i am designing a database where users can update status messages of theirs and they can create pages groups like facebook fan page and post status like the admin of the page and not as a user.
user(id, name..)
group(id, name...)
group_admin(group_id, user_id)
this is my set up. Is this the way to do it.
How to post under the group as an admin. will i need to make a check to every user if he is the admin or not ?
well you could say that when a user posts messages on a page group, on witch they're registered as admin, then the message is posted as page group admin, otherwise it's posted as user.
Related
I understand Wagtail is a CMS. Per my test so far, only the admin has permission to publish an article/content. I checked out "puput" and a few others as listed here. I wonder is there a way to allow normal user registration, login, publishing? Something similar to Medium, where the normal user, or say the community, can contribute to the content generation.
I thought there might be a toggle or switch to enable this. But I didn't find it. I'm looking for a way that is either a package or a plugin or similar. Not coding from scratch. Ideally within Wagtail CMS, but other frameworks based on Django should also be fine.
Thanks.
Wagtail provides two user groups:
Editors: user within this group can create page and submit it to moderation
Moderators: user within this group can publish pages that have been submitted to moderation.
To update groups for a given user, go the the django admin interface with admin credentails, usually the url is your-domain/admin
Then go to Users under Authentication and Authorization category
Then get into the user you want to allow posting pages,
Scroll down until Permissions category and moove groups Editors and Moderators from Available groups to Chosen groups as follow:
Then save new settings.
so this is my first question here in stackoverflow, i always find the answer by looking here... so.
I have this issue, I have a Model named Company, which can have many users, which would be the "best approach" to create and activate a user account within this newly created Company.
Here is the process i am following:
Platform Admin creates a company, the company serves as a grouping account in which i will have a number of users, but i need to send an Email after company creation to the Company admin in order to have him create his account so that he can manage the other company users, this email needs to have a hash so that it has some kind of reference to the company (avoiding the company selection in the form).
Im using Rails 4.2.6 and Angular 1.5
so im stuck after the company creation form.
In an email send the angular route url which got the company hash that just created. When admin user clicks on that link your angular route gets called and then before it render the view , i mean use resolve in angularjs route, get the list of all the user and company that just got created where admin user can select user that he or she want to activate.
I want that users be able to upload info, this info will be show on a product list but it will only be posted if the admins approve it.
The user may need to register or not, the contact info will be on the info they upload.
Do i need to storage the info on a different database? can i do this with the wordpress registration?
You can use wordpress database table user to store data, set post_status as 'pending', so that admin can check and can change its status to 'publish'
You can create custom template page, then insert user data in post table using custom query or
wp_insert_post() function.
Hope this helps.
Cheers!!!!
I am exposing a page with a standardcontroller="account" to a force.com site facing the public. This page displays account specific data to the clients. Now when a customer logs in to my website I want him to have access to his account's data and only his account data. Here is the problem; the url for a page with a standardcontroller has a Id field, such as "https//www.myforcesite.force.com/AccountViewPage?Id=a82347dod". If a user changes a few keys on the Id, it is very easy for him to access other people's account page and bypass the login process. How can I prevent that.
I opened a ticket with salesforce but they told me its working as intended. I don't think a vulnerability to a trivial brute force attack should be intended so I want to know if there are any fixes?
Create one StandardController extension and check if the logged user in your website has the permission to view that account.
http://www.salesforce.com/us/developer/docs/pages/Content/apex_pages_standardcontroller.htm
What you are looking for is URL rewriting for force.com site.
For example, let's say that you have a blog site. Without URL rewriting, a blog entry's URL might look like this: http://myblog.force.com/posts?id=003D000000Q0PcN
With URL rewriting, your users can access blog posts by date and
title, say, instead of by record ID. The URL for one of your New
Year's Eve posts might be:
http://myblog.force.com/posts/2009/12/31/auld-lang-syne
i want to create a user account using asp page in which only one user can login their account ,if that page is currently logged then no one can log in that page after log out only another user can log in that account
This may give you glimps, in database you may add a table UserLogin with two fields UserId, IsLogin. While loggin in any user check for islogin status if it returns true then dont allow user to login. If returns false then allow user to get login. After successful login switch islogin state true.
Hope I have understand your question.
Darshan Joshi's answer is one way to do it, and if you have a simple enough application it may be sufficient.
Depending on the specifics of your application, you might want to think about different angles.
For example: If more than one distinct page needs to only take one user at a time, I would think about creating a new table with a record for each of these pages. This way, you can set a page as logged-in/in-use using the user's unique ID when someone logs in or access the page. When the user logs out/leaves the page (or if their ASP Session expires- users do not always log out cleanly!) you can "unlock" the page again. Not only that, you might reduce database load by searching specifically for the page record rather than any user with a logged-in flag.