I am trying to determine if a specified field role in my user's collection is the one being used within the app. I have simulated this rule like below image in the rules section:
I am trying to access the Admin field of the user collection in this image and check in the rules to allow creating a new product if the user is admin or superuser(can create admin users). Image below:
The rule simulation seems to fail, is there a proper way to access this field in security rules(see both images) or to set up the database properly? The fields were set in a form using radio buttons?
Overall desired task is to allow only certain sections of the app database to be accessed and/or manipulated by my users and also within the app itself, is there a way to query these fields and render the UI and interactions conditionally, to avoid the whole security rules thing?
The superuser is in the owner's collection, omitted for brevity and only one document in it.
Thanks.
Your rule is checking documents in your "projects" collection, but your screenshot is showing contents of doucments in the "users" collection. So, there is obviously a mismatch here.
If you want to allow access to a document using the contents of another document, you will need to get() the other document, then check it for the data you're looking for. An example of this is provided in the documentation. What you will need to do is get() the user document for the currently authenticated user, then check that document's role field. It will look something more like this:
get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role
Related
I would like to check if the current BE user has access to a specific field, e.g. pages.canonical_link or tt_content.header_link.
I can see how this can be done by checking for the permissions of current user to edit the page or content by using e.g. $GLOBALS['BE_USER']->getPagePermsClause(Permission::CONTENT_EDIT). Also it can be checked if user has write access to table by accessing via $GLOBALS['BE_USER']->groupData['tables_modify'] or to the field by checking if the field is an exclude field and checking groupData['non_exclude_fields'].
But groupData is public but internal (so this generates warnings) and I am wondering if maybe I am missing some more general public API to do this. Also, I am not sure if I am missing some things: There are a lot of ways you can configure the access, such as editlock for the page, you can restrict access to edit fields for specific language, etc. etc.
I am trying to use PeerJS library to implement audio calling. I want the user to be able to call specific user based on his peerId. The only way I could come up with is to store the current logged in peerId in his document in the database.
My question is, how can I add new field to the Meteor.user() document?
The user database is accessible via Meteor.users as specified in the docs. Further reading in the guide explains that any field can be added to a user document, so you could just set up your own object at root document level to store peer connection info. The accounts package is set up so that the profile field of the user document can be updated from the client by the logged-in user, unless a deny access rule has been set up. So, you could do what you're asking with something like:
Meteor.users.update(Meteor.userId(), { $set: { 'profile.peerId': desiredPeerId } })
I'm working on a Sitecore 8 Update 2 site.
I'm also using the web forms for marketers.
I've set up a login and register form using WFFM. I was able to link fields on the form with the fields of the user profile ( the one used in User Management )
However when i want to make a "Update Contact Details" i can't link the fields on the form with the profile fields as before. Now i have to select a "contact facet". I added one of these and WFFM picked up on this, so now i can link the field on the form with a facet.
The last link i'm missing is linking this facet ( stored in Analytics - MongoDB ) to the profile field.
Does anyone know how to achieve this ?
Bonus: This started off as a slighty different question, you can read more about this issue here:
How to update sitecore user with webforms for marketers ( Update Contact Details )
First you need to add the Create User Save Action and setup the email address as the username.
Then you need to add the User login Save Action straight after that. This is because the Update Contact Details Save action only applies to logged in users.
Then you can use the Update Contact Details Save Action. This action will create data in MongoDB under the logged in user name - so if you go to the Identifiers collection MongoDB a new entry will be created (See screen shot below).
So in short the aspnet_membership data and the MongoDB data is linked via the username in WFFM. In aspnet_users - UserName and in MongoDB by way of an identifier. You can't mix the MongoDB and aspnet_profile data they belong in two separate places.
So once you have created this user in WFFM you could call up their details using the analytics API using the identifier:
Tracker.Current.Session.Identify(username);
var personalInfo = Tracker.Current.Contact.GetFacet<IContactPersonalInfo>("Personal");
Hope that makes sense :)
I am using web2py forms and i want to have some fields only visible to user (as fixed which cannot be edited). I tried making various combinations of editable, writeable, readonly but was of no use. I looked into web2py book too but that also seems insufficient. It would be great if someone can tell me how to do this.
You mean some fields visible to all visitors and some fields visible only if logged in?
If that's the case, then build your form conditionally:
form_fields = [
Field('pubfield'),
Field('pubfield2')
]
if auth.user: # This is true if the end-user is logged in and you're using the built-in auth
form_fields.append(Field('private_field'))
return dict(form=FORM(form_fields))
Unless you're not talking about logged in users, and just want to make the fields be visible, but not editable. Then, use writable=False like you tried, but I think you have to either use crud.create/crud.update or SQLFORM / SQLFORM.factory (the latter does not require a data model)
SQLFORM.factory(Field('my_readable_field', writable=False))
If you the form is based off of a database, you can use CRUD (you'll need to modify the settings for CRUD if you're not using authentication, so that CRUD forms are accessible)
crud.create(db.some_table)
or
SQLFORM(db.some_table)
how to set read only properties to the particular info path form control based on user logged in?
Your best option (assuming you are using managed code) is to get the user name with either Application.User.UserName or HttpContext.Current.User.Identity and then call IsInRole (I believe it is a member of the WindowsPrincipal class).
Save the result into the value of a field and you can then use the standard conditional formatting to lock the fields you don't want the users changing. I also usually conditionally change the look of those readonly fields (grey background fill etc) so the users don't get confused and think they can edit.