I use active-record 4.0 in a grape api application, but as strong parameter only works in rails controller, how do I permit params in a grape api class
There seems to be a way to use the strong parameters outside the controller
raw_parameters = { :email => "john#example.com", :name => "John", :admin => true }
parameters = ActionController::Parameters.new(raw_parameters)
user = User.create(parameters.permit(:name, :email))
For more info check the repository documentation on github https://github.com/rails/strong_parameters
Regards
Related
I'm converting my app to CakePHP 3.6, and working now on using the new Authorization plugin. I'm not sure how to check authorization for things like indexes or other reports, where there is no "resource" to pass to the can() or authorize() functions.
For now, I've built a ControllerResolver, loosely copied from the ORMResolver, which accepts controller objects and finds policies based on the singularized controller name, so that they're named the same as the Entity policies I'm building. (That is, my UserPolicy can have canIndex and canEdit functions, the former found via the controller and the latter via the entity.)
This works fine in controller actions where I can call $this->Authorize->authorize($this);, but it doesn't work in views, where I'd like to be able to do things like:
if ($this->Identity->can('index', *something*)) {
echo $this->Html->link('List', ['action' => 'index']);
}
so as to only show links to people who are allowed to run those actions.
Anyone know if there's a reason why the system implicitly requires that the "resource" passed into authorization functions be an object? (For example, the plugin component calls get_class($resource) in the case of a failed authorization, without first checking that the provided resource is in fact an object.) Allowing a string (e.g. \App\Controller\UsersController::class) would make my life easy. Very happy to put together a PR for this if it's just an oversight.
But authorizing indexes seems like a pretty obvious function, so I wonder if I've missed something. Maybe I'm supposed to pass the table object, and split the authorization between an entity policy and a table policy? But using table objects in views just for this purpose seems like a violation of separation of concerns. Maybe uses of the plugin to date have been things where indexes are always public?
to do this you can use the authorizeModel, as stated in the documentation https://github.com/cakephp/authorization/blob/master/docs/Component.md#automatic-authorization-checks. Basically is adding the auhtorizeModel parameters when you load the component at AppController.php
$this->loadComponent('Authorization.Authorization', [
'skipAuthorization' => ['login','token'],
'authorizeModel' => ['index','add'],
]);
When you configure an action to be authorized by model the authorization service uses the TablePolicy, so if you want to authorize the index action for Books you need to create the BooksTablePolicy and implement the method
<?php
namespace App\Policy;
use App\Model\Table\BooksTable;
use Authorization\IdentityInterface;
/**
* Books policy
*/
class BooksTablePolicy
{
public function scopeIndex($user, $query)
{
return $query->where(['Books.user_id' => $user->id]);
}
public function canIndex(IdentityInterface $identity)
{
// here you can resolve true or false depending of the identity required characteristics
$identity['can_index']=true;
return $identity['can_index'];
}
}
This will be validated before the request reaches your controller so you do not need to authorize anything there. Nevertheless if you want to apply an scope policy as you can see in this example:
public function index()
{
$user = $this->request->getAttribute('identity');
$query = $user->applyScope('index', $this->Books->find()->contain('Users'));
$this->set('books', $this->paginate($query));
}
I need to replicate "Search Google for this Image" in my rails app where image search is performed on an image in the app. I am using google-api-ruby-client gem. To test the api I am starting with a simple query search:
Trying this for a regular search term but getting invalid_scope error.
client = Google::APIClient.new application_name: 'xxx', application_version: '1.0'
keypath = Rails.root.join('config', 'privatekey.p12').to_s
key = Google::APIClient::PKCS12.load_key(keypath, 'notasecret')
client.authorization = Signet::OAuth2::Client.new(
:token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
:audience => 'https://accounts.google.com/o/oauth2/token',
:scope => 'https://www.googleapis.com/customsearch/v1',
:issuer => 'xxx#developer.gserviceaccount.com',
:signing_key => key
).tap { |auth| auth.fetch_access_token! }
api_method = client.discovered_api('customsearch', 'v1')
result = client.execute(:api_method => api_method, :parameters => {
'q' => 'Hello+World'
})
return result.data
Thoughts?
It looks like your API call is missing the required Custom Search Engine ID. You need to use cx or cref to specify the custom search engine you want to use. If you don't already have CSE ID, you can get one here: https://www.google.com/cse
Once you have the CSE ID, you will need to include it to the parameters. One possible way is just adding it to the hash you already have...
result = client.execute(:api_method => api_method, :parameters => {'cx' => 'YOUR_CSE_ID', 'q'=> 'Hello+World'}
Your actual URI structure should look like:
https://www.googleapis.com/customsearch/v1?key=YOUR_API_KEY&cx=YOUR_CSE_ID&q=Hello+World
Here's another good reference: https://developers.google.com/custom-search/docs/api
Unfortunately I do not have experience with the Custom Search Engine but I did find a link I think could help you get to the right answer. This Google Dev documentation seems pretty good for setting up a custom search engine for your site.
