Based on Django REST framework: Check user is in group , I have succesfully restricted my custom views to certain groups.
Yet, I need to restrict dj_rest_auth.views.RegisterView to a certain group.
How can I make it?
I thought of trying to set a wrapper class over RegisterView, and link my wrapper class in urls.py, but what methods should I override?
Thank you SO much!
Well, it seems dj-rest-auth is ready for this need:
#settings.py
REST_AUTH_REGISTER_PERMISSION_CLASSES = ("rest_framework.permissions.IsAuthenticated","api.permissions.HasLoginPermission")
Keep in mind there's a bug in dj-rest-auth<1.1.12 that prevents those string to work.
Related
I cannot figure out why ASP.NET Identity does not work with my roles. I created a custom UserStore and a custom RoleStore. In my UserStore I implemented the IUserRoleStore interface, and I expected at least one of those methods to be called when ASP.NET determines if the user should be authorized to call a given endpoint, but none of the methods are getting hit.
I registered the services like this:
builder.Services.AddIdentity<User, ProReceptionRole>();
builder.Services.AddTransient<IUserStore<User>, UserStore>();
builder.Services.AddTransient<IRoleStore<ProReceptionRole>, RoleStore>();
I also tried registering the services using this variant (with and without the AddRoles part - and with different ordering of the extension methods):
builder.Services.AddIdentity<User, ProReceptionRole>()
.AddUserStore<UserStore>()
.AddRoleStore<RoleStore>()
.AddRoles<ProReceptionRole>();
When I add the [Authorize(Roles = "MyRole")] attribute to my controller class, then I get 403 Forbidden, even for users that have the given role.
I read through the documentation but I can't spot my problem. The only part that I am unsure about is that it says If you are using Roles, update the RoleManager to use your RoleStore class. - and I am assuming that this is done when I register my RoleStore, but maybe I have to do something extra?
Any pointers are greatly appreciated.
Thanks!
My project is structured like this.
As you can see there are three resources(posts, users, comments) defined.
So you cannot perform CRUD operations on any other resource. I am not using any custom clients (using aor-loopback rest client)
I would like to dynamically add new resources to the store so that I can access those tables/models/resources for CRUD. I know its possible (but don't know how), because we can update the store on the fly. Any help is appreciated.
I found the solution my problem. Sharing it for anyone who encounters the same.
import { DECLARE_RESOURCES } from 'admin-on-rest';
and use this action to re-initialise all the resources with an additional one.
Cheers.
Where would be the best place to be able to enable/disable a filter for the entire session of the user, conditionally based on a permission?
For example I have a "CanSeeDeletedItems" permission, only for admins, and I want to apply that to everything, Ie, disable the SoftDelete filter when a request comes from a user with this permission.
I first thought to try and include this in modelBuilder, but quickly realized I cannot access the Service layer from the DAL.
So my thoughts would be to add some code to the Initializer of UOW somehow, but I am not sure how to do this, I was hoping it was a case already considered but not written into the documentation.
I'm looking to do something like this:
if (IsGranted("PermissionName"))
CurrentUnitOfWorkProvider.Current.DisableFilter(AbpDataFilters.SoftDelete);`
For user based disabling filter can be achieved with Interceptors.
So what you need to do is; Write a custom interceptor for Application Services.
This interceptor must disable/enable filter for the current execution
https://aspnetboilerplate.com/Pages/Documents/Articles/Aspect-Oriented-Programming-using-Interceptors/index.html#ArticleCreateInterceptor
To disable AspNet Boilerplate filter using in code block
using (_unitOfWorkManager.Current.DisableFilter(AbpDataFilters.SoftDelete))
{
var people2 = _personRepository.GetAllList();
}
https://aspnetboilerplate.com/Pages/Documents/Data-Filters#disable-filters
To disable AspNet Boilerplate filter globally
Configuration.UnitOfWork.OverrideFilter(AbpDataFilters.SoftDelete, false);
https://aspnetboilerplate.com/Pages/Documents/Data-Filters#disable-filters-globally
I'm trying to build my Parse iOS project in a way that'll be more easy to migrate later on for the client should he desire it.
To that end, I'm trying to use the REST API instead of relying on PFUser and PFObjects.
But I love the PFLoginViewController-- it's such a time saver. Is there a way I can use that pre-built login/sign-up flow with the REST API instead of PFUser?
I don't think that u could use it without PFUser but u could create similar to that and time will be consumed.
Still One thing might work out, check this link and I hope you have already but this will show how to integrate the PFLoginViewcontroller so in that they have logInView which will provide you access to all component like loginButton, usernameTextField, passTextField and etc. So you could access to these component your own explicit component.
Like, you could create your own UIButton(namely, logInBtn with action selector and all) then access it to logInView.LogInButton = logInBtn(your own button) and in this button's action you could make Rest api calls for login, and similarly for other component which needs to be modified for your requirement.
I'm still working on my first Grails application. This time, my problem is to limit access to some actions for particular users.
Assume users add some object, e.g. books. I would like to give access to edit a book only to admin and the user that added the book. I'm currently using Acegi plugin. I know there is newer version of that plugin, but I'm not sure if it changes anything in my problem.
The second thing is some kind similar. I have a sidebar and there is "Hello ${currentUser.username}. currentUser is a method that returns an instance of currently logged user. But the problem is that I don't have any idea where can I put this message to be able to use it everywhere. Should I put it in some service and include it everywhere? I tried to create an ApplicationController that is extended by all other controllers, but that doesn't seem to work. Have you got any ideas?
Thanks!
Grzegorz
You should use the newer Spring Security Core plugin since it has an ACL add-on plugin that does exactly what you're looking for. See http://grails.org/plugin/spring-security-acl for details.
For the second question, there's a taglib for that. In the Acegi plugin use this:
Hello <g:loggedInUserInfo field="username"/>
(see http://www.grails.org/AcegiSecurity+Plugin+-+Artifacts) and in the Spring Security Core plugin use this:
Hello <sec:username/>
(see the "Security Tags" section of http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/)
For ROLE access you'll just need to specify that a particular ROLE for a particular URL has access to that action. That is if you are using the plugin's RequestMap approach. If you're using the annotation approach, just annotate the action in the controller with:
#Secured(['WHATEVER_ROLE'])
As far as only allowing the user who created the book to edit it, you can pull the user domain out of the authentication with authenticateService.userDomain(), then you can compare that user with the user who created the book (assuming you have some sort of createdBy property on your Book domain.
def loggedInUser = authenticateService.userDomain()
if (book.createdBy.equals(loggedInUser)) {
// allow editing
}
Something like that, anyway.