I am quiet new to symfony 2 frmaework and I have been trying to find a inbuilt function or a fos container service that contains information about groups or role of a currently logged in user.I have used groups of FOS user bundle and each of user is assigned to only one group and role is defined to group.
Thanks in advance.
In the symfony session object you will have the current logged in user, and because the group is mapped to the user entity you can just access to the group with a getter here is a twig example
{{ app.security.getToken().getUser().getGroup() }}
To get the group roles you just call the Geter getRoles (), it returns the user roles and his group roles in the same array.
Related
I have a Non-Salesforce Auth System which holds usernames and passwords for a few thousand users. I am willing to migrate these users to Salesforce and give access to these users to my Experience Cloud site. I am developing an apex REST Resource which will take username and password as arguments and create a user with that username and password with a community profile. I am planning to call this API from my Non-Salesforce system and migrate all these users. I am using Site.createExternalUser method in this API. I am getting the exception
Site.ExternalUserCreateException: [That operation is only allowed from within an active site.]
The reason I am using Site.createExternalUser is because I don't want to send the welcome email/reset password email to my users since they already have signed up successfully long ago.
I am open to any alternatives for achiving this.
Below is my code:
#RestResource(urlMapping='/createUser/*')
global with sharing class createUserRestResource {
#HttpPost
global static String doPost(){
Contact con=new Contact();
con.Firstname="First";
con.LastName= "Last";
con.Email="first.last#example.com";
con.AccountId='/Add an account Id here./';
insert con;
usr.Username= "usernameFromRequest#example.com";
usr.Alias= "alias123";
usr.Email= "first.last#example.com";
usr.FirstName= "First";
usr.IsActive= true;
usr.LastName= "Last";
usr.ProfileId='/Community User Profile Id/';
usr.EmailEncodingKey= 'ISO-8859-1';
usr.TimeZoneSidKey= 'America/Los_Angeles';
usr.LocaleSidKey= 'en_US';
usr.LanguageLocaleKey= 'en_US';
usr.ContactId = con.Id;
String userId = Site.createExternalUser(usr, con.AccountId, 'Password#1234', false);
return userId;
}
}
You can suppress sending emails out in whole org (Setup -> Deliverability) or in the Community config there will be way to not send welcome emails (your community -> Workspaces -> Administration -> Emails).
Without running on actual Site I don't think you can pull it off in one go. In theory it's simple, insert contact, then insert user. In practice depends which fields you set on the user. If it's Partner community you might be setting UserRoleId too and that's forbidden. See MIXED DML error. In Customer community you might be safe... until you decide to assign them some permission sets too.
You might need 2 separate endpoints, 1 to create contact, 1 to make user out of it. Or save the contact and then offload user creation to #future/Queueable/something else like that.
When I use graph API withinh POSTMAN in order to add a guest user to a group I process as follow :
Add the /invitations endpoint to add my user ( I do not use email invitation)
Then I can see from my AD users that it has been added properly
Next I user the /groups/{Group ID}/members/$ref to add the created users in step 1
Then I can see from my AD that users has been added to group right a way
Then this exact steps, I add it in a script that is executed at a dedicated time as follow: 1. use the /invitations endpoint to add my user and Send an invitation by email 2. The return userID by first call is then used to add right away the user to the group by using the /groups/{Group ID}/members/$ref endpoint with body set as
{ "#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{userID}" }
Then response to add user to group is successfull
Then what is strange is that when I check in my AD , I can see the user which has been created BUT I do not see that user as a member of the group it has been added. It is not displayed while no error was return during the API call
Does it means it takes some time to get it visible ? Does it means that user need to validate the invitation before it is added to the group ?
Thanks for your help
regards
That was my mistake,
I get a scrip flag error which prevent the api to complete
I have a custom button that explicitly needs to sort a hard coded recipient with a specific DocuSign role and Sort Order and at the same time load in all contact roles from the related opportunity.
The code below brings in all contact roles (good) but the role of the 'Any Recipient' (which is not a (Salesforce contact role) is defined as 'Customer' (bad) when it should be defined as 'Legal'.
In the (Salesforce) DocuSign Admin | Envelopes settings the roles are defined as 'Customer' and 'Legal' where customer is the first entry and legal is the second. It appears that the sorting of the recipients is based on the the first entry in DocuSign roles because when I make the first entry 'Legal' and second entry 'Customer' I get the anticipated results.
