how do i access the session variables in the pages in agile toolkit. i am using $this->getUser() but it is not working
In agile toolkit each object can register session variables. This is done to allow you to have multiple objects work indecently and not conflict.
Basic functions are:
$o->memorize('handle',123);
$o->recall('handle');
$o->forget('handle');
If you intentionally wish to share data, then you can use
$o->api->memorize('my_global_var',123);
Since you mentioned about User ID, then authorization object handles its own variables. Similarly it uses memorize/recall to manipulate auth data settings, but you can get the information like this:
$user_id = $o->api->auth->get('id');
When $auth->check() is performed, all fields returning by the query are saved. If you wish to add more fields, then perform
$auth->dq->field('extrainfo');
and this field will be selected by DSQL and stored in session too for further retrieval by $auth->get('extrainfo')
To create getUser function, typically you would define this in API:
function getUser(){
return $this->add('Model_User')->loadData($this->auth->get('id'));
}
and use $this->api->getUser() to retrieve the data.
Related
I am having a problem in ReactJS. I want to create a text editor ( with ReactQuill). So, I want different accounts for each user, such that, if one person creates a note and edits it in his account, the other person should not see this.for example this is my current stage - https://wright-text.web.app. After you create your account and login you would see a note called first note because that's the note I created. What should I do so that when you login you see no notes because you have not created a note, but when I login, I should see the note I had already created. How would I do this ??
You need to add a scope to notes endpoint so that user could only GET notes, which they have created.
You need to add query parameters in the API you are fetching. For example, if you are fetching data via a GET request, add in some specific user id that you assign to your user upon validation and then fetch data of a particular user using that id as a query parameter on your API.
I'm developing SPA using ASP.NET Core and ReactJS.
In some places of application users have an opportunity to create comments, that will be shown everyone. So I have string inputs in controllers, and I save data 'as is' in database.
I've added attribute [Produces("application/json")] for each controller - to return json as results (I don't use server-side render).
My question: should I additionally encode input data (before saving in DB or before sending to user) - or this attribute automatically encodes all strings (before sending to user) and I won't have any chance have XSS attack in my application?
Thanks.
As the docs specify
A filter that specifies the expected Type the action will return and
the supported response content types. The ContentTypes value is used
to set ContentTypes
The Produces attribute will only define what the action/method will produce, it will not encode any input string
Using the AuthComponent in CakePHP 3, you can access the currently logged in user in a Controller using $this->Auth->user(). However, this method returns only an array, not a User Entity.
In many places, I have to work with the User Entity of the logged in user, but have to query the UsersTable manually after getting the id from the AuthComponent, which seems quite silly, as the AuthComponent fetches a hydrated User Entity anyway and flattens it to an array. So the User Entity is fetched twice.
Is there a way to get the hydrated User Entity from the AuthComponent instead of an array?
$authUser = $this->Auth->user('id');
if($authUser !== null) {
$authUser = $users->get($authUser);
}
The main reason entities are not stored in the sessions is because there is no guarantee that the auth data is an actual database user. For example, you may be authenticating some credentials from an external system, such as a single sign on in a remote server.
Another reason is that user info can be expected to change from request to request and doing a db lookup on each request is less than ideal.
Finally, people could think that by changing the data in the session entity they would be modifying the user (or modifying the data in the table would refresh the session).
I would suggest just converting your array data to an entity using new User($data) whenever you need an entity.
In Codeigniter, the function session->userdata($item) is used to retrieve session data and the definition of this function in Session class is :
function userdata($item)
{
return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];
}
Now the problem is this:
Each time a script is executed, a session object is created and the retrieved data is persistent untill end of the script. So if another script for example update session values, new values will be stored in DB, but retrieved data in other session objects are not updated and it makes an obvious inconsistency and inaccuracy in data.
I think it can be a serious problem in many cases.
Is it right or I'm misunderstanding something here? And if
IN codeigniter session object is created during the class initialization and userdata(session values) are updated every time user makes request. You can view whole session object via below piece of code:
print_r($this->session);
This will show you the complete session object with all necessary configurations you have set in your config file for session related variables like:
sess_encrypt_cookie, sess_use_database,sess_expiration ..etc
plus your current session user data. Now when you make next request session values are overridden by the new one or old values are just replaced by the new one. So there is no chance of data duplicacy or inconsistancy. It is recommended to use session table whenever you are saving large amount of data in session.
I'm trying to get an Associated Model (E.g. groups and associated users) from a store with:
Ext.each(this.getView().getSelection()[0].getAssociatedData().users,function(element){
var theuser = myStore.getById(element.id);
theuser.set('deactivated','true');
}
This works for the first 25 Users (id 1-25) however the store is filtered through a pagination plugin. In reason of the filtering with offset and limit the requested id isn't in the local store.
any idea on how to force the store to get the model from remote in case the id isn't available in the local cache?
Or is it anyhow possible to use the data from getAssociatedData, change something and write the record back through the writer proxy?
thx, I really appreciate your help!
The store's getById() method will only return the locally-available records.
If you want to retrieve a model, and you know the id already, you can simply do <model class>.load(id). (If the model is unknown, you can do myStore.getModel().load(id)
Note that the load method returns immediately, but it returns a stub - you'll want to use a callback to process the change to the deactivated field.
In ExtJS5, the Session support will help ensure that the models referred to in both the association store and your myStore object refer to the same model instance.