I've got a list of trades (lets say some records) made by different users in my Zend framework based application.
I want to allow users to view only their trades, and if they try to view another user's trade by changing the url by themselves. They would get a message that they don't have permission to view or change anything.
Kindly help me figure out how can I do this using Zend, ACL, or another better way.
In this situation I wouldn't use ACL for restricting access to the list of trades. Instead in controller's action, which get list of trades and pass them to the view, I would check who is owner of each list and compare this owner with a logged in user.
Related
I'm developing an app using the low code platform SLINGR. I need to set permissions by the company an user belongs to.
What would be the best approach to implement this?
Any help would be greatly appreciated.
The best way to achieve this is by using permissions with a filter of type By user field. For example, you can create an entity called people with the following structure:
- user
- company
Then, in Application > Settings in the app builder, you have to configure this entity as the one used for extended fields (https://slingr-stack.github.io/platform/app_development_app_settings.html#user-extended-fields). Once you do that, you will be able to filter by the company of the current user. For example, let's suppose you have an entity called tasks with the following structure:
- number
- title
- company
- description
Then, in the permissions for this entity, you will add a filter by user field where the field tasks.company is equals to people.company. This way, users will only see tasks that belong to the company they also belong to.
Could someone give me a link (github/gitlab) of a swift projet which show the possibility of managing Users on Parse.
For example , I would like for a user (who have 15 friends):
to create a group with 5 friends for example (the user could add a name for this group)
to delete if necessary the group
to send a message(textfield) to a group
to send a message (textfield) to a user
For the UI, I would like if it exists, to manager user like the Springboard (having the picture of user in round), and when you longpress on it, you have a cross to delete /and 'block sign' to block user.
And the user could drag/drop other user on his friend list to create a group (like on the Springboard when you create a group of app)
Thanks for helping me !
Have a nice day!
I've not come across such framework for parse/swift. I think you need to build it yourself.
This might help you in the direction:
Friend/de-friend people: https://stackoverflow.com/a/32557977/3314336 &
Parse Swift: User relations with a "friends request"
Send messages framework: https://github.com/slackhq/SlackTextViewController
What you're asking for is pretty general and extensive. You could use Roles and Relations to manage friend groups. You could have Group objects, give them an owner, and a relation for all the members of the group.
For chat, I'd recommend not trying to just build that directly into Parse. Twilio recently released their Programmable Chat feature, which is awesome. Sounds like it'd be beneficial for you to use that.
I'm creating a social media app. I'm able to allow the current user to search for a PFUser and add the user to a friendship relation. I'm struggling on accessing the friendship relation and getting all the friends to create a table view right now. Could someone help me with this?
A Relation type in Parse represents just like what it literal meaning is. It's just a relation that contains no data. If you want to access the data inside the relation. You will need to perform query on it like so:
let query = relation.query() // I assume relation is an instance of PFRelation you want
Actually, Parse tutorial provides us a very comprehensive guide and you should check that first: https://parse.com/docs/ios/guide#relations
NOTE: This answer provides alternatives to using Relations to make a Friend System
I have created a friend system in two ways using Parse and both a function of your specific needs.
The first time I implemented a friend system. I had a table of Users and a table of Relationships. The Relationships table stored the usernames (or ObjectIds) of the two users in a relationship and the state of that relationship (friends, request sent, etc). The problem with this is that the queries can be kinda complicated, and if you have a lot of users, this may end up being too slow.
The second option is storing friend information in the User table itself. For each user, you add the columns with they type Array: Friends, RequestSent, and RequestReceived. Anytime a user sends a request they update their own user row and send a message to CloudCode to update the other affected user. Take a look at this example:
User A sends a request to User B:
User A adds user B's name to RequestSent
User A sends a message to cloud code that he/she wants to add user B
CloudCode adds User A's name to User B's RequestReceived
User B wants to accept User A's request
User B adds user A's name to Friends
User B removes user A's name from RequestSent
User B sends a message to CloudCode that he/she wants to accept User A's friend Request
CloudCode adds user A's name to Friends
CloudCode removes user A's name from RequestReceived
With this option, you never perform any server side queries. You only ever perform get operations. The downside to this option is if the logged-in user has thousands of friends/requests, it will take a while to download that information.
Note: The reason you have to use CloudCode is that a User can only change information about him/herself. The other option is to have CloudCode manage all the adding/removing so better checks can be made.
I found with this method that you can sometimes have one user who is listed a a friend in another users row but not their own. Controlling everything from CloudCode could eliminate this kind of error.
I'm trying to add an iframe into the form for viewing accounts that will display all the invoices that are connected to that account. I've read this MSDN page about accessing specific forms through a URL, which I can achieve, but copying the URL generated into an iframe I have created on my form produces an error message.
I'd like to know whether what I'm trying to accomplish is possible and if so, how I should format the URL so that only the invoices connected to the user account being opened will be displayed. I'll add more details later if I can.
I think what you actually want to do is add a sub-grid. This is different from an iFrame, an iFrame generally contains web resources, or links to pages on the web. A sub-grid specifically exists to show related records - e.g. to show the left hand relationships links on the body of the form.
I think this article should show you what to do.
Edit - based on Jacks comment:
So Crm can't handle this situation quite so easily with out of the box features. But you do have a couple of options. I dont think any of these are perfect solutions, so I'll let you choose.
A sub-grid effectively just runs some FetchXml, you can change this FetchXml with JavaScript, so you could alter the view to return the records not directly related. Green Bible has an example, though this doesnt look like its supported.
Use a report in an iFrame.
Use a plugin, I havnt done this myself, but a colleague told me it was possible to stick a plugin on the retrieve message and basically change the query or results which is used by the view.
Create a second relationship between the invoice and the account. Then whenever you link an invoice to an account, also populate this new relationship (a workflow will do) with the account, and whenever an invoice linked to a contact is created, populate the new relationship with the parent account of the contact (again a workflow will do). Then just base your sub-grid on this new relationship. This approach isnt the cleanest but its probably the quickest and easiest to implement.
I have a modified CRM 4 application that uses cases as the main enitity. In the application we have a number of teams setup and a number of queues that correspond to each team. I have written a plugin that restricts the queues a user can see depending on whether or not they are a member of the corresponding team (on the retrievemultiple event of queue)
What I would like to know is if it is possible to restrict the views a user has access to when they navigate to the main cases page. I would like to hide the default public view for every user, and for there only to be a set number of views available that correspond to the team that the user belongs to.
Yes, you can register a plugin for the RetrieveMultiple message on the savedquery entity. Then you'll have the QueryExpression used to retrieve the views. Just check that it's for the entity you're trying to filter, then add a few conditions to the query based on what you'd like to hide from the end user (savedquery.name != "View to Hide" or whatever).