Using sails 1.2.4 on Ubuntu 18.04. I tried adding customToJSON before and after the attributes in model User, but when I serve the user object to a page, password still shows up. When I serve the user object, I don't want password or isSuperAdmin to appear.
Here is the end of my User.js model script:
}, // end attributes
customToJSON: function() {
return _.omit(this, ['password', 'isSuperAdmin'])
},
}; //end module exports
I may just be omitting something dumb, but if so please let me know.
thx
Related
I've got Backpack for Laravel installed and have been using it for some time as an admin back end on a project. I'm also using the spatie/permission module (might come with Backpack, can't remember) to create users for the front end.
Currently, all users are able to access both front end and back end regardless of the group they belong to. I'd like to change that so that only members in an "admin" group are able to access the back end. I've followed the instructions here for separating front end and back end sessions but that's not really what I want as all users are still able to access both sites of the project.
I'm guessing I need to add a guard to the CRUD routes but I'm finding it to be much harder than it should be. Any pointers on how to do this would be greatly appreciated. TIA.
You can create a new middleware and use it in your routes group for admin routes.
To create a new middleware use the php artisan command like so: (you can name the new middleware what ever you want:
php artisan make:middleware RequireAdminRole
Now, inside your new middleware, on the handle function you can have something like this that returns a 403 Forbidden error message:
public function handle($request, Closure $next)
{
$user = auth()->user();
if (!$user) return $next($request);
if (!$user->hasRole('Admin'))
{
// if your sessions are decoupled from the frontend
// you can even logout the user like so:
// auth()->logout();
abort(403, 'Access denied');
}
return $next($request);
}
Here we are using the hasRole method, but there are more that you can use. See the spatie/laravel-permissions documentation for more info.
Now, let's assign this middleware a 'name' so we can use it in our route groups for the admin. Inside the App\Kernel.php file, in the end, inside the $routeMiddleware array add it and give it a new, for example:
'isadmin' => \App\Http\Middleware\RequireAdminRole::class,
And finally, you can add this middleware to your admin routes group (which should be in custom.php file if you're using latest backpack 3.4 version) :
Route::group([
'prefix' => 'admin',
'middleware' => ['web', 'isadmin', config('backpack.base.middleware_key', 'admin')],
'namespace' => 'App\Http\Controllers\Admin',
], function () {
// your routes are here
});
Now all your requests to the admin routes should be protected by the user role check.
Please let us know how it went for you, and if you encountered any issues.
Best regards,
~Cristian
I'm adding custom data to Meteor user accounts for the first time. I've been able to add custom fields without difficulty and I know they're there because I can see them in Mongol. I am publishing via a global subscription so how do I then go about reading data from individual fields? It seems the syntax is very different from that when using publish/subscribe methods.
So, I have user accounts like this (as seen in Mongol):
"_id": "#################",
"profile": {
"name": "Test User"
},
"customfields": {
"customfield1": [
"A","B","C"
]
}
}
In server/main.js I have the following
Meteor.publish(null, function() {
return Meteor.users.find(this.userId, {fields:{customfields:1}});
});
This seems to be publishing fine. But what code do I use to render the cursor as data? I've been using variations on code like this in client/main.js and having no success:
var stuff = Meteor.users.find(this.userId).fetch();
console.log(stuff.customfield1);
Any help appreciated.
MyCollection.find() returns a cursor whereas MyCollection.findOne() returns an object, i.e. a single mongodb document.
A publication must return a cursor or array of cursors. You publication is fine.
You are basically trying to make the customfields key of the user object visible on the client. (The profile key is automatically published by Meteor).
On the client, where you are doing:
var stuff = Meteor.users.find(this.userId).fetch();
You can simply use:
var stuff = Meteor.user();
or
var stuff = Meteor.users.findOne(Meteor.userId());
Then stuff.customfields will contain what you're looking for.
The second form is way too verbose for me unless you're looking for a different user than the logged in user.
Note: this.userId on the client will not be the userId of the current user, it will be undefined. That only works on the server. That may actually be the root cause of your problem. In addition, your publications must be ready() for the data to be available. This isn't true immediately after login for example.
Since customfield1 is nested in customfields, did you try stuff.customfields.customfield1?
I'm using accounts-password package to manage my user accounts. I tried 2 ways to create account using Accounts.createUser() function.
1st way: Calling Accounts.createUser() from the client
register.js:
Template.register.events({
"submit form"(event){
event.preventDefault();
const email = event.target.email.value;
const password = event.target.password.value;
Accounts.createUser({
email: email,
password: password
});
}
});
2nd way: Calling Accounts.createUser() from the server method and calling that method from the client. Got the hint after going through: Meteor: Accounts.createUser() doesn't create user
register.js:
Template.register.events({
"submit form"(event){
event.preventDefault();
const email = event.target.email.value;
const password = event.target.password.value;
Meteor.call('createNewUser', email, password);
}
});
methods.js:(on server)
Meteor.methods({
'createNewUser'(email, password){
Accounts.createUser({
email: email,
password: password
});
}
});
In both the cases, no new collection is created in MongoDB. Neither is any old collection updated. My connection strings are proper. Why is this happening?
