I have a concept question when it comes to roles. Im not very familiar with database design or access control. Let's say i have 4 collections.
Users
Companies
Equipment
Locations
A user can register.
A user will be added to a company.
User gets access to all equipment and locations with the company ID.
What would be a good way to verify that a registered user belongs to a company? I'm thinking manual verification, as not everybody in the company should have access. But any clever thoughts are appreciated.
Collections equipment and locations holds documents belonging to different companies. These collections can get pretty big. Is it wise to have an "Equipment collection" for each company?
Should i create a group for each company and add user to the correct group?
What is the best way to link collections/documents to user/company?
Any other thoughts?
Thank you.
Have you tried using : https://github.com/alanning/meteor-roles
I have used that to verify roles in meteor. There would be an entry in "Companies" Collection thus you can have a Company ID. With the usage of meteor roles , I think it would be easy to do your task. In Example.
User Collection would have :
_id:
Name:
Role : [ //owner , employee ]
Company ID:
it is up to you if you would make roles and company ids an array to handle multiple companies for a single user record thus making it alot more flexible in the long run.
Next would be make a helper in your user collection to easily track the roles. IE.
isAdmin(companyId) {
if(isValidRolesData(this.roles,'default-group'))
return this.roles['default-group'].indexOf(`${companyId}-admin`) > -1;
},
/**
* Check if a user is Staff
*
* #param {any} facilityid
* #returns
*/
isStaff(companyId) {
if(isValidRolesData(this.roles,'default-group'))
return this.roles['default-group'].indexOf(`${companyId}-staff`) > -1;
},
/**
* Check if a user is Receptionist
*
* #param {any} facilityid
* #returns
*/
isReceptionist(companyId) {
if(isValidRolesData(this.roles,'default-group'))
return this.roles['default-group'].indexOf(`${companyId}-receptionist`) > -1;
},
With that kind of flow I guess you can achieve the exact thing you needed :)
Related
Could someone help me if I can filter through laravel relationship in following scenario? I want to filter with the slip id / or customer_id/ or customer name.
public function search_index($query){
$slip = Slip::with('customer')
->where('slip_id',$query)
->orWhere('customer.id',$query)
->orWhere('customer.name',$query)->get();
}
Edit:
there are two classes: Slip and Customer. With the relations being slip belongs to customer and customer has many slips.
The slip contains other information including customer id and customer is retrieved using 'customer' relationship. Now I want to be able to find the slips by either entering customer name/id or slip id.
($query) may have one of those details
Slip::with('customer') returns details in following pattern:
[{slip:{id:1, ref:'abc', customer:{id:1,name:'Joe'}},}]
I want the query to return result in similar fashion too.
Thanks in advance
I haven't execute the code, but I pretty sure that this is gonna work.
$slip = Slip::query
->whereHas('customer', function(Builder $q) use ($query) {
return $q->where('id', $query) //Search by customer id
->orWhere('name', 'like', '%'.$query.'%'); //search by customer name similiarity
})
->orWhere('id', $query) //search by slip_id
->get();
This is not the best practice as I would suggest. It is recommended that you should break down the query in to 3 smaller functions/module, then get their intersect() as final result.
So i'm trying to set up my first extension with Typo3 and i'm struggling very much. I want to set up an extension which handles reclamations from customers.
After submitting the input values i'll store the new customer in the database and directly after this step i'll get it back from the database to see which uid he has, to store the uid from the customer in the reclamation.
So i wan't to override the current $customer-variable with
$customer = $this->customerRepository->findByName($name);
The returned result is not really an object of customer even var_dump is saying it is an customer-object. I can't call the function
$customer->getUid()
to get the current uid of this new customer. But i need the uid of the customer in my reclamation-object - how do i do that?
Next problem: every query i ll do to the db like
->findAll(), findByIdentifier($identifier)
is null.
I don't know why. It seems that he can't find the storagePid, but i've set up my TypoScript correctly.
I can only get a query when i add
$query->getQuerySettings()->setRespectStoragePage(FALSE);
any ideas where the dog is buried in this case?
Thank you very much and sorry for my bad english :P
Your initial question is hard to answer without more details. What is the relation between a customer and reclamations? If a customer can have multiple reclamations, it would be good to have an 1:n relation between customer and reclamations. In that case, you can just do $customer->addReclamation($reclamation) and don't need to take care about user UIDs.
As for your repository call, the problem is that your call gets you a QueryResult containing all matching objects. If name is really a unique property, you can do
$customer = $this->customerRepository->findOneByName($name);
This looks for all customers with name equals $name (which should be only one) and returns the first one, so you get back a Customer object.
But this is not really necessary, too: If you persist all changes after adding the customer, you can get its UID:
$this->customerRepository->add($customer);
$this->persistenceManager->persistAll();
// Returns the customer uid
$customerUid = $customer->getUid();
The persistenceManager can be injected like this:
/**
* #var \TYPO3\CMS\Extbase\Persistence\Generic\PersistenceManager
* #inject
*/
protected $persistenceManager;
I have these entities:
User
Role
Permission
A user has many roles and a role has many permissions.
