Analysis class diagram - associating classes - class

New user so I can't post images. Image link provided below:
http://i.stack.imgur.com/EXf0G.jpg
This is for a walk-in booking system not an online reservation system.
Normal Booking scenario:
User/Member gives information to receptionist. Users can book up to a month in-advance.
Receptionist searches user/member info. Receptionist must be logged in to search user/member or make a booking.
if details are found the booking continues as normal, if not user details are added to the users file.
Booking time/date/type is then checked for availability. If available then a booking is made.
Extra:
There are two types of staff account 'normal-user' (Receptionist) and 'admin' (Manager).
Manager can reset staff account passwords and create new staff accounts.
Manager can edit session details on the timetable (time, date, type) etc. Do i need a timetable class here??

In order to answer that, we would need a much more developed specification.
I would suggest you develop with what you have, meeting only the minimum requirements for each iteration. Then, if you find your users need a timetable of some sort, then add it at that point.
In general, don't add more complexity than you need until you know you need it. The more moving parts a system has, the harder it is to maintain and use and to put together in the first place. Get the application up and functioning and in the users' hands. Until you get real feedback from them, you are just taking stabs in the dark. Let the users' tell you what they need and want.

Related

Ban a User in a particular firebase firestore group chat for predefined time

I am very new to coding. but i managed to build a group chat app using a low code platform called flutterflow. i managed to spend significant amount of time on it and was able to build a public group chat app except few functionalities. I am hoping to find help from here. for the following questions.
I have chat mods appointed on a group level. like if you create a group, you are a founder and you can assign mods to that perticular group chat. now i want these mods to be able to ban a user in that particular group chat.
I have tried created a subcollection in groups called "banned user" and created two feilds. one is "banned users" document reference to users. and another is "banned_till" to record a time stamp until the user gets banned.
Problem with this is when i ban a user twice, it creates two documents in the user reference with the same user. and two documents has different "banned_till" times. which one it is supposed to pick?
i tried to do this and put a conditional visibility to the chat that "if current time is less than or equal to banned_till time" it wont let user type in the textfield to chat. but this is giving me gray screen.
I am very new to this. any help would be appreciated.
there is specific way to do so. you have to set custom logic. like save all banned users in a firebase database object with thier max time and procced next.

Prevent race-condition in RESTful api in certain scenario

I'm currently developing an online course system where students can choose any course and enroll to it. The course will be held one-to-one principle so student will choose a certain date for the course and on that date, there will be an online video meeting with the instructor. Only one instructor and one student for each course session.
Typical use-case flow is:
Student press "Enroll" button and proceeds to the next page.
On this page, student chooses the course date from the calendar (only from available dates) and proceeds to checkout page.
On checkout page, student enters his/her card details and certain amount charged from student.
A race condition may occur in this scenario (let's say there are only 2 users and 1 instructor):
User1 chooses date from the calendar and proceeds to the checkout page.
Meanwhile User2 also chooses exactly same date and proceeds to checkout page.
User2 enters card details faster that User1 and reserves that date.
User1 enters card details and system charges both students and BINGO (there are two students for the same date).
I don't want to check date availability before payment so I think It'll give a bad user experience so the User must go to the previous step again and choose another date. Even this could happen infinitely :)
Any ideas will be welcomed.
Also, I can change the current enrollment flow to protect security.
The reference you want to review is Pat Helland 2007: Memories, Guesses and Apologies
You've got a distributed system, and remote clients are looking at local copies of your data that may be out of date. So your protocol needs to recognize that you will be receiving messages about decisions based on stale data, and have explicit handling for the contingency that the desired outcome of the decision is not currently available.
The REST part is "just" providing the correct affordances for your protocol.
One possible change to your protocol that may help is to introduce the idea of a provisional hold; Alice has a provisional hold on the time slot, and therefore when Bob asks the slot is unavailable, but it might become available later if Alice declines to exercise the option.
(This doesn't eliminate the race condition, of course, it just moves it around).
A common protocol solution here is overbooking - you accept both claims on the time slot, and then clean up the mess later.
Commercial airlines do this sort of thing all the time; they want to maximize their profit per flight, which means selling more tickets than there are seats on the plane. They can do this, because enough travelers change their plans later that there is an effective surplus.
But sometimes, too many paying customers show up for the same flight, and then the contingency plans come out -- standby passengers are deferred, ticketed customers are offered compensation packages for changing their plans, and so on.
You probably need contingency protocols anyway (what happens if the instructor has to cancel the appointment, for example because of illness); the race condition during booking is just one more contingency protocol to add to the run book.
Having established what the contingency protocol should be, you then have a second question to explore: what parts of that protocol should be automated. If conflicts are rare, it may make sense to escalate the problem to a human being to solve, rather than doing so in code. Sometimes the right answer is for the machine to stay out of the way.
I want to implement double-check mechanism so:
When User1 proceeds to calendar page it will create a persistent connection with the server (SSE or WebSocket). And available dates will be shown on real-time. So when User1 selects any date and proceeds to checkout an event will be published and that date will be marked as BLOCKED until the payment done.
When User1 enters his card details and clicks Pay button the system will check again if that date is really reserved by User1.
If payment is successful this date will be updated from BLOCKED to RESERVED.
BUT taking into account that this is a REST API with React client, all of the endpoints will be visible to anyone. So an attacker could make a simple brute-force to BLOCK all available dates for the course.

