I want a link that when you click on it, it will call a simple ajax query which updates a database entry. Normally this would be easy, but because authentication needs to happen before the query is executed, I need to be able to execute the Ajax Query AS THE CURRENTLY LOGGED IN USER. I.e. I need access to the $user variable and I don't want to create a new connection.
Does Drupal have native functions that can do this? Is there something I can use to do this?
You're going to want to create a module to handle this. Then, whatever function you call through the callback will have complete awareness of the logged in user.
Keep in mind that if someone makes a link that goes to your AJAX destination on their website, and can trick people into clicking it (or, for that matter, makes that link the src on an img tag), then weird things can happen to people's data without them meaning to.
I suggest the use of a token and checking that the token submitted as part of the link matches something to do with the user. Check drupal_get_token() for a good way to generate one.
Either create a menu item in a module implementing hook_menu() and specify a callback to a function handling this request - or use the Services module and create a new service module.
Related
I've been working on cakephp3 for a while now. I've always used Cakephp's Auth component for authorization and authentication purpose.
I follow the very conventional procedure every time, like loading the component, adding isAuthorized function in controllers and defining allowMethods etc.
But now what I want is to develop my own plugin for this purpose, just using Cake's Auth component. So that i can reuse the plugin in all my future projects, also i want it to be like plug and play. Like You enable it, add few settings and your User management is done.
I know that how migrations work so I can add users table via migration every time. (Just an idea)
The thing I don't get right now is how to make everything separate from the core app? Like everything is done via plugin and nothing is added to every controller of the app.
Hope I'm clear about what I want to achieve.
Update: I know there is a whole list of third party Auth plugins. But I want to develop my own so i just need the idea of how things work.
Any solutions to my problem would save my day.
I have a function in the back-end that relies on the property names of an object, which is sent using AJAX with AngularJS. Can a user alter the property names using a debug tool, therefore changing what I would normally expect in the back-end? I suppose doing that would also affect the entire app in general if it was possible.
I guess it's kind of like someone using a debug tool to change the name attribute on a form and then submitting it. So I was curious to know if it's something I should ever keep in mind for AngularJS. I hope that makes sense.
If user is smart enough, he or she can change mostly everything using developer tools browser brings. What is more, if back-end endpoint is known, it easy to mock custom request with custom data.
You should always validate request since everything what doesn't come directly from your code can lead to security break.
The big downside of Ajax is that its requests are easily debugged using dev tools and, if are not designed correctly, expose your internal structures.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am building a RESTful web service using Laravel and a single page application on the front end with Angluarjs. Now where should I place the Angularjs files? Should I place them in the public folder of the Laravel installation or should I keep them completely separate since the I would be issuing calls to the resources in the web service and it would return JSON data and hence there is no need for them to be in the same place. What is the standard or the best practice?
Now, for the second part. How should I manage my routes and resources in Laravel if I am building a simple Todo application. This is where I get really confused and it is a little hard to explain but stay with me for a minute. For example I have a users resource at /users and I can fetch all users by issuing a GET request at /users or create a new users by issuing a POST request at /users. Similarly I can issue a GET request at /users/1 and fetch the first user and so on with other request verbs. Now, I have another resource called tasks. How should I implement this resource? Should I implement it like nested resource say /users/{user_id}/tasks. When I issue a GET request at /users/1/tasks, it will fetch all the tasks for the first user. But now it gets complicated because if issue a GET request at /users/10/tasks/1, should it fetch the first task for the 10th user. But then the implementation of such a logic becomes very difficult as I have to look for the first task of the 10th user.
I figured a way around this by only setting a GET route at /users/{user_id}/tasks which will obviously return all the tasks for the specified user. And then I would create a completely different resource /tasks to handle all the other request verbs. Am I doing this right?
And also what if I am using a NoSQL DB like MongoDB, in which case the data will be stored in such a manner that /users/{user_id}/tasks/{task_id} will not be difficult to implement since the tasks of every user will be in their own JSON object.
Am I thinking in the right direction? I am newbie and I don't exactly know what is the standard way to approach such database architecture problems? What are the best practices?
Here is my suggestion.
Basically you need to divide your application into modules. Say for e.g. login, feature 1, feature 2 etc. Now you should have folder for each module where you can keep all the files related to it (controllers.js, services.js, index.html, style.css, filters.js and [name of module].js) THis way you separate all your code which makes it feasible to move your code.
You can define modules as:
(function () {
'use strict';
angular
.module('myapp.login', [
'myapp.login.controllers',
'myapp.login.services'
]);
}());
And you need to include this in the app.js, like this
angular
.module('myapp', [ 'ngRoute',
'ngResource',
'myapp.login'
])
This way you can add all your modules.
