1: https://marmelab.com/admin-on-rest/Theming.html#overriding-a-component-style
Customizing the Toolbar which contain the button will require a bit a of work in versions 1.*.*. You'll have to create a custom Toolbar using the original as a starting point (https://github.com/marmelab/admin-on-rest/blob/master/src/mui/form/Toolbar.js) and use it as the toolbar prop for your form (https://marmelab.com/admin-on-rest/CreateEdit.html#toolbar). This will be a lot easier in v2.
Question 2: this can be achieved using a custom restClient. In a nutshell, intercept calls which target the user resource and build the url yourself, not forgetting to handle the response.
However, for such a thing, I would advise against using the admin-on-rest mechanisms as it seems users are not really a resource but an application concept. As such you might want to handle this in a custom page with fetch by yourself.
I have modules coming with empty admin setup page.
I'd like to set up this module programmatically.
This page is basically a form. I know I can change this form with hook_form_alter() however for this to work I need to go to this page and press save. This is NOT what i'd like to achieve, I'd like to do it programmatically.
What are my options?
(These modules are not my custom codes. I have them from drupal.org so I have them as they are, I need to write my code that makes this happen. (a module ideally))
Look at the module's code. Most likely, it is storing its configuration in variables, so you should just be able to set the variable from your own code and dodge the form altogether.
The Closest answer can be found here: here
Which says:
look at drupal_form_submit() to programmatically submit a form -- its like visiting the form in a webpage and submitting it without ever opening a browser window. Whatever logic that form does upon submission -- will still happen
Another solution can be that it is storing data as a variable, or just in the database somewhere.
So I'm still new to Angularjs, but I'm wondering if it's possible to show certain things if the user isn't authenticated while full access if a user authenticates without duplicating the template? A solution that I could think of is using ng-show and ng-hide where certain features will show up if isAuthenticated is true. Is there a better way of doing this?
I would use ng-if because this completely removes the DOM as opposed to just hiding it.
You can use the resolve function in routing to determine whether a user is authenticated and authorized before the page loads so they won't see the edit option flash and disappear.
Remember that since this is javascript the user can always modify the code to allow editing to show up. Make sure on the server side that editing is blocked if the user is not authorized to do so.
All our content is gone, both on the frontend as the backend. Only the titels are there
If I check the database I still see the content in field_data_body. Rebuilding the nodes didn't work.
When I look this problem up, all are pointing to the organic group module. That I need to disable this. But I never installed this.
Anybody any idea to solve this (and what did I do the mess this up?).
This can be caused by deleting fields in your content type, or by disabling modules that provide the fields.
Also this can be caused by input filters being incorrect, check the enabled input formats, and lastly check user access control and make sure that all users can "access content".
Good luck!
I have one problem with IE7. Let me explain the scenario
I have opened my web based application in IE7 browser in TAB1 by using normal login feature. After successful login, i entered to the application home page and i do with my normal transaction say Trans1. Now i want to open my application again in another tab TAB2 in the same browser window.. what happens IE7 won't allow me to login on my application in the login page, it directly enters to the home page and when i do one transaction say "Trans2" it is going smoothly. Now when i again went to the TAB1 and doing one transaction it is opening the TAB2 page that i opened in TAB2.
It seems IE7 is sharing same session cookie in multiple tabs. Is there a workaround for the same scenario.
Anyone have any solution for this problem.
Appreaciate your help in this regard.
Thanks,
Manoja Swaro
It seems IE7 is sharing same session cookie in multiple tabs. Is there a workaround for the same scenario.
Well no. Cookies are by design shared between all instances of the same browser, whether in multiple tabs or multiple windows. You can only get two separate sessions by using different browsers, like an instance of IE and one of Firefox.
This changes a little in IE8, but in quite a complicated way you probably don't want to rely on. See http://blogs.msdn.com/ie/archive/2009/05/06/session-cookies-sessionstorage-and-ie8.aspx
This is why you should generally not be using cookies/sessions for keeping track of partially-completed transactions; one transaction will always interfere with the other. Better to either:
keep track of all incomplete transaction data in page/form data, like hidden fields
if that's too much data to keep passing back and forth, create an ID for the transaction that is remembered through page data, and store the actual data in the database.
You can also use a unique ID tied to the page to generate more unique cookie names, eg. 'preference.1234=foo' instead of just 'preference=foo', so that each instance will have its own cookies.
Yes. IE shares session/cookie between tabs.
Try to run a new browser (i.e. from Start menu) -- it helped with older versions of IE
and it works with my IE7.
AFAIK This happens with all tabbed browsers (FF for example).
Indeed, this is how all tabbed browsers work. Cookies are shared among all tabs. However they are not shared among multiple instances of the same application, but I doubt this will help you.
This is actually a serious problem for many applications. It is very difficult to keep track of the tabs - which are open, which are closed, when a new tab opens, and when an existing one makes a request.
There is one workaround I have found, but it's pretty messy. The idea is that you have to assign a unique ID to every tab yourself. Then, when a tab performs some actions, this ID has to be posted back to the server. Depending on the architecture of your application, the ID can be passed around in URLs or hidden form fields. If you're doing AJAX, this can make it easier to find a common place to add the ID. ASP.NET also has just one form at all times, so the hidden field is easy to do.
Naturally, on the server side you must check this ID and implement your own "tab sessions" based on it.