I am using eloquent as part of a slim 3 project with slim-jwt-auth (https://github.com/tuupola/slim-jwt-auth), outside of Laravel. There are many situations where I want to control the items returned based on the user who is making the request.
From what I understand though, there is no way to add extra parameters such as user_id for use in eloquent global scope.
I found one blog post that initially looked helpful,
as it does exactly what I am trying to achieve (http://www.sdavara.com/Eloquent-Global-Scopes-A-cool-and-easy-way-to-fetch-loggedin-user-data/), but it relies on Laravel Auth.
The fact that my solution needs to work globally is important, as I have many nested relationships that should also be filtered by user id when queried.
Could anyone suggest what might be the best approach for achieving this?
Related
Due our business model we had to set for every record in the model: an
attribute ownerID and a groupID. As always, people from the same team can see their mates records but not those from the other communities.
I have the user's groupID in a session variable for each call coming from the front-end given all possible requests have to be authenticated.
I've been thinking about that but I cannot find a nice place to set a piece of code to make Sails just return user's community records for every model.
An option is overriding all default methods for all controllers, but I think it's not necessary to override all find, findOne, etc methods to adding this simple restriction given it should be applied for ALL models. For sure there's a more elegant way of reaching this using hooks or any policy but I dont give with that.
My goal is if I get /houses just return the houses from the community of the authenticated user even if are all together in the database and apply this restriction for ALL models.
I hope you can understand...
Thanks in advance!
Basically, I'm querying the D365 web API and I'm trying to get all of the related contacts for an account.
Been following this link:
https://learn.microsoft.com/en-us/dynamics365/customer-engagement/developer/webapi/query-data-web-api#retrieve-related-entities-by-expanding-navigation-properties
Trying to use $expand but it only will bring over _primarycontactid_value. So just the one primary contact and not everyone that is related to the Account.
It would look something like the following:
/api/data/v9.0/accounts&?select=name&$expand=Contacts(fullname, email)
The only fields in Account that have "contact" in them are:
preferredcontactmethodcode
_primarycontactid_value
address2_primarycontactname
address1_primarycontactname
_tcc_primaryinvoicecontactid_value
_tcc_consultingcontact_value
_tcc_contactlist_value //some custom field that doesn't apparently do anything
_new_foundationcontact_value
_tcc_primaryapcontactid_value
So none of which can be used to look-up all of the contacts... that I know of.
Another way to do it would be to start with the Contact first and then $expand= on the _parentcustomerid_value. But I need to filter on the Account to specify certain accounts that I want... this would just bring over every account and be incredibly slow. I'm not sure there is a way to $filter= on an $expand= value.
So:
How can I query the Account and all the related to Contacts for an Account?
If there is no way, is it possible to use $filter= on and $expand= value?
Trying to keep the amount of queries to a minimum. This could be solved by doing multiple iterative queries, but that will just make it incredibly slow. Or just query everything and piece it together, but that will be slow as well.
Ok, stumbled across the answer: contact_customer_accounts.
Query ends up looking like the following: /api/data/v9.0/accounts&?select=name&$expand=contact_customer_accounts($select=fullname).
As far as I can tell, custom relationships can be used as well, although I have only tested with 1:N types.
Still takes a little while to generate, but works.
I'm having a bunch of apis which return several types of data.
All users can query all data by using a GET rest api.
A few users can also change data. What is a common approach when designing REST API, to query only the data that can be changed by the current user but still allow the api to return all data (for display mode).
To explain it further:
The software manages projects. All projects are accessible for all users (also anonymous) via an api (let's call it GET api/projects).
A user has the ability to see a list of all projects he is involved in and which he can edit.
The api should return exactly the same data but limited to the projects he is involed in.
Should I create an additonal parameter, or maybe pass an http header, or what else?
There's no one-size-fits-all answer to this, so I will give you one recommendation that works for some people.
I don't really like creating resources that have 'complex access control'. Instead, I would prefer to create distinct resources for different access levels.
If you want to return limit results for people that have partial access, it might be better to create new resources that reflect this.
I think this might also help a bit thinking about the abstract role of a person who is not allowed to do everything. The abstraction probably doesn't exist per-property, but it exists somewhere as a business rule.
Currently I'm working on a cms page module where I need to update pages after made some modifications on for instance the text. Because I'm getting multiple data from several tables, I also need to save / update the data to multiple tables.
Updating data to one particular table isnt a problem, but for some reason I cant figure out how to do the same trick with table relationships. One of my questions is how to do this and if you maybe need to create a single savePage method for every model and handle the particular data seperately. Or is their a better solution to handle the saving with options like ManyToManyRowsets.
I'm not sure if its me searching for the wrong thing or if the thing I want, just doesnt excist. Anyway, the following link seems to look a little like what I want. If someone could help me out, I would be very thanksfull.
https://stackoverflow.com/a/640648/1553963
this post should answer your question (there is no easy way) and provide you with an how to too:
Zend Many to Many Relationship
Lucian
In order to filter the available options on one section of my web application, I would like to get the user object at the form object. I found some information about possible ways to do that (using sfContext, for instance) but some users discouraged this approach.
What is a possible manner to achieve my purpose?
The best way is to add some logic to BaseForm so you can use self::getValidUser(); without ever using sfContext, which is indeed generally not recommended.
Check this awesome blog post for more infos : http://prendreuncafe.com/blog/post/2010/02/17/User-Dependant-Forms-with-Symfony