How to design permissions and conditional loading in extjs - extjs

Background
I have to migrte a existing javascript application (one page app) to extjs. The display and behavior of the application depends on the users permission.
Current design
The application is divided into plugins, which represent a feature set to which permissions are granted. Each of those plugins consists of a single javascript file. A user can have permissions for one or more plugins. Depending on the permissions, those files are loaded in the head of the page. Each of these plugins will add its entries to the main menu and expose the methods used to drive the application.
The permissions are stored in a mysql database.
ExtJs's default design
In ExtJs the source files contain each a class. During the build process, all .js files are concatenated to yield one big .js file, that contains everything.
What would be the best design approach?
I considered to use custom compilation with sencha cmd, and create that way a .js file for each plugin. Then I could load these plugins the same way I do it now. But this results in a complicated build and deployment process.
I also thought about creating one and only .js file with a standard Ext build process. I would then load the permissions from the server via ajax in order to construct the menu. All the objects and methods would exist, but only those are accessible where the user has permissions.
In my opinion, the second approach is much easier maintainable, but it seens to have a security problem, because everyone could look at the source and find out about the data interfaces exposed on the server and consumed by ajax.
Any comments, ideas or advices are welcome. Thanks !

Number two would be the way to go. If you keep your server side permissions in check (while updating data etc) you only need ExtJS to show/hide menu items based on permissions. That way, malicious users can turn certain plugins/items on or off, but they can never execute something that requires more permissions then they would normally have.

Related

JSF application : should I use micro-services and how?

I have a web application developed with JSF 2 and primefaces. The project has been frozen for months, but it's quite advanced, the whole application run inside the same container under glassfish, so it's a monolith.
My application has an user interface and its purpose is to offer them the possibility to organize urls to tutorials (any kinds) as cards, with tags for the classification, into folders. So any user has its own tree, they can make a research inside the other users's tree create a link on a file in their own tree, copy a entire folder, reorganize it etc.
Nowedays we hear a lot about microservices, Spring boot, Angular Js, react etc. I like to develop with JSF it's a great framework, but I'm asking myself about refactoring my application, at least the necessary parts into microservices, and if JSF is appropriate for that or if I should user other tools.
What I like for example with JSF is the facility to create views, its component approach, and how it handle the full cycle of a request.
For example with a simple folder creation form :
I have to choose the parent folder, so I can bind a research component to a backing bean that makes a research indirectly in my DB using a DAO ( in my app an EJB using JPA). That happens at the "invoke application" phase and refresh my form list with ajax at the end. When I submit the form I can also bind a converter to the research component to retrieve directly a Folder object, the converter uses also a DAO to retrieve the object that I need at the "Invoke application" phase to finish the job.
I also use validators to control different attributes of a new folder, usually I declare them inside my entity class (Folder, User ...) with annotations like #NotNull etc. Before I save the folder on my db, I also check the user rights to see if he can write inside the parent folder and so on. I do that inside the backing bean, so at the 'invoke application' phase, and return a faces message if anything happens wrong.
When I read about micro-services I see that you can use them directly inside a form using json for communication, so it seems quite different. For example if I have a micro-service for the CRUD operations of my folders, are the validators, the converters, part of the service or are they stand alone services ? And what about the security checks ? that kind of architecture is quite mysterious to me.
ps : English is not my mother tongue so be indulgent please :)
AngularJs is pretty ancient man :)
You have to look at the pain points to identify ways to tear down your monolith. Monolith pains are usually slow and painful dev cycle and difficult manual test phases. If you did the entire arquillian thing and have full continuouos integration with single button deployments, you've slain the beast the hard way. Not many braved this route. But if you're looking at mounting feature creep with code freezes and manual test cycles then yeah you kind of want to try to pull some of those features out into a service you can redeploy very quickly

Indesign real-time package for collaboration

I manage a team of designers working on Indesign.
When we work on a project, it often happens that a designer has to work on the project of another. We work with Dropbox for Business.
But when we take the work of another designer, there is often missing links and fonts.
Is there a plugin or a way to develop a plugin that would allow, when we create a new indd file (or for the protection of the same file):
Automatically create a "Links" folder and another "Document fonts" at side of the indd file
Systematically add a new link or new typography in the corresponding folder?
To simplify: each action on font or on a link, make a kind of "Indesign Package" in real time?
If this is not a solution, do you have any solutions to meet this need?
I don't know of a specific script or plugin that does this.
However, it should be possible to write a script with an eventhandler with a beforeClose event that runs certain script commands every time a user closes a document (or even every time a user adds, changes or deletes a link). At this point the script could run some copyLink commands on all the images and fonts (?) placing them all in the folders next to the document.
The whole script could be made a startup script, so it becomes active anytime any user runs InDesign.
(I'm actually not sure, if fonts can be copied so easily. Worst case scenario would be that the script would need to run some packaging command to gather the fonts somewhere, copy them over to where you need them and then delete the rest of the temporary package.)
Did you consider Creative Cloud Libraries ? They are meant to allow sharing assets within a team. Apart form that, you users would need to have a same access to the file system (a common drive letter for the network path for example).
Another solution would be to use a DAM solution so users would link files from the DAM.
Eventually, you could sure think of a script as mdomino offered.

