I'm using spatie/laravel-permission as ACL system in my project. it's good.
I'm adding payment/accounting/invoice to my project and in this level there is another ACL needed on users works.
for example user A have a feature F1 as our service. until 1 month he/she can use all sections in F1. after that some features in F1 limited until new invoice payed with user.
so in my controller an Edit method I use authorizeForUser just in user ACL level. now I should add another ACL in F model like authorizeForF(F1->id)?!
and another problem is that this is very complicated and if I forgot to add this, I missed some money!!
I have a solution:
seed in a table save all Uri,methods (with foreach on Route::getRoutes()) as a unic row and assign a score for each of them (default 0). in a route middllware, analyze every request uri and compare it with score.(for example uri is /profile/advaence and administrator assign score 2 for that)
if the uri have more than zero score, user's accountant will checked to continue or redirect to payment if needed.
this give the administrator of website abbility to assign each uri score and developer has no Responsibility about that.
just I'm worry about uri. because administrors usually don't undrestand them easyly. so, I need another seed for some uri to explain as title.
is it good?
Related
My bot asks: 'how do you (i.e. customer) want to pay for this product?'
Customer says: 'part in cash and the difference in 48x'
What the customer is saying above is that he wants to pay in cash and use financing. And that financing should consider 48 installments.
Entities:
paymentType: {cash, financed} ; Financed includes 48x as a synonym
numInstallments: {12x, 24x, 36x, 48x} ; 48x is the number of installments desired
Using the GUI only, how to do this:
IF user says '48x' THEN simultaneously add 'financed' to the paymentType list AND set numInstallments equal to '48x' ?
Apparently the GUI doesn't allow me to do that unless I'm doing something wrong (see below the screen which allows a parameter to be mapped to an entity and notice that this dropdown apparently allows selection of a single entity and not two, which is what I need).
How to solve this problem in an easy way through the GUI?
I don't know if what you have in mind is actually feasible in this case.
What you could do is keep the intent and entities as-is and then create several conditions in the page where you fill this parameters or another page (i think this is preferred).
In that page you can put different routes where your conditions are true that modify your parameters as you wish.
For example, after asking the user how they'd like to pay, you can have a route going to a "Set parameters" page which has several routes:
First route has a condition $session.params.numeroDeParcelas != null (you know the user has asked a specific number of installments, so handle the case by setting the parameters you need in this route (under parameters in the route write paymentType : "financed")
Second route has another condition, for example $session.params.numeroDeParcelas = null (you know the user hasn't asked for financing, so set the same parameter as before to "cash")
and so on, until you've exhausted your user cases (all payment methods, possibly all types of financing).
Pay attention: the routes are always evaluated in order so make sure to keep this in mind while writing/ordering them: be specific to avoid fulfilling the wrong one by mistake (e.g. by creating compound conditions, chaining parameter checks as in $session.params.numeroDeParcelas = null AND $session.params. numInstallments = "36x"
I have a User model, for login and registration, its email field is used (everything vanilla from the devise gem).
I want (other) users to be able to e.g. add Users to a team, with the email-address as the identifier.
That is fine when the User is already existing (pseudo #team.users.add(User.find_by(email: other_users_email))) but I am unsure how to handle situations where the user does not yet exist (did not [yet] register).
When a (new) User sets up a new account, for the example above after successfull registration current_user.teams should show up correctly.
I do not want to force these potentially new users to use the system (e.g. using devise_invitable) and bother them with an email.
I followed the path of creating the User when a user with the given email does not yet exist, but then when the user actually tries to setup an account, it fails (email not unique).
Alternatively, I could remodel the TeamMember-part and let it optionally either store an email-adress or the reference to an existing User. Then what I would need is to check for "open" TeamMembers directly after User-Account-creation (so, TeamMembers with the given email). I could also do this on each requst, but that looks too expensive to me. There might be race conditions, but I could live with that (and check for the every-now-in-a-millenia-gap with a cron-job).
Any pointers? I am sure this is not that unusual.
I'd do this:
When a user A adds user B to a team by email, create the object for that user B, but set a flag, something like auto_created_and_inactive: true
When user B signs up on the site, you just have to handle this in your users#create: first, try to find an auto-created record and update it (set a password or whatever; also reset the flag). Or otherwise proceed with the usual route of creating a new record.
I have to admit that I did not yet tried #sergio-tulentsevs approach (implement RegistrationController#create). But to complete what I sketched in my question:
User model can define an after_confirmation method, which is called after ... confirmation! So, if I store every information about a potential user with a reference to his/her email-adress, once he/she registered I can query this information and e.g. complete Team-Memberships.
# app/models/user.rb
def after_confirmation
# (pseudo-code, did not try)
self.teams < TeamMembership.open.where(email: self.email)
end
How could we alert a magento site admin about each abandoned cart immediately after it is abandoned?
Is it a default feature in Magento EE?
No it is not a default feature in Magento EE.
You ask how a site admin could be alerted of an event that is somewhat of a grey area.
Assuming that an abandon cart is defined by the following criteria (which in fact is not the definition but may be applicable to you)
A registered user (ignore guest users for sake of sanity here) has products in cart.
