We have implemented custom roleprovider. This provide us to restricts access to parts of our site using roles. Now we have situation when two users have role Administrator. But one user1 can add comments, and user2 can not add comments(user1 and user2 have role Administrator).
What the best way to solve this problem?
Can we add roles like it Administrator.AddComment and put it in controller action?
How about using a Commentors role:
[HttpPost]
[Authorize(Roles = "Commentors")]
public ActionResult Create(Comment comment)
{
...
}
Add a 'SuperUser' role. The purpose of the roles are to group common access/privileges. I think you need to add a new role.
Related
I'm relatively new to Microsoft solutions and I need your guidance. I'm quite certain the answer exist somewhere, but I lack key words for my searches.
My stack is as follows: .NET Core 6, Entity Framework, Azure AD.
Ideally, I wouldn't need to store user's information in my DB. Everything should come from Azure AD. Authentication is already working, and I'm able to retrieve my current user in my controllers and services.
My goal is to add some relationships between my Azure AD users and some of my entities.
For example, let's say I'm doing a collaborative Todo list and I want my users to be able to cancel tasks. So I have an entity named Task, and in it, a column named CanceledBy.
On cancellation, in my TaskService, I want to do something like that:
var task = dbContext.tasks.find(taskId);
task.CancelledBy = User;
"User" is the current user. In a perfect world, it works like that, out of the box. Behind the magic, the user OID would be stored, and the user would be automatically resolved through GraphAPI (or something else?) when needed.
I'm guessing there may be a type that could help me in my entity Task? Like:
public class Task
{
...
AzureADUser CancelledBy {get;set;}
}
And some configuration to add to my Startup.cs.
Or am I completely wrong? Am I doomed to implement myself a service to retrieve my users through GraphAPI with their OID?
In that case my Task would look more like
public class Task
{
...
string? CancelledByOID {get;set;}
[NotMapped]
User? CancelledBy {get;set;}
}
And I'd have to map my users manually in my services every time I need them?
I'm simply looking for direction here. What are key words I could use to help my search? I tried stuff like "Relathionship with Azure AD User in Entity Framework", or "GraphAPI and Entity Framework" without success.
Thank you!
EDIT : After more searches, I think I want to do LinQ on OData connected to Entity Framework and Graph API. I hope it makes sense.
How do I assign a specific role from drupal core(D7) upon automatic registration with Simple FB Connect? I currently am using auto role assign and have a custom registration for 2 roles, One is a basic role with limited permissions and the other an advanced role with more edit/creation permissions. My problem is that the simple FB connect link works great but is registering people for the wrong roles. How can I choose the role that is being assigned based on the url?
Maybe something in template.php that would allow the following url to be placed on my facebook buttons?
/user/simple-fb-connect?registration=1&role=my_custom_role
YOu can use use hook_user_insert and check for the url and assign desired role,
function module_name_user_insert(&$edit, $account, $category)
{
if($_SERVER['REQUEST_URI'] =="url")
{
//add code to assign desired role;
//assuming rid of custom role is 1
$account->roles[1]='custom_role';
}
}
I encourage you to take a look at the rules module: https://www.drupal.org/project/rules/
This module allows you to create automated tasks based on events. What you want to do is:
Download and enable rules module: https://www.drupal.org/project/rules/
You'll need to enable rules UI as well
Go to rules configuration: example.com/admin/config/workflow/rules
Create a new rule
The rule event should be something like: "User registers a new account connected to Facebook"
The rule action should be something like: "Assign role to user"
Interface should be pretty straight forward.
Here's some additional resources:
Rules Handbook
https://www.drupal.org/documentation/modules/rules
I'm absolutely new of Symfony, and I'm trying to implement a registration form that works only with invitation
but that can redirect two different forms for two different roles.
In practice if I send an invitation for an USER_TYPE1 role the client can only register like USER_TYPE1, if I send an invitation for an USER_TYPE2 the client can only register like USER_TYPE2 (and, of course, assigns the corrispondent role).