what technology should i used to build an window app run with cloud services

I have a software requirement like that:
An app run on window but this app can connect to server to get and use its file by user.
User A can Log in, View all his file from server, Create new file, Edit content, Upload, Share file, View share file of another user.
I usually use .Net framework.
So what technology should i used to resolve this requirement
I really need some advice helpful
Thank!!!
Based upon the comments, I would advice to go for a clean separation between your UI and application functionality.
This will allow you to build possible multiple interfaces ( Win8, Mobile, ... ) for the same application. For Windows environment and you are used to .NET I suggest you take a look at WPF ( Windows Presentation Foundation ). I'm sure you will find that some people already created pretty solid file managers in WPF. It could serve as a good base for yours.
Few pointers if you look at WPF, look on http://www.codeplex.com for frameworks that could ease your coding. (Caliburn.Micro, PRISM, ... ). A very popular pattern is MVVM, this will structure your code so you can easy adjust it in the future.
Further more I think you can get very far with the windows build in libraries to manage the files.
For the editing you'll find a nice challenge to do that in the application, the easy road would just be to let the user open the file from the application into it's proper environment ( e.g.: a word document in Word, excel document in excel, etc.. ).
To get sharing going, multiple options are available. I'm think of sending email links, in application notifications, etc... Sharing could also mean that you set certain permissions on those files. For this you could take it to the limit of domain security management ( talking to an active directory to get the proper permissions etc. ) or you could simple implement your own into your application and restricting it on that level.

How do I use the CakePHP Configure class?

I am trying to use the Configure class in CakePHP, but I'm not sure if I am using it correctly. I have read through the cook book and the API, but I can't seem to do what I want.
I have created a configuration file: app/config/config.php. I can directly edit this file and set variables in there and access them using Configure::read().
Is it possible to update the values of the configuration file from the application itself, i.e., from a controller? I have tried using Configure::write(), but this does not seem to change the value.
app/config/config.php isn't a file that's automatically loaded by Cake. Either move these variables into app/config/bootstrap.php or tell your bootstrap.php file to load your custom file. You could also put your variables in app/config/core.php, but I'd recommend against that. I tend to like leaving that file alone and adding/overwriting values in bootstrap.php.
According to the API, Configure is supposed to be used "for managing runtime configuration information".
You can use its methods to create, read, update and delete (CRUD) configuration variables at runtime. The Configure class is available everywhere in your CakePHP application and therefore CRUD operations performed on its data in any place, including a controller.
If you are looking for persistent storage, you could consider a database (SQL or NoSQL). I would not recommend using a text file, as it raises a lot of security concerns. Even if security is not an issue, a database is propably a more fitting solution.
More on the Configure class in the Cookbook.

Team working on Drupal - Tips

I am working on a Drupal site with a few friends. Obviously we can Version control the code... but what do we do to keep each others databases in check?
I have managed to get all the theming into files (contemplate etc), but ideally my views settings, menu settings would be in line also... (Not worried about Content either way as we're just building the framework)
Any suggestions?
Using Features along with Context is very powerful. Context lets you create a "section" for your site. It's best illustrated through an example:
Lets say we define the "Forum" context as anything with the url of forums/*. Context lets us say: "I want to show these three views in the right side bar, only when I am in the "Forums" context.
Now, using Features, we can create "module" define by the context. So, we will end up with a module called "youSite_forums", which will include all the views, blocks, etc. that was define in your Forums context. It also will determine the correct dependencies, as well as Content Types used in the context. All will be bundled up nicely in a module.
As for versioning content such as node, you can user either Node Export, or just do a DB dump using Backup and Migrate. We use these occasionally, but we never have every node versioned in SVN.
Links:
Features
Context
Backup and Migrate
Problem Solutions in Database Migration from Development to Live Sites
You can find some more opinions on this here: Drupal DATABASE deployment strategies?

Resources