In Laravel Backpack.
I have 3 Models: Fair, Inscription, User
I have Fairs that celebrates every month.
I have Inscriptions of Companies to that are associated to that Fair
Each inscription has an associated User (also a Fair)
I wanted that in the List page the user can only see their Inscriptions, not all the inscriptions in all fairs
I wanted the user to see the list of the inscriptions to the fairs associated to them only
And so... also that they cannot see/modify other inscriptions associated to other users
How can I do this?
Sounds like you want to customize the query on the ListOperation - https://backpackforlaravel.com/docs/5.x/crud-operation-list-entries#custom-query-1
Please note that WHERE you customize the query is important:
customize it in setupListOperation() and it will apply to that operation only;
customize it in setup() and it will apply to all operations;
Related
I am trying to determine if a specified field role in my user's collection is the one being used within the app. I have simulated this rule like below image in the rules section:
I am trying to access the Admin field of the user collection in this image and check in the rules to allow creating a new product if the user is admin or superuser(can create admin users). Image below:
The rule simulation seems to fail, is there a proper way to access this field in security rules(see both images) or to set up the database properly? The fields were set in a form using radio buttons?
Overall desired task is to allow only certain sections of the app database to be accessed and/or manipulated by my users and also within the app itself, is there a way to query these fields and render the UI and interactions conditionally, to avoid the whole security rules thing?
The superuser is in the owner's collection, omitted for brevity and only one document in it.
Thanks.
Your rule is checking documents in your "projects" collection, but your screenshot is showing contents of doucments in the "users" collection. So, there is obviously a mismatch here.
If you want to allow access to a document using the contents of another document, you will need to get() the other document, then check it for the data you're looking for. An example of this is provided in the documentation. What you will need to do is get() the user document for the currently authenticated user, then check that document's role field. It will look something more like this:
get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role
If you go to business manager of facebook, then go to the "All Audiences", then under the "Audiences" tab, you will see a "Filters" button right beside the "Create Audience" button. Now my question is, which part the json data being provided by the facebook apis should I based the data that I should pull out based from these filters ?
- Recently Used
- In Active Adverts
- Action Needed
- Shared
Because unlike the "ready" and "not ready" status, those four filters that I mentioned are not straight forward where I can just look for the numbers from the returned json data. so how ?
Most likely, not all of this information is available through the API.
However, if you take a look at the following doc, you can see some reelvant fields that may help:
https://developers.facebook.com/docs/marketing-api/reference/custom-audience
Most likely you can use the field operation_status to look at whether an audience needs action.
For whether it's shared, take a look ad the edge adaccounts which will let you see the ad accounts this audience has been shared with.
For recently used, you'll probably have to look at the edge ads and review the status of the ads.
To save having to make multiple requests, you can take a look at field expansion in the Graph API, which will let you query for fields of objects in results using a single request:
https://developers.facebook.com/docs/graph-api/using-graph-api#fieldexpansion
I'm building a Moodle course for my students who are part of different batches. Each batch refers same lesson notes, but the Quiz and Assignment activities vary for each batch. The students are categorized into groups for the course and access to the activities is restricted. But the course page displays following message for restricted activities. :
"Not available unless: You belong to "
Is there any way to hide the activity as well as a message for restricted users.
You can hide the conditions by clicking on the 'eye' symbol beside the condition you want to hide:
https://docs.moodle.org/en/Restrict_access_settings#Hiding_the_conditions
You could use a hidden section and move the activity within, however the activity won't be accessible by the students in that case, expect if you're running Moodle 3.3. which is providing the new feature stealth mode: https://docs.moodle.org/33/en/Stealth_activities
Maybe it's what you are looking for?
I'm working on a Sitecore 8 Update 2 site.
I'm also using the web forms for marketers.
I've set up a login and register form using WFFM. I was able to link fields on the form with the fields of the user profile ( the one used in User Management )
However when i want to make a "Update Contact Details" i can't link the fields on the form with the profile fields as before. Now i have to select a "contact facet". I added one of these and WFFM picked up on this, so now i can link the field on the form with a facet.
The last link i'm missing is linking this facet ( stored in Analytics - MongoDB ) to the profile field.
Does anyone know how to achieve this ?
Bonus: This started off as a slighty different question, you can read more about this issue here:
How to update sitecore user with webforms for marketers ( Update Contact Details )
First you need to add the Create User Save Action and setup the email address as the username.
Then you need to add the User login Save Action straight after that. This is because the Update Contact Details Save action only applies to logged in users.
Then you can use the Update Contact Details Save Action. This action will create data in MongoDB under the logged in user name - so if you go to the Identifiers collection MongoDB a new entry will be created (See screen shot below).
So in short the aspnet_membership data and the MongoDB data is linked via the username in WFFM. In aspnet_users - UserName and in MongoDB by way of an identifier. You can't mix the MongoDB and aspnet_profile data they belong in two separate places.
So once you have created this user in WFFM you could call up their details using the analytics API using the identifier:
Tracker.Current.Session.Identify(username);
var personalInfo = Tracker.Current.Contact.GetFacet<IContactPersonalInfo>("Personal");
Hope that makes sense :)
I'm building a custom module in SugarCRM Community Edition, I have everything set up as i'd like (almost).
In my Module i have a checkbox marked 'Processed' what i'd like to achieve is that when this checkbox is marked, the users who are 'sales agents' and not 'admins' can no longer view this record.
They need to be able to have access to the record up until the point it's marked as processed. Is this possible?
Yes, look at /modules/Employees/views/view.list.php in listViewProcess() to see how the list view always filters out users based on the status value. You would do something similar for your module to filter out Processed. Then if you need to also ensure that they can't access the record directly make sure to take care of the edit/detail views as well. In both view.detail.php and view.edit.php (or in the module's controller) check for Processed being set and if so (and perhaps not an admin or some other user type) display a "This record is already processed" message and/or do a redirection.