I want to create multiple levels of users in my application developed using django1.6 and python 3.2. I inserted the levels in auth_group table. but in the add user page of Django Admin I can assign one user to more than one group(multiselect Group values). Actually I want is one user to one Group only.
Please reply me.
Definitely change the django core is not an option. You shouldn't never do it because in the future you will have problems to update your system to the new django versions,
I can't see clearly why you want to do it but if you really think is a good implementation you should extend your Authentication model to implement what you need:
https://docs.djangoproject.com/en/dev/topics/auth/customizing/
Related
Single Page Application which is developed in angular JS. I Just wanted to know the audit of the user activity in the front end timeline based on the users interaction with the database.
The database layer is done using HIBERNATE and controller layer with JERSEY Restful web-services. I wants to Audit the user operations on add,modify,delete etc in the UI while interacting with the hibernate.
I have gone through some posts , Some suggests JPA API for hibernate auditing, some suggests Spring DATA to achieve it. I Wanted the audit data to be shown up when user interacts with the system as well as arranging it in the back-end also.
Help me from the best architecture perceptive,flow or road-map to achieve it and also give me some learning tutorials.
Thanks in advance
Based on the assumption that by auditing you mean to be able track the change history that is made to entity rows at the database level, then yes Hibernate has an extension called Hibernate Envers that does this for you.
You can find documentation on Envers here
The jist is that you simply need to annotate your entities with #Audited either at the class level or on a per property level, supply a few configuration parameters at the time you construct either your EntityManagerFactory or SessionFactory and make sure you have the appropriate tables created in your database.
Once the revision tracking has started, you can then easily query for audit changes by using the org.hibernate.envers.AuditReader interface. See the documentation for how to obtain this.
We now have one site running but we will need to build a branded site for our client soon. The client site will have exactly the same data set as our current site expect for the user data. The client site must have totally separated user info which allows only the client to use the site.
I don't see the need for setting up a new database or creating a new user table for the client. My tentative solution is add a "Company" column for the user table so that I can differ which site the user data row is on.
I do not know if this approach will work or not or if it is the best practice. Could anyone with experience like this shed some light on this question?
Thanks,
Nigong
P.S. I use LAMP with AWS.
Using an extra column to store a company / entity id is a common approach for multitenant system. In general you will want to abstract the part that that verifies you can only retrieve data you're allowed to a piece that all queries go through, like your ORM. This will prevent people new to the project from exposing/using data that shouldn't be exposed/used.
I'd like to create visualforce page that inserts a record into salesforce account object. However, I expect some of the page users won't have salesforce accounts. Can they still access it? If not, what are the alternatives that can be used to visualforce page in this case? (Please don't consider Web to Lead Forms).
Thanks,
Yes, it's possible. Go read about Salesforce Sites. For a start:
http://wiki.developerforce.com/page/Websites
http://wiki.developerforce.com/page/An_Introduction_to_Force.com_Sites
(of course it's also possible to write that page in say Java/.NET/PHP and use integration via SOAP or REST to talk to Salesforce... but these 2 main links will keep the whole solution within SF so no need to need to learn new language, have extra maintenance effort etc)
Sites are VF pages that expose a bit of your company's data without need to log in. You can use them to input data too, just remember that in theory anybody could learn the link and spam you (not too different from web2lead, inbound email handlers etc). You specify security in a way similar to Profiles, the records will have "Created By = {site name} Guest User".
I don't think there's anything out of the box to restrict visibility, they're open to whole world. So if you would want something similar to login IP ranges (so only sales reps from your office's network can enter data) - you might have to write some logic in the controller.
I am building a simple website that needs 3 user levels (member, mod, admin) and am currently using ACL that sets permission on a per-group basis. Now, this is all working out fine, but I am wondering if it would not be better to just have a role column in the users table that would contain a tinyint and go with that.
Why I am considering this is the following. Say I wanted to have an "admin bar" on the top of the page, I'd have to check in which group the user is, but group names can change and are not static, the role column would be. This raises the question, is ACL suited for websites that have such a simple permissions scheme?
Funny - I just recently wrote a simple Auth for scenarios like that - I called it "Tiny": http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/
It should be pretty much exactly just about what you need.
It does need the roles to be present in the Session Auth, though and that you manage user roles yourself. So you might have to add this to your login method if you want to use multi role Auth.
As you said - the core one is way to powerful and a real overkill for simple use cases.
Just one thing: call the field "role_id" and not "role".
This is what i use http://bakery.cakephp.org/articles/watermark86/2010/09/23/user-permissions-based-on-a-routing-prefix
Though acl is the right way but for small/simple cases like urs you can use this
I've been diving into CakePHP this year and I'm loving it! However, I've just run across a problem that I'm not sure how to handle. My database design is this--
USER can belong to one or more WEBSITE
A WEBSITE can have many USER
So I have a many-to-many relationship which is tracked in MEMBERSHIP
MEMBERSHIP also tracks what group_id the USER has for that WEBSITE.
For example, if user1 joins website3 as an administrator and website5 as a editor, then the MEMBERSHIP table has an entry reflecting both those roles.
Basically my problem is Cake's ACL. In the above-mentioned model, user1's group_id would change depending on which WEBSITE he's selected after logging in. (And he could subsequently change to even more websites within the dashboard by changing the group_id again and again). Cake's ACL appears to only handle 'user belongs to one group' period.
Can I trick the ACL by giving it the group_id from the session every time its changed and then reload the AROs? Would it make more sense to scrap ACL and create my own permissions module?
Any suggestions or ideas to point me in the right direction would be GREATLY appreciated!
i think it will be the best way to create your own permission module.
the reasons are quite simple:
you can modify/extend it in any way YOU want
you will not break any cakePHP specifications