I'm developing an app using the low code platform SLINGR. I need to set permissions by the company an user belongs to.
What would be the best approach to implement this?
Any help would be greatly appreciated.
The best way to achieve this is by using permissions with a filter of type By user field. For example, you can create an entity called people with the following structure:
- user
- company
Then, in Application > Settings in the app builder, you have to configure this entity as the one used for extended fields (https://slingr-stack.github.io/platform/app_development_app_settings.html#user-extended-fields). Once you do that, you will be able to filter by the company of the current user. For example, let's suppose you have an entity called tasks with the following structure:
- number
- title
- company
- description
Then, in the permissions for this entity, you will add a filter by user field where the field tasks.company is equals to people.company. This way, users will only see tasks that belong to the company they also belong to.
Related
I am working on system that will manage orders. Orders can be created via admin or via customer. Employee can take orders and change it's status.
My system should have three global types of users:
Admin - this type of users mostly uses WEB interface. Admins have different access levels, so some of them can only create orders, and others - edit core info about pricing and so on.
Customer - this type of users uses customer's mobile app. Main action is to add and cancel orders.
Employee - this type of users uses employee's mobile app. Employees can see open orders, assign themselves to orders and change order statuses.
Also, Customer and Employee can be authorised with phone number, that can be changed at some time (independently of each other). Admins can be authorised with uname + pword.
Current solution has one table for Admins, one for Customers and one for Employees.
So first part of question is how to structure database properly?
The second part is about authorising in REST api. In current solution I have three endpoints, that are authireses usertype independently.
admins/auth
customers/auth
employees/auth
And my thoughts is to keep three tables as is, because each usertype is slightly different concept and really independent. And keep authorisation as is, but add something like roles and privileges to auth token to restrict access for some resources.
Could someone give me a link (github/gitlab) of a swift projet which show the possibility of managing Users on Parse.
For example , I would like for a user (who have 15 friends):
to create a group with 5 friends for example (the user could add a name for this group)
to delete if necessary the group
to send a message(textfield) to a group
to send a message (textfield) to a user
For the UI, I would like if it exists, to manager user like the Springboard (having the picture of user in round), and when you longpress on it, you have a cross to delete /and 'block sign' to block user.
And the user could drag/drop other user on his friend list to create a group (like on the Springboard when you create a group of app)
Thanks for helping me !
Have a nice day!
I've not come across such framework for parse/swift. I think you need to build it yourself.
This might help you in the direction:
Friend/de-friend people: https://stackoverflow.com/a/32557977/3314336 &
Parse Swift: User relations with a "friends request"
Send messages framework: https://github.com/slackhq/SlackTextViewController
What you're asking for is pretty general and extensive. You could use Roles and Relations to manage friend groups. You could have Group objects, give them an owner, and a relation for all the members of the group.
For chat, I'd recommend not trying to just build that directly into Parse. Twilio recently released their Programmable Chat feature, which is awesome. Sounds like it'd be beneficial for you to use that.
I am writing a custom Fiori to access sales data from an SAP ERP backend system using a Gateway.
The use case is "customer logs in launchpad, opens Fiori app and sees all his/hers sales items based on the customer id". The customer id is stored in kna1-kunnr and has to be included in a select on the vbak table in SAP. Nothing fancy.
Now I ask myself: how do I get the customer id / kunnr? What do I get at all from the currently logged in user? When debugging my Gateway project code, is it actually the name stored in sy-uname or can I get something better?
How should I continue to get the customer id / kunnr? Are there some function modules like GET_CUSTOMER_ID_OF_USER to call in the SAP ERP?
Or are the actually other / better ways to get the sales documets for one user?
Update
Thank you for your answers so far. I am going to check the default Fiori implementations to get some inside. But, since we are already here, I want to specify my question a little bit more:
Giving I create an OData model in my Component.js like that:
var oModel = new sap.ui.model.odata.ODataModel("[...]/sap/opu/odata/sap/Z_MYODATA_SRV/",
false, "user", "password" );
user and password are supposed to be the ones currently entered as user credentials in the Fiori Launchpad. How can I access those? Are there some SAPUI5 api like getCurrentUser or getCurrentSession ? Do I actually have to do this user check?
