I am building a blog-style app where a user can edit and delete his own posts. When he "deletes" his post, a property in the post object is changed from published: true to published: false . I am not actually removing the post from the database. Now, I sitll want to allow this post to be viewable by the owner of the post if he navigates directly to the post by typing in URL (he may have it bookmarked, too), but I DO NOT want it to be viewable by anyone else, obviously.
I thought maybe page middleware is what I need to use here, but I am unsure how to approach it. Do I somehow check the boolean value of the post's published property in the middleware? If so, how? I know how I can check the user state via something like context.store.state.user.uid , but how would I write the logic to check for the published property? Do I need to do a firestore query?
Here's an example of a blog post's URL schema (contains post id):
mysite.com/users/XmdmZMZkzkRdpZ4oLX5u6MYA9B62/posts/hello-world-title-here
Note: IF there's a better way to approach this rather than using Middleware (maybe I am overthinking this goal) , let me know! Thanks.
Obviously you need to fetch the post somewhere in order to know the published boolean.
A middleware is a good idea if you want to redirects the user going to a post he doesn't have access to (or show the error page).
That requires that you fetch the post from here, and that you have access to the current user from the request.
const validatorMiddleware = async ({ req, error, store }) => {
const post = await axios.get('mypost')
const user = req.user // can come from a previous middleware
if (post.author.id !== user.id) {
error() // Show error page
}
store.commit('addPost', post)
}
export default validatorMiddleware
This is a possibility, then it depends on how you fetch your data etc.
Related
I'd like to create a new endpoint "/user/me" to call an action on my User controller called findMe(req, res). I'd like it to behave almost identically to the blueprint "/user/:id" which routes to findOne(req, res), except it will return the current user's data based on the logged in user's id (which is stored in req.session after login).
Is there an easy way to write findMe so it can pass the user ID to findOne and leave all the remaining request processing to the core sails findOne action?
I'm keen not to work with the findOne methods on User model directly but rather, use findOne on the User controller because it has added benefits, like honouring the ?polulate=... parameter, etc. That's said, tell me if this is a bad idea. I'm slightly concerned about the security implications - could s malicious user get to other users data via a forged /user/me request?
In other environments I've known this as server side redirects (different to client side redirects / 30x).
Thanks
Adam
You can totally access the blueprints from a controller. This is how you would do it if you store the user id inside the session as req.session.user.id:
// UserController.js
module.exports = {
me: function (req, res) {
req.params.id = req.session.user.id;
return sails.hooks.blueprints.middleware.findone(req, res);
}
};
However, this would not allow you to use other params such as populate.
I personally think you should implement your own action as it won't be really complicated and will be easier to secure the requests.
tl;dr: No, there isn't a way.
Calling publish_action using the JS SDK is actually pretty straightforward. However (from the little info I gleaned from reading the documentation), there's no way for me to query facebook to have it return the action instance ID for an object that I have already published... is there?
Example:
User A loads the page, and the page sends an FB.api call to /me/news.reads, which returns an action instance ID.
User A reloads the page, and the page again sends an FB.api call to /me/news.reads, but this time, the Graph API returns:
{
error: {
code: 3501,
message: 'blahblahblah... already associated... blah blah'
type: 'OAuthException'
}
}
Pretty standard stuff, and expected, since I turned off the ability to publish the same URL multiple times.
Now then, is there any way for me to retrieve a previously published action instance ID from the Graph API by passing in the URL, or is it up to me to handle the returned action instance ID (from the original publication attempt) and save it to a database? I was hoping I wouldn't have to do that...
No, there is no way to retrieve instances of published actions other than:
Accessing action by id:
http://graph.facebook.com/ACTION_ID
Accessing all instances published by specific user:
http://graph.facebook.com/USER_ID/NAMESPACE:ACTION (NAMESPACE:ACTION may be replaces by the name of one of built-in actions like news.reads, music.listend, etc.
If you want to access details of published actions connected/referencing specific object you'll need to save that data on your end for later usage.
I have built a Facebook app using OpenGraph that permits the users to write reviews on concerts, so that I've defined a concert_id attribute on which the user can insert a review.
Now I would like to show all the reviews inserted for a certain concert_id but cannot find a way. If I do (in JS)
FB.api('/me/MY_APP:action', { limit: 0}, function(response) {
console.log(response);
});
I get all items. This app has to be consumed by mobile, I think it is bad to get all items and, then, filtering only the concert_id i need. What do I have to do to apply a where condition in OpenGraph to a custom action?
As far as I can tell from the API and the Facebook developer pages, it's not possible to filter a call by custom action property using the public Open Graph API.
Two options I can think of:
Option 1:
Implement the category filter by creating custom category objects:
if "review" is a custom action and
GET https://graph.facebook.com/me/[name_space]:review
returns all review actions then
GET https://graph.facebook.com/me/[name_space]:review/scifi_movie
GET https://graph.facebook.com/me/[name_space]:review/action_movie
return actions specific to movie type, where scifi_movie and action_movie are custom objects. You would need to create one object type for each category.