Is it possible?
thank you in advance for your help
UPDATE:
I want two different form because one user will be allowed to update file, but will also have to set his position and other important settings. The second user will only allow to download the files uploaded by the first kind of user, and his profile needs completely different information.
I do not have enough reputation to ask for details, but one thing that is not clear in your question is: why do you need 2 different forms? In your question, you mention 2 different roles, but why do you need 2 different forms? If you really need 2 different forms, then you should first:
- create a new form type
- create a new view (twig)
Like Boris suggested, I would keep some kind of token for every invitation sent, and associate an email address, and a role to it. Then modify your registration route so you can pass a token in there, like this:
register:
pattern: /signup/{token}
defaults: { _controller: MyBundle:Registration:signup }
In the registration action of your controller, you created the correct form type and display the appropriate twig, depending on the ROLE associated to the token you just got. And when handling a POST, you check the Token again to see if it matches the email address, and assign the proper ROLE when creating the User.
public function signupAction($token) {
// 1. Get the Token entity matching the $token variable
// 2. Create the correct form type
// 3. Display the correct twig for GET, assign correct ROLE to new User for POST
}
But you can't use FOSUserBundle as-is. You will have to overwrite the registration process. You can read the FOSUserBundle documentation about that.
What's certain is that, for every invitation you send, you should keep a token with a matching email address and ROLE (the role you want to give to that person).
I want to create new course by teacher in moodle. Now only admin can create new course and upload file in my moodle.I define admin,teacher,student in my moodle.To upload file by teacher .I want to know where i change permission, teacher can upload file and create new course. pls
Teachers don't have permission to create courses.
There are three things you can do
Make the teachers that you want to allow creating courses Course Creators
(See http://docs.moodle.org/22/en/Course_creator_role) this is what I do btw.
You can modify the default permissions for teachers to allow them to also create courses (See default permissions)
You can duplicate the standard role 'teacher' and create a new role called 'teacher+' or something and give that role permission to create courses.
Option 1 is by far the easiest :)
To override the default teacher's permission check moodle doc -
http://docs.moodle.org/23/en/Permissions#Course_and_activity_permissions
To create course and upload file following capabilities are responsible so you need to allow these capabilities for teacher -
http://docs.moodle.org/23/en/Capabilities/moodle/course:create
http://docs.moodle.org/23/en/Capabilities/moodle/course:managefiles
Background: Completely new to MVC2. Has C# experience, but limited web experience.
I need more fine grained access than simply assigning a Role to a user. The user may have the role at 0+ points in a tree.
/
/Europe
/England
/France
/USA
For example, a user might be moderator of all forums under "Europe" and have access to posting news in France.
The two example controllers have actions as these:
ForumController:
public ActionResult DeletePost(int id) { ... }
NewsController:
[HttpPost]
public ActionResult Post(int treeID, ...) { ... }
How should I approach this? From what I gather Membership+RoleProvider cannot do this level of fine-grained control.
Previously I have written custom user/role/auth system which supported all this, but it was incompatible with "the standard" controls such as LoginView.
The goal would be to have roles allowing access like so:
NewsAdmin
Add news
Edit news
Delete news
NewsPoster
Add news
Therefore, the Post action of News controler should check: Does user have "Add news"-access where he is trying to post?
I would really like to somehow specify this using attributes, so the actual action code could be cleaner and just assume that the caller has appropirate access.
Hope the question makes sense, and I can get some pointers on where to read.
(Oh, and I'm sure this question has been answered in some variant before. I just can't seem to find it. I won't mind single-link replies, if you feel they might be helpful to read)
I think you're being too quick to dismiss the role provider. If a user had a role called NewsAdmin_Europe_AddNews that would pretty much answer the question, wouldn't it?
Once you've made your authentication scheme work with the role provider, you need to tie that into MVC. Subtype AuthorizeAttribute and override AuthorizeCore. Warning: Your code here must be thread-safe and re-entrant. Call base.AuthorizeCore and then test for the specific role based on the URI/query (you won't get route values since this can be served from cache, bypassing MVC altogether).
This is some work, but will be more secure in the end than trying to reinvent membership.