However, when I use the following on the server, a document is created:
Accounts.users = new Mongo.Collection("profiles", {
_preventAutopublish: true, _driver: dbConn
});
Meteor.users = Accounts.users;
I don't know why a new collection has to be created for this to work. Isn't accounts-password package supposed to create a collection by itself?
if you are just keen on getting a basic version up and running try adding the default {{>loginButtons}} to your html. This will also make sure the javascript is executed as it should be. Building the js manually only makes sense if you need more customizability.
Have you added the accounts-base package? Accounts.createUser comes from this package. (docs)
In the linked example you gave, the OP had set forbidClientAccountCreation: true in the Accounts.config(). That prevents the Accounts.createUser function from working on the client (which is useful in applications where users need an invitation to register). That is why the answers recommended to create the user account server side and isn't applicable to your application.
As a side note, in your second example you are passing an unencrypted password from the client to the server which is considered dangerous.
You can encrypt it before sending it to the server method like so:
const password = Accounts._hashPassword( event.target.password.value );
_driver: dbConn
That line is really concerning. Are you trying to manage your own database connection?
There's nothing wrong with the code you wrote, it's not your problem. Accounts.createUser is the correct method to call.
If you need to use a different database than the one initialized by default by running the meteor command from terminal, look at the documentation on using MONGO_URL.
I have written the following code in my client side js:
var resolutionsQ;
Template.body.onCreated(function bodyOnCreated() {
resolutionsQ = new Mongo.Collection("res");
});
Template.body.helpers({
resolutions: function() {
var res = resolutionsQ.find({});
console.log(res);
return resolutionsQ.find({});
}
});
Then in my project folder(in terminal), i wrote:
meteor mongo
After the mongo db console started, I worte:
db.res.insert({title: "hello #1", createdAt: new Date()});
This also worked.
When I wrote this, my frontend application showed everything as expected. Then I shut down my computer, and after sometime switched it on again and tried to run my meteor application. Now I see nothing, I get no error either in server console or browser's console. I don't know what went wrong then.
Please help.
You've created a client-side collection by defining the collection only in client code. A collection needs to be defined on both the server and the client in order to persist documents to the database.
The quick solution is to create a shared file like lib/collections/resolutions.js which will contain:
Resolutions = new Mongo.Collection("resolutions");
Using the new-style imports mechanism, you would create a file like imports/api/resolutions/resolutions.js which will contain:
import { Mongo } from 'meteor/mongo';
export const Todos = new TodosCollection('Todos');
See this section of the guide for more details.
So I'm messing around with SailsJS to try to get an API up and running real fast. I haven't setup a data store yet (will probably use mongodb) but I saw that there is what I'm assuming is like a SQLite database or something. So I generated a model and controller for a User. So in the browser I hit user/create. I see createdAt and updatedAt but no Id. Do I need a real datastore to see an ID? Is this still something you get for free?
Adapter
// Configure installed adapters
// If you define an attribute in your model definition,
// it will override anything from this global config.
module.exports.adapters = {
// If you leave the adapter config unspecified
// in a model definition, 'default' will be used.
'default': 'disk',
// In-memory adapter for DEVELOPMENT ONLY
// (data is NOT preserved when the server shuts down)
memory: {
module: 'sails-dirty',
inMemory: true
},
// Persistent adapter for DEVELOPMENT ONLY
// (data IS preserved when the server shuts down)
// PLEASE NOTE: disk adapter not compatible with node v0.10.0 currently
// because of limitations in node-dirty
// See https://github.com/felixge/node-dirty/issues/34
disk: {
module: 'sails-dirty',
filePath: './.tmp/dirty.db',
inMemory: false
},
// MySQL is the world's most popular relational database.
// Learn more: http://en.wikipedia.org/wiki/MySQL
mysql: {
module : 'sails-mysql',
host : 'YOUR_MYSQL_SERVER_HOSTNAME_OR_IP_ADDRESS',
user : 'YOUR_MYSQL_USER',
password : 'YOUR_MYSQL_PASSWORD',
database : 'YOUR_MYSQL_DB'
}
};
Model
/*---------------------
:: User
-> model
---------------------*/
module.exports = {
attributes: {
firstName: 'STRING',
lastName: 'STRING'
}
};
Do .../user/findAll to list all the users. Each user should have an 'id' property, e.g.
{
"username":"admin",
"password":"$2a$10$SP/hWtlJINkMgkAuAc9bxO1iWsvVcglwEU4ctGCiYpx.7ykaFWt56",
"createdAt":"2013-07-12T17:36:29.852Z",
"updatedAt":"2013-07-12T17:36:29.852Z",
"id":1
}
they removes findAll you can simply use find instad
u can also request like this http://example.de/Model/create?firstname=Foo&lastname=bar
I have checkout this by switching between different DB in a same sails application and its working absolutely fine.
So In this case you can add a property of autoPK to your model and setting it to true like following:
module.exports = {
attribute:{
//your model attributes with validations.
},
autoPK:true
}
If this doesn't works for you then I think there is something wrong with your copy of sails you installed on your system.
Please try to install the newer version (v0.9.8) of sails using npm or try to update your package.json with newer version (v0.9.8) details and excute npm install.