I am trying to create private channel programmatically in Discuss Odoo12 but while creating it is giving me error that: The requested operation cant be completed due to security restrictions.
Then I tried like:
self.env['mail.channel'].sudo().create({})
Then it is creating private channel as a superuser
But problem is that when I log in into my account I am unable to view that private channels because those were created by superuser.
How to display them or how to create private channel without sudo()?
Yes because there is a record rule that prevent user from creating channel that they are not member of it. So when you create it you need to include the partner of your user in channel members.
self.env['mail.channel'].create({'name': 'Name of Channel',
'public': 'private',
'email_send': False,
# The user must join the group
'channel_partner_ids': [(4, self.env.user.partner_id.id)]})
ir.rules are not applied on super user this why he can create a private group that he is not
one of its members.
Related
My customer has created roles with the names of the company's business divisions and sub-divisions. He wants to take the role the creating user is in, along with the next level up Role and populate that into two fields on the opportunity, to then use those two fields. (ROLE and SUB-ROLE) as Dashboard filters. Since the role is in the setup section and is also not a field on the user record, I'm assuming some type of Apex Trigger or Flow would be needed to take the role names of the creating user and then insert them?
They are new to Salesforce.. they have not tried anything yet.
I want to create authentication apis in Hasura. My user can have differrent roles when signing up. Thinking of maintaining an Enum table for the same. So that I can have a foreign key/type from it in the user table. However, I intend to create a postgress trigger on this enum table, such that everytime, new role is added, a new hasura role should also be created to allow for JWT authentication and authorization accordingly.
Where does hasura stores its Hasrua role.
Answer 1 (direct answer)
Not sure this is something the app developer should edit.
All Hasura metadata (including roles/permissions) is in Postgres.
The schema is "hdb_catalog". The table is "hdb_metadata".
You can query this using:
SELECT * FROM "hdb_catalog"."hdb_metadata" WHERE id = 1;
It contains a large JSON document. It's better to look at it using PGAdmin.
Answer 2 (dynamic roles)
It looks like you're trying to get dynamic roles in place.
There is a great Youtube video that explains how to model it:
https://youtu.be/-18zZO3DrLY?t=1370
I'm having troubles finding a way to hide user emails from everyone, except the owner (user has access to only his email). Is there a way to hide a certain document field, for a certain roles?
Here is an example I found that creates a role with dynamic access to the whole User collection:
CreateRole({
name: "tier1_role",
membership: {
resource: Collection("User"),
predicate: Query(
Lambda("userRef",
// User attribute based rule:
// It grants access only if the User has TIER1 role.
// If so, further rules specified in the privileges
// section are applied next.
Equals(Select(["data", "role"], Get(Var("userRef"))), "TIER1")
)
)
},
privileges: [
{
// Note: 'allUsers' Index is used to retrieve the
// documents from the File collection. Therefore,
// read access to the Index is required here as well.
resource: Index("allUsers"),
actions: { read: true }
}
]
})
I tried to change it a bit, but I wasn't able to set up field-level access.
Let's say I'd set up FaunaDB with GraphQL schema below.
enum UserRole {
TIER1
}
type User {
email: String! #unique
username: String! #unique
role: UserRole!
}
type Query {
allUsers: [User!]
}
type Mutation {
addUsers(new_users: [UserInput]): [User]
#resolver(name: "add_users", paginated: false)
}
How do create a FaunaDB role in such a way that all of the users (except the current one) in resulting array from allUsers query, will not have email field?
I could break User collection into two: one is public, the other is accessible to a document owner, but this sounds wrong.
I'm new to the noSQL concept, so maybe I'm looking at this problem from the wrong perspective?
it's a request that came up a few times. You probably want to do this straight in FaunaDB's ABAC role system but although it provides row-level security, hiding a specific field is currently not provided yet. The feedback has been logged though, we will look into it.
The current way to do this is to split out Users from Accounts and fetch Users instead of Accounts. It would be useful to have something like hidden fields though in the future.
If you think of it, in this case, it does make sense to split authentication information from User information. You never know that you might offer another way to authentication in the future. I still recall from the Phoenix Framework book that they do it there was well and considered it a good practice.
You could also make a thin wrapper using Apollo in a serverless function and filter out these fields when you pass through the results. There is a guide that explains how to build such a thin Apollo middleware that just delegates to FaunaDB https://www.gatlin.io/blog/post/social-login-with-faunadb-and-auth0
I have two Documents in my Spring data - MongoDB application:
The first one is Contact and looks like this:
public class Contact {
...
private List<Account> accounts;
and the second one is Account and looks like this:
public class Account {
...
private Contact contact;
My question now is, whether there is a better way of:
1. create contact object
2. save contact object into database
3. create account object
4. set contact object into account object
5. save account object into database
6. set created account object into contact object
7. update contact object
These are many steps and I will avoid to do such a long list to get Contact and Account connected bidirectional.
Try this approach
MongoDB is a NOSQL DB and hence there is no need of an order to be preserved, such as create and store contact object and then do so more in a sequential way.
Maintain a sequence for Contact and Account object. Before storing these two records get the next number in the sequence and insert the Contact and Account documents.
References for autoincrement sequence
https://docs.mongodb.com/v3.0/tutorial/create-an-auto-incrementing-field/
https://www.tutorialspoint.com/mongodb/mongodb_autoincrement_sequence.htm
Pseudo Code:
Get the next Sequence of Contact and Account Id
Add the id's to respective documents
Insert the Documents in Mongodb
While retrieving the records you can use $lookup which is a left outer join.
Please note that chance of loss of integrity in data can happen if one insert is happened successfully and other insert did not happen for some reason.
We dont have transaction support in Mongodb across collections, more info.
Suppose we have following entities (representing a m:n relation, with additional column on the join table):
public class User {
private String name;
private List<Login> logins;
}
public class Login {
private User user;
private Website website;
private String login;
}
public class Website {
private String name;
private List<Login> logins;
}
I want to create a User edit form that contains one login input field per each existing website (so that all existing websites are in the form). E.g., having 2 websites defined (website1, website2), I would like to see:
My problem is with achieving following behavior on submission of the form: if login input field is filled for a website, it should be added to user1's logins, and if it's empty, it should not be added/get removed.
I created the form using User model (for user name), and website's fields use ListView backed by a model of all logins (taken straight from DB). This makes my form look as expected, but the behaviour is not there, as websites model is independent from the User model. What is your recommended approach?
Use a ListView backed by a list of all possible Login objects, ie the existing Login object if it exists and a dummy/empty/new Login object for each Website for which it doesn't exist.
Then on form submission save those Login objects which have a not-null and not-empty login field.
You could create a bean instead of directly using the Login object but it would work the same way.
If you also want to delete Login objects for which the user removed the login value, create some way in which you can check the Login object has been saved before (ie, its login field was notempty once) and delete the object if it is empty now.
Changing ListView to PropertyListView did the trick. Model gets updated properly and therefore I can do any required postprocessing in onSubmit(). With the ListView, form was rendered fine, but changes in login input fields were ignored.