I was wondering which you think is the best way to implement a "last login", saving on a table the date and showing it to the user when he logins on the system.
How about simply adding a last_login field to your users model -and mysql table-, so you can easily get and update
Just like in the bottom of this page:
http://agiletoolkit.org/learn/install/auth
Related
I have two related tables, "Distributions" and "DistributionCities", both with primary keys, designed this way so there can be multiple cities per DistributionID.
My question is, it's not uncommon for certain DistributionID's to cover every city. Is there a way to automate this so that users don't have to select each in my city child subform individually? I imagine a user clicking a "Select all cities" option in lieu of the subform, at which point a new DistributionCityID is created for each city with that particular DistributionID. I hope that makes sense. Caveat that I'm still an amateur with Access.
Thanks in advance.
By "ok" I mean a safe, practical, generally acceptable way to go about achieving the following:
I am constructing a web tool in which every entry in a Postgres table and their fields are viewable by users. The entire table is visible, essentially. Users also have access to edit the fields of entries they create. In addition, administrators should have access to define certain aspects of each field, so users understand what they should enter as a value. For instance, the "description" of the field "name" would be "Enter your name."
So, would it be ok to add a "description" field to the information_schema.columns table in my Postgres database which administrators will have web access to edit, or is this a poor route to take? If it is poor, what would be an acceptable alternative?
The information schema consists of a set of views, and is therefore not a physical table that can be edited. Read the first paragraph of the documentation. You should simply add a column 'description' to each table that only admins can update.
Is it possible to restrict access to records that are owned by a user by filtering out recors with a certain criteria?
For example, I have Contacts set to private and I want to hide certain contact records that have a specific field value (criteria based sharing rule). This works fine for other sales users that don't own the record, but I need to remove visibility to these records from the actual owner of the record. Is that possible or a way to accomplish that?
Thanks for any help.
You could change the owner of the Contact record to a placeholder user. Then the same mechanism the prevents other users from seeing the Contact will hide the record as well.
If required, you could also create a lookup field to track the relationship to the user who can no longer access the record.
Separately, there is a dedicated salesforce.stackexchange.com site for asking Salesforce related questions.
PROBLEM
User authenticated into the application
Simple database schema: User ---> Document ---> Item
API to access to Document Items
If the logged user knows the id of items that belong to some other user, he can access to it.
I would like to prevent this behavior.
SOLUTION
The first solution I found is to add a userid field to every records in every table to check at every query if the record belong to the logged user.
This is a good solution? Do you know some better design pattern to prevent the user to access other users' data?
Thanks
If the documents belong to a user, adjust your queries so that only items that belong to the user's documents are retrieved. No need to add userIDs to the items themselves.
If you need to expose IDs to the users, make those IDs GUIDs, instead of consecutive numbers. While not a perfect solution, it makes it much harder to guess the IDs of other users' items,
If you're using Oracle, there's VPD, Virtual Private Database. You can use that to restrict access for users.
I was wondering how to set up a database for storing actions people recently done when they travel. For example, if they go to a museum, the database will store this text "Bob went to this museum" and store the user id and timestamp. I was wondering if these events should be stored in just one table, and if I want the events of a single person I will just query this table with a user id.
On a similar note I want to store 50 users the user has "recently met" meaning the last 50 users the userhas been around in their travels. I was thinking this could be stored in one table as well, with just user IDs being paired with no duplicates. I'm just afraid the table might get too big.
Any suggestions on table set up?
Thanks
Personally I would go with an ER structure like this: