My application has different views for different roles like (admin or standard user).I don't know how can i implement it with extjs4 MVC. Examples of extjs4 documentation consider that application has only one role like standard user so they create one app.js file that manage application but if application has many roles i don't know how can i implement different views for different users.
One matter is i have two app.js files in the application and after i get user role in the server i load appropriate app.js file to use appropriate views,controllers,models,stores and so on.
Is this matter true?
This is a rather standard question that comes up so many times and the answer is always the same:
Access Control belongs to the Server where no user can manipulate it
Simply don't provide a View / a model / a controller to a user where he has no access to
With that in mind it doesn't matter if you have one app or ten.
And because Access Control is nothing that belongs to the frontend there is no implementation within ExtJS.
Update -> Hide UI elements
A ready to go approach would be the use of Ext.direct. This provide the application with a API that can be modified based on custom access of the current user and can then be checked by the frontend.
HowTo:
Create the API based on the user session and check on the Clientside like
if(Booking) {
if (Booking.Create) {
// has access
}
}
or as one line
{
xtype: 'button',
hidden: !(Booking && Booking.Create)
}
This is just a simple example how easy this could be done!
update
This Link helped the op
Related
I am building a large application with Web API and AngularJs. I built the secure web api with authentication and claim-based authorizations. One requirement is that different users can view different modules on the same template.
I am new to AngularJs. I did the authentication in client side with the tokens. Also, in web api, I created a service to get all the permission given a user id. The response is a list of resource(contoller)/action(method) pairs. How do I implement the correct layout based on authorization rules on client side? Does that solely rely on web api permissions response and show/hide (ng-hide/ng-show) content based on the permissions?
Is this a good approach? What other modules/directives do I need to look into? Such as the loader for not loading the nested route until user request the parent route.
To add complexity, this site also need to work in bi-lingual. I think ng-translate. I mentioned this because it may open up another discussion on whether this may favor MVC instead of AngularJs. But the preference is Angular if the above two problem can be resolved.
All the authentication & authorisation & validation should be done server-side. You can adjust the user interface based on the roles/claims the server tells the browser the current user has.
One way to do this is to create something like a roles/userprofile controller, which will respond with a list of roles the current user has. On the client side you’ll probably want something you can inject everywhere, so you’re able to determine user interface behaviour.
myApp.factory(‘myUser’, function(Roles, $q) {
// Create a promise to inform other folks when we’re done.
var defer = $q.defer();
// For this example I’m using ngResource
Role.query({
/*
No params — let the server figure out who you ‘really’ are.
Depending on WebApi configuration this might just be
as simple as this.User (in context of the controller).
*/
}, function(roles) {
var user = {
roles: roles,
isInRole: function(role) {
return user.roles.indexOf(role) !== -1;
}
};
defer.resolve(user);
});
return defer;
});
Because the factory above is returning a promise we can enforce that myUser is resolved before a certain route/controller instance is created. One little trick I use is to gather all my route definitions in one object, loop through them with an angular.forEach and add a resolve.myUser property to each of them. You can use this to pre-load/initialize other stuff too.
Now inject the myUser anywhere you like:
myApp.controller(‘MyController’, function($scope, myUser) {
// Expose it on the current scope
$scope.myUser = myUser;
});
… and in your markup …
<div class=“my-content-thingy”>
<p>Lorem del ipsum …</p>
<button class=“btn” ng-if=“myUser.isInRole(‘content-editor’)”></button>
</div>
Note: You’ll probably want to use ng-if and not ng-show; the latter keeps the element in the DOM.
Just keep in mind that you don’t authenticate anything on the client side; that all done server side. A simple way is to place Authorize attributes on the appropriate controller actions.
Hope this helps.
A proper approach is to build AngularJS routing configuration as per Authorization on the server. This should be build just after the user is authorized and before the AngularJS app is initialized. That way the authorized user sees a "complete" app based on his roles etc. Using ng-show/ng-hide is not a good way to do it. Also each view should be doing only one thing. So load separate views based on the task that needs to be completed.
Regarding multi language support, this is independent of Authorization. Some time ago, I wrote a custom AngularJS filter that used the jQuery i18next plugin. It was a pretty simple implementation.
However you can now use https://github.com/i18next/ng-i18next
(Sorry for misunderstanding the problem).
I think that using ng-hide/show is not much of a problem. At the end of the day, the user does not have access to the data. I think it should rely on the api permissions + show/hide of presentation. Depends on the complexity you want... You can use MVC with angularjs since it's a large application.