You are correct that to identify all of the sales orders for a customer you need to read them from VBAK (or use BAPI_SALESORDER_GETLIST, etc).
The relationship between logged in user and customer is not something that's the same in every SAP ECC system. You may find that the logged in user is the same as the customer number, but with a prefix - for example, logged in user C12345678 for customer 0012345678. Or there may be some other type of relationship that's store in a custom field on the customer master itself. The best option is to check with the person responsible for the configuration in Sales and Distribution. Only then can you know how to determine the customer for a logged in customer user.
Answering your question
Now I ask myself: how do I get the customer id / kunnr? What do I get at all from the currently logged in user?
It is done on backend with standard customizing, not via OData methods like you intend to do it.
Mikael gave you the rough idea, but didn't finished it so I will give a more comprehensive answer.
We need to differentiate between front-end and back-end authorizations, for Fiori app functioning you need to types of roles/authorizations:
The SAP Fiori roles that define which Fiori apps are displayed to the user
Launchpad authorizations
General OData authorizations
Trusted RFC back-end connectivity authorizations
Back-end authorizations and roles which contain authorizations to display the related business data
This concept is depicted on this figure:
The assignment of the front-end is described here and is out of scope now. Now we are focusing on bullet 2.
Every Fiori app has its role model and one should follow the implementation given in app description. Let's consider how it is done based on Sales Order creation app (F0018) sample:
OData service that returns business-data is SRA017_SALESORDER_CREATE_SRV, so to run it one needs frontend role SAP_SD_BCR_FIELDSALESREP_X1 and backend role SAP_SD_SO_CRE_APP
Also app description give us the following prerequisits:
Before implementing the Create Sales Order app, you must ensure the following:
That an employee master record is created with the following attributes:
If you have implemented SAP ERP HCM and maintained employees in the HCM personnel records, ensure that the employee personnel record has the infotype Communication, with a subtype of System User Name (SY-UNAME) (Infotype 0105, Subtype 0001).
If you have not implemented SAP ERP HCM, implement the Sales and Distribution configuration around Use Sales Employees with HR (Tcode: PULT). This IMG setting copies the appropriate HCM tables from the 000 Client and allows the setup of the employee record with the Infotype Communication and a Subtype of System User Name (SY-UNAME) (Infotype 0105, Subtype 0001).
It associates the USERID of the employee with the personnel number assigned as a partner function sales employee in the customer master.
After implementing the above customer SAP user id will be bound to his employee ID (PERNR), and his employee ID consequently will be bound to partner function in XD02.
And that's not all, what comes next?
THe following order parameters should be maintained in in SIMGH tcode in order customer to see his orders and can create the new ones.
Call transaction SIMGH to open the Create Sales Orders node and configure user information in Customizing activity Define Configuration Parameters using the parameters listed below. For more information, see the documentation available for the Customizing activity.
Document Type (DOCTYPE)
By default, the app uses the standard order document type (technical key TA resp. OR). Changing this to something other than a sales order may significantly impact the functionality of the application.
Order Period (ORDPERIOD)
This defines how many days into the past sales orders are retrieved. The suggested value is 30 days.
Search Period (SEAPERIOD)
This defines how many days into the past a search must look for sales orders that match the search criteria. The suggested value is 90 days.
Ship To Party (SHIP_TO/PARTNER_ROLE)
This defines which partner role in the customer master is used for the ship-to party. The suggested value is WE.
Forwarding Agent (FORWARDING_AGENT/PARTNER_ROLE)
This defines which partner role in the customer master is used for the forwarding agent. The suggested value is SP.
and even that's not all
App description gives the following BADIs to implement in order to enable such linking
Implement the following BAdIs:
Customer Association to Employee
You can use this BAdI to associate employees with specific customers.
Only after all the above steps the customer will be able to order and/or view his sales items.
