i am kind of new with programming, i need help with designig the RestControllers.
I am trying to design a website Using spring boot, the site supposed to have Guests, Users(registerd), Admin, SuperAdmin.
would it be true to use the GuestController as the main one, and let all of the other controllers such as Admin,User,Superadmins extend the GuestController?
Thanks
a more suitable design is to provide a Controller per section (ie Home, News, Search, Admin): each controller is responsible for a section of the web site.
The various user profiles are then used within the controller if you need to differentiate what users can see and do.
There is less code duplication: there is one screen (Search) with one Controller (SearchController) which serves different user profiles. Adding a user profile is straight-forward and does not involve changing the Search code (maybe only adding some extra security in the backend if the new profile can see less or more than the others).
You could use inheritance to define the User Profile: a Guest user is the base profile, but others (Admin) extend it to provide different behaviour.
Hope it helps.
Related
I just started with Joomla 3.x and I'm writing a component for Joomla v3 which is supposed to create new usergroups for creating 'groups'- the design requirements being:
An organisation may set up a group to offer access to some set of services -including communication but also also other types of services - to their members
(the other services is the reason why I believe the community and forum joomla extensions are not suitable- they mostly focus at fora and social media services, not the services I will implement.)
Other persons/members of the organisation may register to this group, which allow him/her to access these services
ps: it is also possible for person to set up a personal account and get access to the set of services. This person may also join one or more groups at a later stage
How to do code the creating of new usergroups? I noticed a possible suggested solution at How to create custom User Group Programmatically in Joomla 3.x, but I struggle to understand how to use the suggested JTableUsergroup class because of the limited documentation at http://docs.joomla.org/API17:JTableUsergroup(?) Does creating an instance of JTableUsergroup results in the creation of a new customer user group?
Another question: how to add users to a customer usergroup? The only hint I found was at http://api.joomla.org/cms-3/classes/JUserHelper.html - using the method addUserToGroup of class JUserHelper.
Many of the Joomla development concepts are well document but I could not find one for managing custom user groups...
Appreciate your help;-)
First, overall, the best consistent documentation of Joomla APIs is in the docblocks for the classes. Then to be honest what I do a lot of times is to search for where in the core the API is used. There are some great pieces of narrative documentation in the wiki, but on the whole I always start with the docblocks which are very complete. However in this case it's pretty simple.
You need to do something along the lines of
$newrow = JTable::getInstance('Usergroup');
//code to add your data
$newtable->save(); // Shortcut for check, bind, store
However, if I were you I would look carefully at UsersModelGroup because there are a lot of other things that should normally happen in this process such as running the user plugins. So I might include and extend that model (which manages the table class) rather than going to the table class directly. In fact your whole component might even be able to extend almost all of the users component or it might also be possible that you could do what you want with plugins rather than reinventing the whole thing.
In terms of assigning users to groups that is trickier because of some legacy things in the code. I think the setter followed by a $user->save() ($user being a JUser instance) is probably the way to go when adding to groups. What I probably would do is to write a custom JFormField that would manage opt-in groups because the core usergroup field includes everything. You could extend that and exclude the groups that you want to have only managed by admin.
Let me start off again again by saying that I am still new to Grails and Spring Security. I have been doing my best to sift through the documentation and examples and samples. It all has made me a bit confused or overwhelmed.
I am trying to use Spring to manage user access to information. I have a site framed. I want the admin to be able to add people, locations connected to the people and images of the locations. The picture is connected to the person. I want the people that log-in to be able to see their pictures, only.
Is it better or best practice to do this with sec tags or #Secure annotations or a combination? Which is the most secure? I have restricted access using sec:tags. Is there a sec:tag I can use to select the pictures to be displayed?
I think you can look at this in a simpler way. There are basically 3 ways to manage security with the basic plugin install.
#Secured - This allows you to lock down access to an entire Controller and / or individual actions. Think of this as locking down a URL to a specific set of roles. Changes to this level of security will require a redeploy.
Request Map - You get the same benefit as #Secured with the added bonus of being able to modify Controller / action security in a running environment vs having to do a redeploy.
sec tags - These allow you to lock down the rendering of views. For example, to allow an edit button to show up for one role while hiding it for another role. The sec tags are used in combination with the above methods.
That's really basically it. None of the above are more or less secure than the other. What some people seem to confuse is the concept of "my data" and how Spring Security handles that. If, in a Controller, you want a user to be able to access only their "pictures", you should just query for "pictures" based on the authenticated user.