How to get customer id KUNNR of current Launchpad user?

I am writing a custom Fiori to access sales data from an SAP ERP backend system using a Gateway.
The use case is "customer logs in launchpad, opens Fiori app and sees all his/hers sales items based on the customer id". The customer id is stored in kna1-kunnr and has to be included in a select on the vbak table in SAP. Nothing fancy.
Now I ask myself: how do I get the customer id / kunnr? What do I get at all from the currently logged in user? When debugging my Gateway project code, is it actually the name stored in sy-uname or can I get something better?
How should I continue to get the customer id / kunnr? Are there some function modules like GET_CUSTOMER_ID_OF_USER to call in the SAP ERP?
Or are the actually other / better ways to get the sales documets for one user?
Update
Thank you for your answers so far. I am going to check the default Fiori implementations to get some inside. But, since we are already here, I want to specify my question a little bit more:
Giving I create an OData model in my Component.js like that:
var oModel = new sap.ui.model.odata.ODataModel("[...]/sap/opu/odata/sap/Z_MYODATA_SRV/",
false, "user", "password" );
user and password are supposed to be the ones currently entered as user credentials in the Fiori Launchpad. How can I access those? Are there some SAPUI5 api like getCurrentUser or getCurrentSession ? Do I actually have to do this user check?
You are correct that to identify all of the sales orders for a customer you need to read them from VBAK (or use BAPI_SALESORDER_GETLIST, etc).
The relationship between logged in user and customer is not something that's the same in every SAP ECC system. You may find that the logged in user is the same as the customer number, but with a prefix - for example, logged in user C12345678 for customer 0012345678. Or there may be some other type of relationship that's store in a custom field on the customer master itself. The best option is to check with the person responsible for the configuration in Sales and Distribution. Only then can you know how to determine the customer for a logged in customer user.
Answering your question
Now I ask myself: how do I get the customer id / kunnr? What do I get at all from the currently logged in user?
It is done on backend with standard customizing, not via OData methods like you intend to do it.
Mikael gave you the rough idea, but didn't finished it so I will give a more comprehensive answer.
We need to differentiate between front-end and back-end authorizations, for Fiori app functioning you need to types of roles/authorizations:
The SAP Fiori roles that define which Fiori apps are displayed to the user
Launchpad authorizations
General OData authorizations
Trusted RFC back-end connectivity authorizations
Back-end authorizations and roles which contain authorizations to display the related business data
This concept is depicted on this figure:
The assignment of the front-end is described here and is out of scope now. Now we are focusing on bullet 2.
Every Fiori app has its role model and one should follow the implementation given in app description. Let's consider how it is done based on Sales Order creation app (F0018) sample:
OData service that returns business-data is SRA017_SALESORDER_CREATE_SRV, so to run it one needs frontend role SAP_SD_BCR_FIELDSALESREP_X1 and backend role SAP_SD_SO_CRE_APP
Also app description give us the following prerequisits:
Before implementing the Create Sales Order app, you must ensure the following:
That an employee master record is created with the following attributes:
If you have implemented SAP ERP HCM and maintained employees in the HCM personnel records, ensure that the employee personnel record has the infotype Communication, with a subtype of System User Name (SY-UNAME) (Infotype 0105, Subtype 0001).
If you have not implemented SAP ERP HCM, implement the Sales and Distribution configuration around Use Sales Employees with HR (Tcode: PULT). This IMG setting copies the appropriate HCM tables from the 000 Client and allows the setup of the employee record with the Infotype Communication and a Subtype of System User Name (SY-UNAME) (Infotype 0105, Subtype 0001).
It associates the USERID of the employee with the personnel number assigned as a partner function sales employee in the customer master.
After implementing the above customer SAP user id will be bound to his employee ID (PERNR), and his employee ID consequently will be bound to partner function in XD02.
And that's not all, what comes next?
THe following order parameters should be maintained in in SIMGH tcode in order customer to see his orders and can create the new ones.
Call transaction SIMGH to open the Create Sales Orders node and configure user information in Customizing activity Define Configuration Parameters using the parameters listed below. For more information, see the documentation available for the Customizing activity.
Document Type (DOCTYPE)
By default, the app uses the standard order document type (technical key TA resp. OR). Changing this to something other than a sales order may significantly impact the functionality of the application.
Order Period (ORDPERIOD)
This defines how many days into the past sales orders are retrieved. The suggested value is 30 days.
Search Period (SEAPERIOD)
This defines how many days into the past a search must look for sales orders that match the search criteria. The suggested value is 90 days.
Ship To Party (SHIP_TO/PARTNER_ROLE)
This defines which partner role in the customer master is used for the ship-to party. The suggested value is WE.
Forwarding Agent (FORWARDING_AGENT/PARTNER_ROLE)
This defines which partner role in the customer master is used for the forwarding agent. The suggested value is SP.
and even that's not all
App description gives the following BADIs to implement in order to enable such linking
Implement the following BAdIs:
Customer Association to Employee
You can use this BAdI to associate employees with specific customers.
Only after all the above steps the customer will be able to order and/or view his sales items.
The moral: always check the app description thoroughly because the role model varies per-app.
Have a look at the standard Fiori applications. For example, in Create Sales Order, there is a BADI provided to implement the relation you are looking for (but for an employee to a customer). In the standard setup, the partner functions of the customer master is used to map what customers are visible to an employee.
Most likely, you have a similar setup already in place if your customers actually have user accounts in your system. If could be as a parameter of the user or as a (custom?) partner role.
http://help.sap.com/saphelp_fiorierpx1_100/helpdata/en/6d/135652f9c21457e10000000a445394/content.htm