The moral: always check the app description thoroughly because the role model varies per-app.
Have a look at the standard Fiori applications. For example, in Create Sales Order, there is a BADI provided to implement the relation you are looking for (but for an employee to a customer). In the standard setup, the partner functions of the customer master is used to map what customers are visible to an employee.
Most likely, you have a similar setup already in place if your customers actually have user accounts in your system. If could be as a parameter of the user or as a (custom?) partner role.
http://help.sap.com/saphelp_fiorierpx1_100/helpdata/en/6d/135652f9c21457e10000000a445394/content.htm
I have a question, is possible if i want to add a new object called 'Company' to Moodle?
My Moodle is provides for several Companies. Each company have their staffs. Staff permission is the same with normal user. The problem is 'Company'.
How could i define a new object Company to moodle. For example, i go 'my user profile' and see the information about My Company: ABC Company, and the administrator could manage all the Company (add, edit info, delete)
Thanks in advance
Tuan Anh.
If you just want a profile field called 'company', then that can be added as a custom profile field - http://docs.moodle.org/en/User_profile_fields
If you want to manage multiple, separate organisations via a single Moodle install, then you want to look at multi tenancy - there is no complete solution to this, but there are several approaches - http://www.synergy-learning.com/wp-content/uploads/2012/05/Multi-tenancy-in-Moodle.pdf is a good overview.
If you want Moodle + support for company hierarchies (and better reporting, etc), then you should consider Totara as an alternative - http://www.totaralms.com/
I read some articles and info in developer.apple.com about Core Data. Now I want to create ManagedObjectModel for my app. So I need to help - because it's first my planning about database. So my app will have next options
User must login with his Login and Password. So if he forget password, there is chance to create new pass by entering correct answer on secret question.
App will store contacts. Every contact have name, surname, photo, phones, and coollection of map annotations.
User can create some groups (like Family, Friends...)
So this app I create for understanding basics of objective-c and maybe there are no logic in my app.
Please check my entities, maybe I allowed blunder.
First entity Contact
id - number of contact.
image - I will store array there. So if image <200 Kb I insert it in database, if more I will save the path to this image
map - the dictionary of map annotations
name
phones - array of phone numbers
surname
Second entity Group
contacts - array that contain id of contacts, that belong to this group
id - number of group
title - it is the name of group (like Family, Friends...)
Third entity Login
groups - array that contain id of groups, that belong to this group
login
password
secret answer - answer to the secret question
secret question
Relationships
So each Login can have some groups, but each group will belong only to one Login. So I create "to-many relationship" for group relationship. So each group contain some contacts and contacts can be in some different gruops - I create many-to-many relationship.
About property "optional". I understand that if it's not check - this attribute or relationship have to be. So I remove this property for
"id" in Contact
"id" in Group
"login", "password" in Login
in relationship "toGroups" in Contact
in relationship "toLogin" in Group
About "Delete Rule". I want if I delete some Login all groups and contacts belong to this login must be delete. I can choose "Cascade" for relationship "group" in Login but it will delete only groups but not contacts. I cann't do such for relationship "toContact" because if I delete some Group it will delete contacts, but other Groups still can have this contacts. So maybe I must create attribute "contact" in Login that will be array of contacts, and create relationship to Contacts and if I delete Login all groups and contacts that belong to it, will be delete.
PS Sorry I am stil newbie and my question maybe funny for you, but I need help
A few things I noticed -
You have no need to use 'id' properties. Most databases plan on these for primary/foreign key management, but core data will manage this all for you provided you have the relationships set up. Also by this logic, you don't need properties to manually create that relationship (i.e. 'Contacts' in group and 'groups' in login
Are you sure you wants to be storing dictionaries and/or arrays in an entity? These sound like another standalone entity such as one for map annotations. Then you would build a one-to-many relationship from the original object to the new one.
Images stored as binary data are not the most efficient way to go about this. Its better to use the filesystem the app sandbox provides. Just saw a similar question the other day Storing images locally on an iOS device