I have a multi-tenant wagtail set up and we are currently working on getting up to date. We've just recently upgraded to v2.15 which introduced audit logging for all models instead of just page models.
AFAICT from looking through the wagtail code, the changes for a page model are only visible to superusers or admins with can_add_subpage or can_edit permissions which seems to effectively support multi-tenancy.
However, for all the other models there is no limitation put into effect. This means that an admin for Site A is seeing when changes are made to Site B or anytime a user is added or edited. We are using email addresses as usernames so this presents a rather major privacy issue.
This method hasn't been updated in any newer version, AFAICT, so I don't believe that just upgrading will fix this.
Does anyone have any ideas on either any wagtail settings we can change to keep Site and user changes invisible to non superusers or how we might localize BaseLogEntryManager.viewable_by_user so we can override the default wagtail implementation to our needs?
We have previously done something somewhat similar with the search available to admins by creating our own src/app/templates/wagtailadmin/pages/search.html and creating our own local version of https://github.com/wagtail/wagtail/blob/stable/2.13.x/wagtail/admin/views/pages/search.py
I had thought about trying to do something similar here however that doesn't seem like a good thing to do given how different those circumstances are and I think it was only possible using the register_admin_search_area hook.
I run a fairly large multitenanted Wagtail site. I have made public gist of the code we use in Wagtail 2.16 to restrict reports.
One of the main things we had to patch is the filters on the reports page. We do not want users on one site to even know there are other users in the system. This is implemented in the site_specific_get_users_for_filter method.
Although our non-page models all have site_ids, it was not possible to filter ModelLogEntries in site, so we settled for hiding that report from everyone except superusers.
Related
Currently, I have a Sentry.io account and push errors to the dashboard interface.
I was wondering if the following is possible:
Take the pages on the existing Sentry.io dashboard
Embed some of the panels and pages in a page on a custom website
Errors and interface would appear the same way on the custom website
Can interact with the interface and errors in the same way in terms of viewing sub-tabs and sub-pages
I'm primarily interested in the:
Projects tab and navigate to subtabs like Project Details and individual errors
Issues tab and the ability to search and view errors
Thank you.
Just came across Sentry a few weeks ago. According to the API documentation, it states the ability to GET, PUT/POST, and DELETE data even from Projects. So I think your API will allow you to push alerts to your site and if the site is interactive, you should be able to make changes( e.g. resolve issues) and it will also reflect on Sentry.
Keep in mind that the data coming from the API is unstructured, you might need to streamline what you want to show on your site depending on how your site is designed.
I am not sure if I am able to help in some way. I am also open to learning if you are able to discover how to do it or if I am wrong.
I want to get all of my users to see announcements. As you already know, we can't force everyone to use a dashboard that would have the announcements located in it as outlined here: https://www.powerobjects.com/blog/2011/11/22/adding-announcements-to-the-dashboard-in-crm-2011/. I could add this component to the most frequently-used dashboards, but I'm not going to get complete compliance. Too many people use user-defined dashboards and views. Further, not all of our users use email or other correspondence consistently, so my channels of communication for updates to the system are limited. My best bet was to create a popup upon login containing announcements, akin to the "pending email" warning, which would appear upon login regardless of any other conditions:
I've dug around to try and see where that warning comes from, in hopes of reverse engineering it to build a new component... but I just couldn't figure it out. I've seen options on how to disable or circumvent it, which naturally is the opposite of what I'm trying to do.
Is something like this possible?
Unfortunately this is a missing most wanted piece/feature even today in latest 365 versions.
We are using Web resources in global dashboards to socialize such thing, as announcements are deprecated. We cannot circumvent personal dashboards as default scenario.
We are planning to explore Learning path for this requirement, but that’s not applicable for your version.
This question has been bugging me for quite some time now, I want to create a cms, a School Mnagement System to be more specific, and what matters to me the most, is making this system plugin based, in a way that administrators can download and install plugins right through their admin panel, just like wordpress.
Now I've read about wordpress Hooks, Actions and Filters, and in all honesty i can say i'm just a little familiar with their functionality, but to apply same functionality to a Laravel App... , It's a bit hard to figure out, at least for me.
I've also searched about this question and found out that almost everyone is suggesting packages, But while packages can work great for other developers wanting to get use of the package's functionality, they can't be easily installed by a user not familiar with any programming language, And that's exactly what i want in my application.
Now what i have in my mind so far, as in Wordpress Actions and Filters, almost everything one would want to use in Wordpress theme files ( to make that piece of code flexible for adding plugin functionality ) should be called as functions, and calling that function by Wordpress do_action() is kind of a must-take path, which of course makes sense.
This way plugin developers can just call add_action() / add_filter() in their files and put their plugins into the flow of the application.
So...
Basically what I'm asking here is:
How to apply such functionality to a laravel app?
Is there an easier way than calling everything by a function like do_action()?
Should i write some kind of a file management module for downloading and updating plugins?
Again I must say that I am not very familiar with wordpress ways to achieve this kind of functionality, So I may be wrong about some of the description I mentioned above, But please, I appreciate any clarification around this subject if you can.
Thanks in advance for any insight.
*P.S. I've tried to be as clear as I possibly can about the problem, And I'm not looking for any specific method for the system I`m developing.