One more important folder that you would like to include is the common folder. Where you can include modules for all the reusable components that you might have in your application.
For testing you can have a separate test folder with (e2e and unit folders) inside it. I have been using cucumber for testing and I have created features folder where I create folders for each module in which I define features. Also you can create a folder named steps where you can have separate js files for each module.
On top of it you can have config file where you can create variables for all your api's so that you can control it from one place.
Hope this helps :)
Part I
This is upto you. If you don’t want to make the raw components publicly visible keep them in separate directories outside public directory.
Part II
My opinion is that you should create two resource URI - “/users” and “/tasks”. Treat them as many-to-many entities for future expansion. This way you may also have tasks assigned to multiple users. For example, “electricity bill payment”, shared between you and your partner.
To get all users issue GET request to “/users” with PARAM tasks=null. To get all users linked to a set of tasks, GET /users with PARAM tasks=<comma separated taskIds>. GET /users/{user_id} responds with user details and associated tasks. To create one or more user, POST to “/users”.
Similarly, to get all tasks issue GET request to “/tasks” with PARAM users=null. To get all tasks linked to a set of users, GET /tasks with PARAM users=<comma separated userIds>. GET /tasks/{task_id} will respond with task details and associated users. To add one or more tasks, POST to “/tasks”; optionally send users=<comma separated userIds> else assume current user on server side.
To make relations between existing tasks and users use PUT /tasks/{task_id} with PARAM users=<comma separated userIds>
Should I place them in the public folder of the Laravel installation or should I keep them completely
separate since the I would be issuing calls to the resources in the web service and it would return
JSON data and hence there is no need for them to be in the same place.
First, due to the Same Origin Policy, you should put Angularjs files in the public folder.
If you want to put it in another ip:port, then should use JSONP instead of JSON. (related)
Now, for the second part.
You're on the right path? It is a matter of opinion. Make experiments. And decide for yourself. As I see it, there is no best practices in matters of design depends on the use cases.
Either way, I think your approach is not right. You want to open the list of users? No! Another option would be to add a field to the task called "owner", and match the logged in user.
To remain RESTful, you can use a token or cookie to send the user information without a session.
I'm working on a really big project. The aspect I'm currently working on requires that email templates are sent to a user when they're added to a learning course by another user.
The controller that deals with the request, does a bunch of str_replace tasks to find variables in the text (which the user can edit before adding another user to the learning course) and then replaces it with some values in the DB.
I took over this project and I'm not happy with the way half the things are done but time costs dictate I rather just go along with it.
The email is sent using Cake's native email function. It uses a template to capture data and send to the user.
Here's the question:
Should I keep the logic in the controller or do you think it's safe to move it to the element view's .ctp file?
My first instinct is to leave it in the controller as per the usual MVC separation ideals.
Cheers
This is a very important question - what are you using exactly for the email? The old email component or the new CakeEmail class? Which CakePHP core version are you using?
Here are some plausible aproaches here. You can:
Set all those variables, pass them to the view and do all the "replacing" there.
Encapsulate this logic in a component, attach it to your controller(s) and use it.
Just leave it in a private function within the controller and call that function whenever needed. (not really MVC)
We are migrating our website to DotNetNuke and are looking to replicate the functionality of our survey page. Currently, on the bottom of every e-mail we send through our CRM system, there is a link to a satisfaction survey along with some parameters to pre-populate some of the fields. So the URL looks something like like:
/survey.aspx?ticketID=1234&userName=John+Doe
I found the custom module "helferlein_Form" which seems okay for actually creating the form that the user fills in, but I don't see a way to pre-populate the fields. DotNetNuke does let you insert tokens(ex: [Date:now], [User:username]), but I don't see a way to grab individual parameters from the URL. Is there something I'm missing that will let me do that?
I'm not familiar with that module either, but I would strongly recommend using Xmod for customized forms that allow you to easily grab url parameters.
I'm not sure about the module you reference.
However, in my experience Dynamic Forms from Data Springs would fit the bill perfect. It has the ability to pre-fill and even run custom SQL queries to get data.
You should definitely try our My Tokens module.
It allows you to access the URL parameters using [Get:ticketID] or [QueryString:tickedID]. You can also build SQL tokens that use these parameters to return a list of items for example to populate a dropdown.
Also try our Action Form module which integrates very nice with My Tokens.
If you have a module you like and want to use you can always write a little javascript to grab the variables out of the URL and pre-populate your form fields using javascript.