Google Developers - Creating a Custom Search Engine
I'm working on creating a model in backbone to interact with my postgres database. I'm using backbone.js for the client side and node.js/sequelize.js for the server side. The code given in the backbone tutorial says this:
var UserModel = Backbone.Model.extend({
urlRoot: '/user',
defaults: {
name: '',
email: ''
}
});
Here they are interacting with a users sql database using a RESTful url (I have no idea what that is). Does anyone have any ideas how I can refer to my postgres table? I am beyond confused and have no idea what's going on (this is all really new to me)
Thanks.
A RESTful URL is just a URL for a webservice that uses RESTful principles. Google can explain that better than I can here, but the basic idea is to integrate the various REST "verbs" (GET, POST, DELETE, etc.) in to the API. For instance, here's a set of RESTful verbs + urls for an imaginary user API:
GET /user - returns a list of users
POST /user - creates a new user
DELETE /user/5 - deletes the user with ID 5
PUT /user/5 - updates/edits the user with ID 5
Backbone works particularly well if your server-side is designed similarly, but it's not a requirement.
If your server-side API isn't RESTful, you just need to override certain methods on your Models and Collections (most likely destroy, fetch, save, url, parse, sync, and toJSON) to do whatever is appropriate for your server.
For instance, you might want to override the url method of your model to make it return your server's (unRESTful) URL:
url: function() {
return 'www.example.com/some/very/not/RESTful/' + this.id + '/URL/example';
}
Or, if your server returns your objects with an "envelope", for instance:
{
type: 'envelope',
payload: {
type: 'user',
name: 'Bob',
id: 5,
}
}
you can modify parse to strip it out:
parse: function(original) {
return original.payload;
}
As for "how do I refer to my postgres table", if you override the appropriate methods, then call the appropriate Backbone action methods (fetch/save/destroy) on your models and collections, Backbone will make AJAX requests to the URL you define in your url override. Your server can then use any language you want to interpret that request and perform the appropriate operation on your PostgreSQL database.
I'm trying to execute some business logic after the checkout process in Drupal 7 with Drupal commerce module. I've read on the documentation that I can use the hook hook_commerce_checkout_complete but it's not called
function api_manager_commerce_checkout_complete($order) {
$ow = entity_metadata_wrapper('commerce_order', $order);
foreach ($ow->commerce_line_items as $line_item) {
$sku = $line_item->commerce_product->sku->value();
$record = array(
'uid' => get_user_id(),
'sku' => $sku,
'token' => uniqid(),
);
drupal_write_record('api_manager_product_user', $record);
}
}
For your information, I've disabled 'payment' and 'billing information' in the checkout configuration
Whenever a new hook is implemented in Drupal you are required to clear your cache ( class ). Only then would that particular hook be available and fired when invoked.
If you are using devel module, you can check out if your hook is recognized by the system by Drupal by using module_implements function. Devel module gives you a convenient tool at http://www.mysite.com/devel/php to try out such snippets.
dpm(module_implements('commerce_checkout_complete'));
If your module's name is not listed as the output of the above function then it means your hook is not recognized. As mentioned earlier please clear your cache in such case.
Can Magento be integrated with CakePHP?
If my site is developed in CakePHP. Can I do the product module including shopping cart in Magento?
Yes, it can. For example:
require_once 'app/Mage.php';
umask(0);
Mage::app();
Mage::getSingleton('core/session', array('name'=>'frontend'));
$cart = Mage::helper('checkout/cart')->getCart()->getItemsCount();
echo 'Items count: ' . $cart;
Look at these articles:
http://www.exploremagento.com/magento/run-magento-code-outside-of-magento.php
http://blog.chapagain.com.np/magento-how-to-run-magento-code-in-an-external-website/
can make the Mage class working for me in pure php code with the above example. But you know Cakephp has its own routing mechanism. I have magento installed in the root and trying to add another application built with cakephp - that application has its own data structure & database (mainly be used for custom reporting and some tracking stuffs) but will share some data from magento (that is the main site)
I managed to do a hack (and there where no other way to do that).
The hack is you need to put the "function __()" inside in line 93 of Magento app/code/core/Mage/Core/functions.php
if (!function_exists('__')) {
function _ () { .... }
}
and you need to do the same for "DS" in app/Mage.php line 23
if(!defined('DS')) {}
then you can just use the Mage class and do all the operation to Megento.