This user does not complete the checkout and leaves the store-front
A period of time goes by (eg 1 day) with no adjustments on the cart items
Assuming this situation is your abandoned cart scenario i could suggest the following :
1.) I would use the Magento Quote Object (this is the object that is converted to an order after a successful checkout.)
looking at the quote object there already seems like there are enough fields to be able to monitor when the quote was created, when it was updated, when it was converted and whether it was converted or not. If the object does not contain the data fields you need there is no reason why you could not extend it. See a sample snapshot :
My (naive) suggestion would be to set up a scheduled job, to run at the same frequency at which you define your "abandoned cart" scenairio (or any frequency for that matter).
The job could do something like the following :
1.) Instantiate a collection of quotes.
2.) Filter out quote's that have been converted
3.) Filter out quote's that have been created recently (less than the critria above)
4.) Filter out quote's that have been modified within the same time-frame criteria
at this point you should have a list of all quote's that have been created, perhaps been updated but not converted for the last 24hours (depending on your criteria of course).
If you get to this point, well then the rest is straight forward.
Extract the information you need from the quotes (id's names, numbers, emails etc), compile your report and email to the administrator.
it the best idea i can think of for now! i have not done this in practice...
Ofcourse you can set-up funnels and goals with Google Analytic to give you extensive information on your customers, including abandoned carts, but that doesn't answer your question.
I am making a site for a client and decided i would use code igniter.
The site essentially has two backends, one for designers, and one for a sales team. So after logging in, the user will be redirected to either
mysite.com/sales/
mysite.com/design/
The sales team for example can view orders, containers, products, therefore i need a controller for each of these.
mysite.com/sales/orders/
The sales need to be able to view, edit, delete certain orders...
mysite.com/sales/orders/vieworder/235433
Basically my problem is i dont have enough url segments to play with.
My thoughts on solving my problem
removing the orders, containers, products classes and making ALL of their methods as methods of the sales class, although this would mean a large number of methods and loading all models so it seemed kind of pointless.
removing the sales/designer classes and controlling what each kind of user has access to based on a user type stored in session data.
a way of having an extra url segment?
I appreciate any advice, I just dont want to get 3 weeks into the project and realise i started wrong from the beginning!
Use folders.
If you make a subfolder in /application/ called sales you can put different controllers in there:
/application/
/sales/
orders.php /* Controller */
/design/
Then in orders.php you will put your vieworders($id) method and so on, and you will be able to acces it with domain.com/sales/orders/vieworders/id.
You can also make subfolders in the /models/ and /views/ to organize your files.
Now, Access Control is something apart and it depends more in the auth system you are using.
Give the user/designer a privilege, a column in the user table for example, check the permission of the user at the beginning of the function, then prevent or execute it.
This would be the exact way i would do it.
Seems like you should have a look into the routing class. Might be a dirty solution but rerouting the sales/(:any) to something like sales_$1 would mean you'd make controllers with names like sales_orders.
Same for the design part.
(FYI: $routing['sales/(:any)'] = 'sales_$1'; should do the trick; see application/config/routing.php).
To be short, It's a website for an investigations lab.
I need to display specific content (lab report) to specific user. Users will be given a username and a password when leaving and will be asked to login on the website to access his/her report with the credentials given to him.
So , it's a "specific content" for "specific user" - Moving to 1.6 is not an option.
I have a solution in mind but involve a lot of core hacking and will take some time ... If any one been in a similar situation or have an idea in mind I would appreciate your help.
Ok, this can be done but it's going to take a little trickery to get there. First, you are going to need a way to post the lab reports and associate them with a user. I would use K2 for this since you can add the report as an attachment to an item. You can also add extra fields to K2, which would be the next step. You'll need an extra field where you can enter a user ID number that you will use to determine if a user is allowed to view the content.
There are several steps you will need to take to now filter the content so only the associated user can see it.
You will need to get the user ID once the user is logged in:
$user =& JFactory::getUser();
$usr_id = $user->get('id');
You'll need a menu item that links to a K2 Category where all the lab reports go.
You'll need a subtemplate with a modified category_item.php for that category that only displays the associate reports:
if($this->item->extra_fields[USER_ID_EXTRA_FIELD_NAME]==$usr_id){
all the category item stuff
}
You'll need a subtemplate with a modified item.php for the category that again blocks users other than the associated user, basically the same code as #3 to either display the content or an error message.
The only other way I can think of that you can accomplish this would be to use an ACL component with a group for each user.
The K2 method with subtemplates would not require any core hacks and will work with a little work.
You can achieve what you want with Flexicontent http://www.flexicontent.org/ and Flexiaccess
Flexicontent is a K2 type component and I use them interchangeably. With Flexiaccess you can create items that are only available to certain users.
No hacks required.
Bad News: That cant be done with standard Joomla 1.5 (without hacking)
Good News: You can use one of the free or commercial Extensions for Joomla to accomplish that. I would suggest for example:
Admin-User-Access
http://extensions.joomla.org/extensions/access-a-security/backend-a-full-access-control/9040
Or you can search for yourself:
http://extensions.joomla.org/extensions/access-a-security/backend-a-full-access-control