What is the best way to retrieve a set of permission a user has?
I need a method to check if a User has a particular Permission.
This is what I have so far:
public boolean hasPermission(String permissionString) {
if (!authenticated) return false;
for (Role role : user.getRoles()) {
for (Permission permission : role.getPermissions()) {
if (permission.getName().equals(permissionString)) {
return true;
}
}
}
return false;
}
A second, but related question -- where should I put the code that checks if a user has a particular permission?
In the User entity?
In the UserBean EJB?
In the Authentication JSF Managed Bean?
It depends on your mappings, the number of objects in the list, if the lists have already been fetched, your database connections, the database tuning etc.
You would have to try with production data to determine what ways are best.
For instance, If your collections have been prefetched with a join query, then traversing them in Java is trivial. If they haven't, each access in the for loop would cause a query to populate the objects. If it is the last one all the time, it means your java code causes you to traverse your object graph in the worst way possible and it would have been better to fetch it upfront. So you would be losing any benefit of lazy access, and would be better of hitting the database once to query for the permission linked to this user with the permissionString name: "Select p from u User join u.roles r join r.permissions p where p.name = :permissionName".
Only testing on production data will give you the best answer for your situation, and numerous other decisions in the application and mappings change the outcome.
I use Doctrine and MongoDB ODM modules at my zf2 application. ZfcUser is used for authorization.
Is there a way to use two collections, say users and clients to authenticate via zfcuser+doctrine? I am curious, if there is a way to combine two mongo collections into one to use combined for authentication?
You do not need to merge the users into one collection as you can have multiple 'authentication adapters' (see ZfcUser\Authentication\Adapter\Db for an example)
These are defined within global config file: zfcuser.global.php
Each of my adapters are run in order of priority until one returns a successful authentication result.
For example; I have the following configuration for Users and Candidates entities.
/**
* Authentication Adapters
*
* Specify the adapters that will be used to try and authenticate the user
*
* Default value: array containing 'ZfcUser\Authentication\Adapter\Db' with priority 100
* Accepted values: array containing services that implement 'ZfcUser\Authentication\Adapter\ChainableAdapter'
*/
'auth_adapters' => array(
50 => 'JobboardCandidate\Authentication\Adapter\CandidateDatabaseAdapter',
75 => 'JobboardUser\Authentication\Adapter\UserDatabaseAdapter',
//100 => 'ZfcUser\Authentication\Adapter\Db', [this is the default]
),
As I understand from your question you want to get one collection with two different document types so that you can use this collection for authentication.
If you use doctrine Inheritance mapping you can have two different classes and resolve them in one collection.
In this case your Client class would extend your User class. If you would use the findAll method in your UserRepository you would get both the clients and the users in one Collection
This will help you achieve what you want:
<?php
namespace MyProject\Model;
/**
* #Document
* #InheritanceType("SINGLE_COLLECTION")
* #DiscriminatorField(name="discriminator", type="string")
* #DiscriminatorMap({"user" = "User", "client" = "Client"})
*/
class User
{
// ...
}
/**
* #Document
*/
class Client extends User
{
// ...
}
And then
$userRepository->findAll();
Read more on inheritance mapping here in the Doctrine documentation
I have the following scenario in zend framework:
Data
Table of students
Table of classes, which contain many students each.
Table of assignments, each of which is assigned to a class and given a password
I want students to be able to access an assignment given that assignment's id and shared password, but for the application to note which student signed in to the assignment. Zend_Auth however expects one table to contain both the username and the password, but in my situation the username is in the students table, and the password is in the assignments table.
Can anyone suggest a good way of handling the student login where they can all share one password. A way to authenticate with just a username and no password would work, as then I could do the password check in a separate conditional.
I think your best bet would really be to just write your own adapter. Something like this would most likely work:
class MyAuthAdapter implements Zend_Auth_Adapter_Interface
{
protected $_username;
protected $_password;
protected $_assignment_id;
/**
* Sets username, password, and assignemnt ID for authentication
*
* #return void
*/
public function __construct($username,$password,$assignment_id)
{
$this->_username = $username;
$this->_password = $password;
$this->_assignment_id = $assignment_id;
}
/**
* Performs an authentication attempt
*
* #throws Zend_Auth_Adapter_Exception If authentication cannot
* be performed
* #return Zend_Auth_Result
*/
public function authenticate()
{
// logic here to check everything out and erturn a new Zend_Auth_Result
}
}
Shared passwords are a really bad idea. If you share the password, then another student need only learn an id -- typically not a highly secured piece of information -- to access the resource as the other student. A better solution would be to use a role to control access to assignments and put the students who need access to the assignment in the role. This way each student can still have access to the assignment and retain their own id/password pair. See the Zend documentation for information on roles and how to use them.