I am using Ormauth as auth package and used it for login at backend. Now I want to give login access for group 'moderator' along with 'superadmmin' and 'administrator'. How I am to proceed ? I tried changing options in default fuelphp tables for 'user_roles', 'user_role_permissions' and so on but to no avail. I am new to this ? Any help/suggestions are welcome. Thanks in advance.
i do this:
create a base class for admin area, in function "before" of that base class use \Auth::has_access('area.permission') for check that current user has access to current controller or not,
create some permissions (in table users_permission) for your admin area, you can use any names for area and permissions here but i suggest use your application or module name as "area" and controller name as "permission",
if you wish to use "groups" so use "users_grouppermission" or if you wish to use "roles" then use "users_rolepermission" for inserting some recordes for allowing access to groups/roles,
at least assign users to that groups or roles (using user_roles and user_groups tables)
Related
I need to automatically add an author of an inserted row in one of its columns. I am using postgREST (using Supabase cloud service) and I don't want users to add whoever they want as the author. Is there a way to automatically add user id of the user posting the data? Thanks!
The column's DEFAULT value should be:
uid() for Supabase.
current_user for Postgres.
You can add it via Table Editor or use auth.uid() in your SQL functions.
I am trying to access a group id of a specific group from keycloak. What I found is like there is no REST Api call is available for access this one. You can refer here http://www.keycloak.org/docs-api/3.0/rest-api/index.html#_groups_resource. This shows that you can access all group details or specific group details only by using their Id's. Actually what I actually need is I want to access only the id of the specific group. Can anyone let me know how to do this?
You can write it like this:
GET http://localhost:your_port/auth/admin/realms/your_realm_name/groups?search=name_of_the_group
it will return {id, name, path, subGroups} to you..
My Postman Example
The documentation you're using is pretty old. Take a look at the documentation for the latest release:
https://www.keycloak.org/docs-api/4.8/rest-api/#_groups_resource
You can provide a "search" parameter to look for groups by name.
Unfortunately, if you use the name of a subGroup, it returns the entire hierarchy starting from the top-level group, so the API for groups is still problematic.
One way is to enter keycloak admin panel. Then in the Groups option, select a group. Finally you will find the group id in the URL. Like /realms/Applications/groups/bc49dc6c-7c2a-40c4-bf60-fea8c2b1d562
You can get a list of all groups:
GET /admin/realms/{realm}/groups
The response will have group properties including id.
[
{
"id": "8ge163b3-6kc7-40ed-x069-3309eabbcbea",
"name": "group1",
"path": "/group1",
"subGroups": []
}
]
This might come a bit late, but anyway.
There is also the GET /{realm}/group-by-path/{path} endpoint which will return only the group that you desire since path is unique.
Also if someone needs (and since this isn't actually documented, or at least not as of the writing of this answer) if you want to call this endpoint from the admin-cli you can do it as follows:
./kcadm.sh get group-by-path/{path} --realm {realm}
ex.: ./kcadm.sh get group-by-path/parent_group/child_group/grand_child_group --realm realm1
we are currently digging into Amazon Redshift and testing different functionalities.
One of our basic requirements is that we will define different user groups which in turn will be granted access to different views.
One way to go about this would be to implement one view seperately for each user-group. However, since we have a lot of user-groups that share almost the exact same need for information, I'm looking for a way to implement this more dynamically in Redshift.
For instance, let's say I have a user group called users_london and another one called users_berlin. Both will have access to a view called v_employee_master_data which contains the columns employee_name, employee_job_title and employee_city.
Both groups share the same scope of information with one exception - the column employee_city.
In essence, the view should be pre-filtered for a certain value in the column employee_city according to the currently logged-in user-group.
In SQL - something like this:
For the usergroup users_london:
SELECT * FROM v_employee_master_data WHERE employee_city = 'London';
For the usergroup users_berlin:
SELECT * FROM v_employee_master_data WHERE employee_city = 'Berlin';
Now to make the connection back to Amazon Redshift. Does the underlying DB runtime provide an out-of-the-box functionality to somehow catch the currently logged user-group as a form of global variable and alter the SQL-statement according to the value of that variable?
It is possible to do:
get current user
select current_user
find what group it belongs to
select groname from pg_group where current_user_id = any(grolist);
Extract city and capitalize it:
select initcap(substring(groname from 'users_(.*)')) from pg_group where current_user_id = any(grolist);
Now you have your city based on the "user". So just inject it in the view
... WHERE employee_city = initcap(substring(groname from 'users_(.*)') ...
I want to modify the webscript alfresco-remote-api-5.0.d.jar\alfresco\templates\webscripts\org\alfresco\repository\person\people.get.js. I need to display for the connected user only user he has created.
I have modify the filter to include username in query.
filter = filter + " AND cm:creator:admin";
people.getPeoplePaging(filter, paging, sortBy, sortAsc);
This must display only users created by admin.
But it's not working(no user is returned).
How can i select only users created by a certain user ?
By looking at below definition of content model I sure , what you want to achieve is not possible ,as person(user) does not have creator property.Below link shows the content model for users.
https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/COMMUNITYTAGS/V4.2c/root/projects/repository/config/alfresco/model/contentModel.xml
https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/COMMUNITYTAGS/V4.2c/root/projects/repository/config/alfresco/model/systemModel.xml
I am trying to create a login for my database and I don't want to use the Microsoft way of doing so. I want to have the users login with a username and password then have that information verified in the "tblUsers" table.
UserID LoginID Level LevelID
jpurk jack23 admin 3
krimes kitty editor 2
lwalms low34 reader 1
I got as far as verifying the "UserID" and "LoginID" using dlookup
Nz(DLookup("[LoginID]", "tblUsers", "[UserID] = '" & Me.txtUserID & "'"), "")
=Me.txtPassword
The problem I have now is that I want certain items on the menu unavailable to users without the proper Level; If they are only an "editor" or a "reader", then I don't want them to have access to the "administrative" button where I have placed all admin forms.
After I use dLookup to verify the username and password, how do I now find out their "Level" and assign rights to different menu items? Thank you.
Assuming your DLookup has found an existing LoginID value, you can use another to retrieve that user's LevelID. Then enable/disable the administrative command button based on their LevelID.
I'll suggest something like this in Form Load:
Dim lngLevelID As Long
lngLevelID = DLookup("[LevelID]", "tblUsers", "[LoginID] = " & Me.txtLoginID)
Me.cmdAdmin.Enabled = (lngLevelID = 3)
Notes: That assumes you've previously loaded the user's LoginID number into a text box named txtLoginID. txtLoginID could be hidden if you don't want the users to see it. Or you can grab the LoginID value by some other method.
If you have one-to-one matches between Level and LevelID, you shouldn't need to store both values in tblUsers. You can create a UserLevels lookup table to hold both, and store just the LevelID in tblUsers as a foreign key to the appropriate row in UserLevels.
Finally, the strategy you're using can work, but the security is shaky. As "guidance" to users willing to follow the rules, it's OK. But it can be easily circumvented by even unsophisticated users. Look for a different approach if your security needs are stringent.