What i want is to know Common / Best methods ( If there is a best method ) for achieving such functionality, preferably in Laravel, but a general algorithm would still be very appreciated.
I know lots of people have the same question and are tackling with the same issue, so if you even only provide a link to a useful article it would be great.*
I have been working as a Wordpress Developer for a very long time and I also have sufficient experience in Laravel... and to be honest, making this kind of functionality is not that difficult at all.
How?
First of all, you must understand that the web app that you will be making will have all the functionalities, but they can only be enabled/disabled from the front-end (Admin Panel/Dashboard). In other words, your School Management System app is actually having all the features/functionalities pre-installed, but you are just allowing the users to enable/disable it. This is much simpler.
So, if for eg. you want to provide someone attendance management functionality, you will have to give the admin of the site, the access to enable/disable it.
Why?
Wordpress has a built-in UI for adding/updating plugins. But in Laravel, everything is code based and therefore this I believe is the simplest way to go (especially for making things in your app pluggable).
Steps
Make a site with UI etc...
Create a config and migration file which will have the names of all the plugins you are going to allow the user to enable/disable.
Make a sync command that will sync all the plugins in your app.
Use it render a page from the front-end and manage their status from the back-end (is_active etc etc...)
Now once, these plugins are active, make sure the user (say moderator, editor) has access to manage them, for which you will obviously have to create roles/permissions and use Laravel Policies for such stuff.
Lastly, only the admin will have the enabling/disabling writes and no one else.
For the other part where you want the people to perform their own functions with filters/actions. I'd say this is completely contradictory to the part where you say Installing Laravel Packages isn't easy. Well, if you would really want a developer a way into this, why not straight away ask them to make a package for your app alone? Hmmmm.... Think about it :)
But, even then, if you would like to create such a functionality, create a simple class which the user can call and user its functions to call their own functions... Something like -> SMSPlugin::do_action(). But then again, making things like updating/deleting the plugin will require you to build your own Plugin Store and ask users to upload to it. Then you'll have to make an API to constantly check for updates for all the installed plugins and blah blah.... It's a really long procedure... And I don't believe that feasible too!
Hope I answered everything. Let me know in the comments if you have any doubts :)
I know it was 2 years ago, but for now you can achieve this with laravel with some packages:
So i think the steps will be:
Create new Laravel App and add some packages for BASIC admin UI and things you will need like:
Authentication (https://laravel.com/docs/5.7/authentication)
Roles and Permissions (https://github.com/spatie/laravel-permission)
Users managment
Modules (https://nwidart.com/laravel-modules/v4/introduction)
At this point you must configure and write a UI for manage every thing from every package mentioned.
So i think this is the way or at least some try to do it in 2019 :D
Happy new year to all!
There's a package for this, it supports version 5, didn't test yet with 6:
https://github.com/oneso/laravel-plugins
I need to be able to serve different versions of my whole site per client. Certainly beta vs production but it would be nice to serve one or two prior production versions. Client customization is encouraged and I don't wish to force all clients to follow the (anticipated) pace of development.
Which version to serve is stored in the db.
From what Ive read so far a custom view engine may be the most straightforward way to accomplish this but before heading down this road I would welcome any advice and comment.
Thanks for insight!
Eric
EDIT: It isn't just the views that are different; controllers, master pages, images, CSS...
If the rules regarding which version is displayed to which user, I'm guessing they need to authenticate first. If that's the case you'll have opportunity to set a cookie on the user.
I would probably set a cookie on authentication that determines which version to show the user and then use a URL Rewriter like IIRF to direct requests with that cookie set to the beta version of the site.
Has the added benefit of users being able to opt back to the production site if they have issues with the beta.
I went down the view engine route How do I implement a custom RazorViewEngine to find views in non-standard locations?
Basically it's pretty stright forward, we have the same controllers models, etc. All the code is shared. The rendering of the views though is based on a "brand". So the view engine is clever enough to say if I'm brand A then the view will live in {standard view location}/brand/viewname.
It's hierachical though so if the view is in the branded folder it uses that one, else it falls back to the default location. It's basically an extension of the standard model used by MVC to find the location of the view source.
I'm looking to build an integrated login and user management system between Joomla and eGroupware, ideally with Joomla as the driver. That is, users would log in to Joomla and have their credentials passed into eGroupware as well, so that they could follow a link over to eGW and not have to log in again. Also administrators could add new users to Joomla (or update existing user info) and have those changes reflected in eGW as well.
I tried out this component but all I could get it to do was to synchronize passwords between existing users of both systems (matching on their usernames). Documentation is in Portuguese so I might have missed something in translation. Also I've checked out JFusion but it as yet has nothing available for a bridge to eGW.
Any general advice on how to proceed is greatly appreciated. I have some Joomla experience but not much at writing extensions/modules; would it be easier for me to try to adapt JFusion or something like that or to write something myself?
The best approach would be to write two Joomla plugins: one of the authentication type that will create the session in eGW when someone logs into Joomla, then one of the user type that will respond to the onAfterStoreUser event and update the profile in eGW. This way, you won't be hacking either Joomla or eGW. There's a tutorial on creating authentication plugins for Joomla here: http://docs.joomla.org/Tutorial:Creating_an_Authentication_Plugin_for_Joomla_1.5 Creating a user plugin will be a similar process, only you'll be responding to the onAfterStoreUser event.