CRL='Email~frasuy#email.com;FirstName~Any;LastName~Signer;Role~Signer 2;RoutingOrder~2,LoadDefaultContacts~1';
When using the code below with the DocuSign role entries of Customer (1st) and Legal (2nd) the mappings are working but none of the contact roles are added (bad) as recipients just the entry defined in CRL (good) with the correct DocuSign role - Legal. The LoadDefaultContacts~1 is not respected since none are brought in as recipients.
CRL='Email~frasuy#email.com;FirstName~Any;LastName~Signer;Role~Signer 2;RoutingOrder~2,LoadDefaultContacts~1';
CCRM='Signer 1~Customer;Signer 2~Legal';
CCTM='Signer 1~Signer;Signer 2~Signer';
How do I bring in all contact roles but explicitly define the DocuSign role for the CRL recipient?
Keep in mind the CCRM parameter is used to map a Salesforce role to a DocuSign Role. In this scenario, a "ContactRole to DocuSign Template Role".
Your current button logic is saying "Only pull contacts with the contact role of Signer 1 and Signer 2".
CCRM is typically irrelevant if you're not using DocuSign Server Templates. To answer your question:
1. You would need to reference all the Contact Roles within CCRM
and CCTM
2. All DocuSign roles must be different because you can't merge two
contacts with the same role
My example below references all the Salesforce default contact roles:
CES='Stackoverflow Example';
CRL='FirstName~Any;LastName~Signer;Email~{!URLENCODE("frasuy#email.com")};RoutingOrder~2;Role~Signer 2,LoadDefaultContacts~1';
CCRM='Decision Maker~Customer;Signer 2~Legal;Business User~Customer2;Economic Buyer~Customer3;Economic Decision Maker~Customer4;Evaluator~Customer5;Executive Sponsor~Customer6;Influencer~Customer7;Technical Buyer~Customer8;Other~Customer9';
CCTM='Decision Maker~Signer;Signer 2~Signer;Business User~Signer;Economic Buyer~Signer;Economic Decision Maker~Signer;Evaluator~Signer;Executive Sponsor~Signer;Influencer~Signer;Technical Buyer~Signer;Other~Signer';
I have acl based CakePHP app and users are belong to groups.
Please advice me where I should implement the redirection code by user's group:
users belong to admin group redirect to admin/dashboard
users belong to manager group redirect to manager/dashboard
users belong to user group redirect to user/dashboard
set $this->Auth->autoRedirect = false; in beforeRedirect() in users controller
In the login() function:
if ($this->Auth->user()){
$this->redirect(array('prefix'=>$this->Auth->user('group'),'controller'=>'dashboard','action'=>'index'));
}
This code is just example to show how it is done, not to be taken as-is.
I am quite new to this Google app engine. I am learning things every day.
I am have a forum on google app engine.
But I want is to be having private or restricted parts.
Some features should be locked for certain google account users, which are in some sort of access control list.
I plain words I can say, only those user who are in list of access can see the forum rest will be redirect to the "contact to admin" page.
As I am new I wanna know that is it something possible.
if yes, how can I achieve it ?
Thanks,
Alok
If you are using the built-in Users API, you can check users.is_current_user_admin() as an access control mechanism. Administrators can be managed via the dashboard.
If you need more granular, application-specific authorization logic, generally you would create a User model in the datastore that references the built-in UserProperty and also holds a list of roles or whatever else you need to check authorization.
To follow up Drew's reply, I use a similar system in my app, so my server code has something like the following class definition (simplified here for clarity)
class myUser(db.Model):
user = db.UserProperty(required=True)
rights = db.StringProperty(required=True, choices=set(["public", "private"]))
created = db.DateTimeProperty(auto_now_add=True)
lastaccess = db.DateTimeProperty(auto_now=True)
and then I have code like this where I handle queries
def checkUserRights(user):
q = db.GqlQuery("SELECT * from myUser WHERE user = :1", user)
u = q.get()
if not u:
# create a new 'public access' user if we haven't seen this person before
u = myUser(user=user, rights="public")
# always update the user record after the source is fetched (updates the lastaccess field)
db.put( u )
return u.rights
rights = checkUser(users.get_current_user())
if isPrivateArea and rights == "private":
....
This way I create a user for EVERY visitor, and then I have an admin interface to change the rights of selected users - you may decide, for example, to not create a record for every visitor
def checkUserRights(user):
q = db.GqlQuery("SELECT * from myUser WHERE user = :1", user)
u = q.get()
if not u:
# grant default public rights to anyone...
return "public"
# always update the user record after the source is fetched (updates the lastaccess field)
db.put( u )
return u.rights
This is, of course, on a page where the app.yaml specifies "login: required"