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
def pictures = Picture.findAllByUser(authenticatedUser)
The view then only cares about what pictures you sent to it. Each logged in user will then only see their pictures. If the admin is logged in, and needs to see ALL the pictures, you might do something like this:
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
if (SpringSecurityUtils.ifAllGranted("ROLE_ADMIN")) {
def pictures = Pictures.list()
}
However, I'd probably just have a separate Controller for administrative purposes versus trying to do too much logic in one Controller. Or, move the logic to a Service.
Hope this helps.
I would like to have two types of users, let's say Teacher and Student.
A lot of the content of the app will be shown to both types of users, but "Teacher" users will see some stuff that "Student" users won't be able to see.
The approach I was thinking to take was to have a ROLE_Teacher and a ROLE_Student instead of a ROLE_User, but I am not sure that would be the best practice, plus, I would have to modify every JSP to make the tests when I want to display specific content.
Did someone try to solve the same kind of problem before? Does Spring contains some mechanism to accomplish this already?
I think defining different roles is pretty much the standard way to solve the problem. Spring Security provides support to constrain the content generated by JSPs based on the roles of the currently authenticated user. (The related documentation: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/taglibs.html) And, of course you will have to modify every JSP to serve only the content which is appropriate to the user's role. I don't think there is some kind of magic that would do that job for you. :)
I had thought about decorating various control items with attributes to declare group ownership, but this seems a bit onerous and not very extensible/maintainable (I'd have to subclass the controls and decorate them by hand).
Another policy would be to have a white list of groups a control is visible for persisted away against a form id in a db. A check for the visiblity could then be done in a base class from which all my forms inherit, thereby ensuring my class code wasnt muddied with this "adminsitration"
Just seems a lot better than having to write case/if statements based on role to determine what should be visible to users depending on their privileges, in situ.
This seems a pretty common problem and wondered if there were any good patterns to employ.
Thanks
Consider Drupal for building a web-based application whereby GUI capability is governed by user role. The Drupal (an general open source content management system and web framework) has powerful user management whereby each user can be allocated one or more roles. You could then make use of a role to determine the behaviour of a web form and the availability of certain fields for that role. User's with that role would see certain GUI items, whereas others would not.
Some links to follow as a starting point:
http://www.drupal.org
http://drupal.org/project/webform
I should add that Drupal can do many things and not just this specific problem area. Drupal is a broad ranging framework for builing your own websites on your own hosting.
I don't even know if this is even possible, but I thought I'd ask.
I am creating a small CRUD application but I have multiple sites. Each site would use the CRUD. The application would have common CRUD methods and style, but each individual site would apply different forms. I want to avoid creating multiple CRUD applications that varied only in specific content (just different forms).
I want to have something like this:
mycrud.website1.com
mycrud.website2.com
mycrud.website3.com
I can create a subdomain for each individual site no problem. But is it feasible to point all the subdomains to one MVC application directory? And if it is possible any suggestions for how I might go about restricting users from website1 from seeing website2 or website3 content? Is that something "roles" could take care of (after authenticating user)?
Thanks.
There are a lot of websites that do this, not just with MVC. Some content farms point *.mydomain.com to a single IP and have a wild card mapping in IIS.
From there, your application should look at the URL to determine what it should be doing. Some CMS systems operate in this manner, using the domain as a key to deciding what pages to load.
I've built a private labelable SAS application (Software as a Service) that allows us to host all of our clients in a single application. Some clients have customizations to pages or features. We are able to handle that by creating custom plugins for each client that over-ride the Controllers or Views when needed.
All clients share a common code base and aside from each clients custom theme/template they are the same. Only when a client had us customize one feature did we need to build out their plugin DLL. Now, this is advanced stuff so it would require heavy modifications to your code base but in the end if it's what your application needs it is 100% possible.
First - the easy part is having one web site for all three domains. You can do that simply with DNS entries. No problem. All three domains should point at the same ip.
As far as the content, you could do that in a number of ways. I think your idea of roles is pretty solid. It also leaves open the possible of a given user seeing content from both site1 and site2, if that would ever be necessary.
If you don't want to force users to authenticate, you should look at other options. You could wrap your CRUD logic and data access logic into separate libraries and use them across three different sites in IIS. You could have one site and display content based on the request URL. There's probably a lot of other options too.