Option 2:
Implement a custom action for each category, e.g.
review_scifi_movie
review_action_movie
These are not particularly elegant solutions but perhaps useful as a hack if nothing else works and you really don't want to do filtering on client side.
The Facebook API will not return individual published objects for a particular action, but that's not your only problem. By the look of it, you're trying to bring in ALL the reviews given for a concert, right? (Meaning those by other users too).
The "/me/" part of the Facebook API call will only return those published actions made by the user that is currently logged in. That won't work for you, as you want those of all your users
The only suggestion I can give is to create a simple web service, where you store all the reviews given for the various concerts. Use this service to pull in reviews given for a particular concert. (I use a similar methodology for reviews in an app of my own).
I dont understand javascript or opengraph..
But when I required in JAVA to fetch reviews made by any user I have used FQL for that and It retrived me all the reviews and FQL also used to fetch all the tables related to Facebook.
I don't think that you can pull that off with the JS SDK.
You can do that in your server though, and since this is a mobile app (or has a mobile version) then that's another good reason to remove this from the client responsibility.
In the server side you can ask facebook for the published actions as you posted, filter them and then return the response.
Another thing that you can do is to save each published action in your db (on each action post you should get an id back from facebook, just persist that) and then you can easily filter the published actions according to what ever criteria you want/need (since you are no longer restricted by the facebook api).
The open graph thing is still pretty new and not tat mature, for example you can't use FQL with it, something that could have been handy for your case.
Regardless though I think that a server solution is best for calculations when mobile is concerned.
i don't know exactly but try this
if (session.authResponse) {
FB.api('/me', {
fields: 'name, picture' // here mention your fields
},
function(response) {
if (!response.error) {
//here response value
});
I'm trying to figure out how to get the name of the Facebook user that left a comment in the Comment Social plugin using FB.Event.subscribe and the comment.create event.
I only see 2 properties on the response object:
response.href: URL of the page that the comment was left on
response.commentID: ID of the comment thread
Is it possible to implement client side code to get the name of the facebook user that left the comment? I'm trying to save an extra roundtrip for my server to make a call the graph API to get all the comments then try to figure out who the user was that left the most recent one. I thought that there might be a way to run an FQL query, but I'm at a loss here.
I figured this would be an obvious thing for the facebook event to expose, but their documentation is so poor I haven't been able to see anything.
Update: I've tried using FB.api as suggested by another user and using /me but I can't use that since hte user leaving the comment hasn't granted me any permissions. This was confusing because they logged in to post the comment in the comment box AND the user's name is public info if you go to the user's facebook page. So I need a way to query the commenting user's name without using /me in FB.api.
This method definitely works to get a name.. but there is a race condition issue if it is a thread that is getting a ton of comments, as the request to get the comments might not get sent before another comment is made:
FB.Event.subscribe('comment.create', function(comment) {
FB.api('comments', {'ids': comment.href}, function(res) {
var data = res[comment.href].data;
console.log(data.pop().from.name);
});
});
This works without the user authenticating your app as well.
After reading TMC's comment below I realized that it is not possible without permissions. If you want to this then you will have to ask every commenter to grant you basic permissions.
ORIGINAL ANSWER
You can use Facebook Javascript SDK function FB.api which works the same way as PHP SDK's api function but returns a JSON string. Have a look at this page for documentation. You might also like to have a look at Comment Object Documentation.
Comment has a property from which gives the id and name of the user.
I am using T4MVC to redirect to another action return RedirectToAction(MVC.MyController.MyAction());.
In result it is doing get request.
Is there any way to make post request from controller. I want to keep all the same but only make post instead get. I cant find any methods for that. I found one post helper here http://geekswithblogs.net/rakker/archive/2006/04/21/76044.aspx but i cant pass any values i need using this post helper. I was trying to pass values through TempData but they are not coming when i using this helper. May be some one have any ideas?
The reason i want to do this because when user come from one controller to another and then if user click update or just click enter in browser address bar, page will break.
Should i use session for that reason?
A RedirectToAction will always perform a GET, never a POST (it returns a HTTP 302 to the browser, which will then issue a GET request).
To persist data across the redirect, if it is data that can be easily represented as a string and stored in the query string, then you can just add it to the route values of the redirect.
e.g.
return RedirectToAction("Search", new { searchString = "whatever" });
If it is a complex type, then you will need to store it in TempData. A number of other questions on StackOverflow (such as this one) give details on how.
If repeatedly storing to and reading from TempData across your application offends your code-sense, then you can encapsulate this by using the PassParametersDuringRedirect attribute and generic RedirectToAction available in the MvcContrib project. Some details on this technique are available here.
only way of doing post is by having a form and doing submit on that form, either with a submit button or with javascript, any info you want passed to that action must be in that form and you will find everything posted in FormCollection(hope I spelled it right).