Facebook APIs using checkins as an entry to raffle

I've been exploring ways that it might be possible to promote the business of a friend of mine. One of these ways is by encouraging users to check in to his business, the incentive for this being that they go into the draw to win some kind of prize.
I've been trying to find if the code for this already exists but I might be looking in the wrong places. If it doesn't what would be the best way to do it using the graph APIs.
Thanks.
You can use Facebook app to check-in to your page/business.
All page check-ins can be fetched using following request by your code
https://graph.facebook.com/PAGE_ID/checkins?access_token=PAGE_ACCESS_TOKEN
If you want to get only specific time period check-ins use since and until params in query.
You have to parse the json response and store in an array and randomly select the winner.
you can contact the winner using their facebook id and send them a message.
You will have to write the code yourself, but it would essentially work like this:
Get the user to allow access to the "Raffle" application and get their email address and permissions to look at their check-ins. Email is required to contact the winner.
Use a scheduled script (cronjob) to periodically check if the user has checked-in anywhere (in particular, the business you want to promote).
Award a raffle ticket for each unique check-in within a 24 hour period.
Hold a draw between all the users who checked in on that day or week and award the prize to someone randomly.
Pretty simple flow, but complex code.

How do I show information to users belonging to different groups (web) in modx

I have created a website using modx evolution v1.0.2.
The website that I have developed has 12 different types of users (categorized in groups). Each user will be shown a different price depending on the group to which he belongs.
Till now I have been able to fetch the group name of current logged in user (created a snippet for that), but how can I achieve the above mentioned functionality so that each user should be able to see only the price that I have coded according to his group.
For example:
If a user is associated with the 'ocassional' group then he should be shown the price as , say, 50 bucks
and if a user is associated with the 'regular' group then he should be shown the price as, say, 40 bucks
I can easily do this by coding a single snippet for every product's variant, but there are a lot of variants (more than 100 and growing).
I have created a resource(page) for every product and it's variant. Every variant has a price. It is this price that I want to be shown according to the logged in user group membership.
I hope I am able to explain my query clearly.
Please help me do this functionality.
Thanks
I'm not really convinced that modx (as much as i love it) is a great solution for e-commerce sites.
However, the best solution might be to use the database to store the prices of variants per user group and retrieve them yourself using a snippet.