I have a requirement for hierarchical user management system
where I have 3 hierarchies:
User
Manager
Admin
Now, Admin should be able to get a list as well as edit registrations with role 'User' as well as those with role 'Manager'.
'Manger' should be able to get a list of of registrations with role 'Users' and should be able to edit them.
I had thought of proceeding like:
router.get('/:role',auth.isAuthenticated(),auth.hasRole('admin'), users.findByRole);
where hasRole defines the minimum level of role required to access/edit the data.
However, I do not want a Manager to be able to get the List of admins or edit the list of admins.
It should have access to users list only.
This links suggests using bitwise operatorsbut I am pretty confused with the idea of integrating this piece of code with backend i.e saving and retrieving data from mongo db . Can I please get some pointers?
Look at this project: https://github.com/arthurkao/angular-drywall
This is good MEAN-stack based web app template with user management.
Related
I created a report in DataStudio and embedded it on my website. I activated the option "anyone with the link can view" so this report will be visible to my website users.
But I need to show my website users different data depending on their user ids and more important I don't want users would be able to see other users' data so if I used URL filtering users would be able to breach and search another user id to see his data.
Does anyone have a solution for this scenario?
In Google documentation I saw an option to limit the report to users in my domain, I assume this will solve this issue, but I don't find how to restrict other domains.
Users are logged onto Google
If users of your website are already logged onto Google, use the Filter by email address guide from Data Studio help center. This requires you to setup FILTER BY EMAIL and then have a field in your data can be directly used as an email filter.
Users are not logged on to Google
If you want a solution where the users don't have to be logged onto Google, you will need to:
Create a Community Connector to pass the filtered data to your users. The connector should accept a short lived token as part of the config.
Create a dashboard with your connector and pass unique short-lived tokens for each user.
You should have an endpoint that returns the current user's data based on the token provided. Alternatively, the endpoint can return only the user's identify and you can query a secondary data source with a service account filtering for the user's identity.
Your connector should call your endpoint to fetch data only for the user/for the user's identity.
This official guide demonstrates how to implement this in more details.
Disclaimer: I work in the Data Studio team and wrote the above guide.
First option is to add extra 2 fields to your data source.
User_ID
Password
For example:
Data, User_ID, Password
$10,Daniel,123
$20,Alex,456
In your dashboard, you need to create two parameters:
User_ID_Parameter
Password_Parameter
Both parameters can set the default value to null, and accepts any values.
Then create a new calculated field:
CASE
WHEN REGEXP_MATCH(User_ID,USER_ID_Parameter) AND REGEXP_MATCH(Password,Password_Parameter) THEN 1
ELSE 0
END
Then create a new filter to the chart that you want to hide:
To include the above calculated field Equal to 1
Second option is to use the Data Studio default Row Level Security
The only caveat is the users need to sign in before they can view the report.
I understand Wagtail is a CMS. Per my test so far, only the admin has permission to publish an article/content. I checked out "puput" and a few others as listed here. I wonder is there a way to allow normal user registration, login, publishing? Something similar to Medium, where the normal user, or say the community, can contribute to the content generation.
I thought there might be a toggle or switch to enable this. But I didn't find it. I'm looking for a way that is either a package or a plugin or similar. Not coding from scratch. Ideally within Wagtail CMS, but other frameworks based on Django should also be fine.
Thanks.
Wagtail provides two user groups:
Editors: user within this group can create page and submit it to moderation
Moderators: user within this group can publish pages that have been submitted to moderation.
To update groups for a given user, go the the django admin interface with admin credentails, usually the url is your-domain/admin
Then go to Users under Authentication and Authorization category
Then get into the user you want to allow posting pages,
Scroll down until Permissions category and moove groups Editors and Moderators from Available groups to Chosen groups as follow:
Then save new settings.
How can we develop a voting website based on Wordpress where the landing page is login and password protected and logins and passwords are based on a preloaded database of users. The idea is to create a page for employees where they can enter after they provide the individual credentials. It cannot be based on a system where they register - their data should already be in a database.
I am assuming that you do not want different user roles for different users. If that is the case then you will need to create a function in your theme's functions.php file that will check if user is logged in using is_user_logged_in() and if not, redirect them to login page. In order to work around the problem of every user registering on site by themselves, you can create another piece of code that will iterate user details from a csv file, register them and set each user's password.
The reason for this suggestion/approach:
All the users are registered in your WP Users list so your passwords are not easily stolen.
You can assign custom user roles and capabilities later down the line if you wish.
You can do single or bulk addition of user down the line without redoing the same amount of efforts every time you need to add users.
You do not risk breaking the database structure in WP which is decently optimized.
Now do understand that you will need to leverage object caching and work using pre_get_posts to manage the large size of site.
Good Luck!!
I have a music based app I'm building using Parse for the back end. I'm wondering how I should structure my data when it comes to user identities:
A user can be a regular user, and also a musician, and also a venue owner, etc.
So the idea is that a user can have different identities.
I would love your help on how to best structure this data.
You can have a role column in your user table, assign the role based on the user. When the user logs in to the app, you will read his role and based on the role, the ui will be populated. Is this what you are looking for?
I'm attempting to iterate through all User Profiles in SharePoint 2010 from a Silverlight application that will be added to a SharePoint page. Based on what I've learned, the User Profile Service is different than the SharePoint Website's store of a list of users who are "members" of the site or have ever visited it. To get that list of users, see this question.
I know about the asmx web service that SharePoint 2010 provides at mysite.com/_vti_bin/UserProfileService.asmx, but that doesn't seem to have anything like a GetAllUserProfiles method. The closest it looks like I can get is by iterating through all users with successive calls to the GetUserProfileByIndex method, but that's far from optimal.
Is there a way to access User Profiles via a built-in Sharepoint 2010 REST-ful service, such as what's provided for site links at mysite.com/_vti_bin/listdata.svc/Links? If not, what approach do you recommend to get all existing User Profiles in SharePoint 2010?
EDIT:
The purpose of this is to provide summary profile information in the Silverlight control. For example, showing the User Profiles that have the most "Interests" set in their profile. This task is only possible by iterating through all User Profiles.
Are you sure you want to do this through a web service? Getting all links for a user means 20 simple urls. Getting all user profiles means 20,000 large complex objects.
Iterating through all profiles is something I have done in import code, but outside of that I can't think of a scenario where it wouldn't make more sense to use search - especially when user interaction is involved.