First of all I'm really sorry if i'm asking a Dumb Question. But unfortunately i can't find out a way to take inputs for my salesforce Application.
I am developing a simple CV Management app, but i can't figure out how to interact users(input data) to the App? I have created Candidate Custom object, and manually i can create the Candidates, but my requirement is to create records by Candidates themselves.
I followed SalesForce Tutorials and i found out a way to display data using VisualForce Custom Pages. But what i want to## Heading ## do is when i giving a link to the user, he can go to that link and there having form to fill with his personal data, and submit only. But i'm just confused how to user input data map with our Custom Candidate object fields.
when i'm searching i saw some FormAssembly and Custom VisualForce Pages. But Problem is I don't hope to use any 3rd party apps.
Tutorials says that;
In the past, to make Force.com data available to the general public, you had to set up a Web
server, create custom Web pages (JSP, PHP, or other), and use the API to integrate Force.com
apps with an external website. This is no longer the case, thanks to Sites!
Please if you can, help me Friends, Really Appreciate it & Thank you soo much..
You'll probably want to do something along these lines...
Create a Visualforce page with standard controller set to your custom object which is the "CV Entry" page (to send candidates to)
Create a Force.com site in your salesforce org to allow public or restricted access to the page
Setup page authentication/permissions as required
I'm fairly new to CakePHP and am trying to setup a custom admin area for my app. I realize Cake can create an admin area with scaffolding but I'd like to build something much more customized, and have it accessible from via /admin/, with one app for the public side and another for the admin.
Ideally, the structure would be:
www
^- apples (public application here)
^- apples-admin (password-protected control panel)
I'm having a hard time figuring out how to set this up using a single Cake core and two apps - one for "apples" and one for "apples-admin". I've read some notes about modding PHP's include path, but that won't be possible in the production environment. The other notes I see about changing CAKE_CORE_INCLUDE_PATH aren't very clear on where I would make that change, and it doesn't appear as though that would get me the app-inside-app structure I'm after.
Is what I'm trying to do possible? Am I better off using just a single app for both the public side and admin area?
You can achieve what you want using a single application.
To get up and running:
Use Prefix Routing to map your admin actions.
Then use the Auth component to restrict access to your 'admin' actions. I recommend setting up a User model to manage your users and using the FormAuthentication handler for logging in.
If you haven't used Bake for code generation before, then that's also worth looking into. It'll help create a base starting point for a lot of your admin functions.
Good luck.
I'm using CakePHP's ACL component to manage permissions for my app. I have about three different "Roles", with different access levels. I am using the HTML helper throughout, to create links to different pages. I would like links to only display if the user has permission to access the page.
The obvious but cumbersome approach, I guess, would be to set variables to the view containing permissions and show links based on these variables.
I was wondering if there is a better way - perhaps a helper that extends the HTML helper to provide a method that checks permissions first?
Thanks.
I wouldn't recommend to use a helper which has this sort of functionality.
This is because this helper would have to do the checking on every link you use on that page. This would slow down your application.
So I think the best approach is your approach. Set the permission on login and display your links accordingly.
We are using this in our application, too, and it works very good and fast.
I want to store additional information on my users (address, phone).
Should I extend the registration page on the sample mvc template or should I set up a separate "profile" table and have that be a separate page?
It seems nice to do it on the registration page, but I am not sure if there are issues playing around with the "aspnet_"... tables that are setup for registration.
Any suggestions? I would like to use LINQ to SQL as well if possible but I see the default implementation is using
System.Web.Security.membership
You could also consider creating custom Membership Provider.
In terms of usability, you always want your registration to be as short as possible. It's a good habit to get into, even if the application that you are currently developing is not a commercial application. So the best way to design the front end would be to have as little information required from the visitor for registration and then have a separate "profile" page once they are logged in after registration is successful.
In terms of database design, keeping the profile in a separate table is once again recommended.
Once you've done this, you can either treat the profile information as just another set of information that the user can edit OR you can implement ProfileProvider. All you need to do is implement GetPropertyValues and SetPropertyValues.
public class MyProfileProvider : ProfileProvider
{
public override SettingsPropertyValueCollection GetPropertyValues(SettingsContext context, SettingsPropertyCollection collection)
{
}
public override void SetPropertyValues(SettingsContext context, SettingsPropertyValueCollection collection)
{
}
}