I want to build an attendance management system using MEAN stack. The application should work like this -
There will be an admin who will control CRUD operations on User and as well as look into the Attendance of each user and have a detailed list of average attendance of the user per month and per year.
There will be a user page and when the user logs in i want to store the date and time in the client side and then send it to the database. So that based on the time and date the admin can see when the user has logged in and mark the user as present for that particular day.
I want to know how to store the date and time in the client side and then pass it onto the database for calculations. Also wanted to know that is it necessary to authenticate in the front end as well?
May be I am late, but I can try to answer your query.
You can store date and time as an object and pass it via request parameters to the backend to store it in the database.
You can take a look a the following on how to get date and time in Javascript How do I get the time of day in javascript/Node.js?
Related
We specify the "date" in the userUsageReport as shown in the reference below.
https://developers.google.com/admin-sdk/reports/reference/rest/v1/userUsageReport/get
It is written as follows on the reference, but I'm not sure what it means.
"We recommend you use your account's time zone for this."
I'm curious about the relationship between the specified date and the timezone.
Will it behave like one of the following? Does anyone know?
A. Data is acquired according to the time zone of the user account used for authentication when executing the API.
B. Data is retrieved according to the time zone of each user account specified in the API "userKey or all"
C. Data is retrieved according to uniform UTC or a specific time zone
I believe option 'A' on your question is the correct one based on this article where it states:
Date and time of the event (displayed in your browser's default time
zone)
Every date/time that is logged into the user reports of the Admin Console will be automatically translated into your local time (e.g, the date and time shown in the 'Date' column of the results in the Admin console UI is the local time of the admin generating the report.)
I am building the inventory service, all tables keep track the owner of each record in column createdBy which store the user id.
The problem is this service does not hold the user info, so it cannot map the id to username which is required for FE to display data.
Calling user service to map the username and userid for each request does not make sense in term of decouple and performance. Because 1 request can ask for maximum 100 records. If I store the username instead of ID, there will be problem when user change their username.
Is there any better way or pattern to solve this problem?
I'd extend the info with the data needed with from the user service.
User name is a slow changing dimension so for most of the time the data is correct (i.e. "safe to cache")
Now we get to what to do when user info changes - this is, of course, a business decision. In some places it makes sense to keep the original info (for example what happens when the user is deleted - do we still want to keep the original user name (and whatever other info) that created the item). If this is not the case, you can use several strategies - you can have a daily (or whatever period) job to go and refresh the users info from the user service for all users used in the inventory, you can publish a daily summary of changes from the user service and have the inventory subscribe to that, you can publish changes as they happen and subscribe to that etc. - depending on the requirement for freshness. The technology to use depends on the strategy..
In my option what you have done so far is correct. Inventory related data should be Inventory Services' responsibility just like user related data should be User Services'.
It is FE's responsibility to fetch the relevant user details from User Service that are required to populate the UI (Remember, call backend for each user is not acceptable at all. Bulk search is more suitable).
What you can do is when you fetch inventory data from Inventory Service, you can publish a message to User Service to notify that "inventory related data was fetched for these users. So there is a possibility to fetch user related data for these users. Therefore you better cache them."
PS - I'm not an expert in microservices architecture. Please add any counter arguments if you have any.*
i have created a booking system which synchronizes with Google Calendar every 5 minutes and also truncates and old data and fetches new one from calendar, this process takes about 2-3 seconds.
What i want to do is, when the event to fetch data from Google Calendar fires, i want to disable access to the route of the booking system for these 2-3 seconds then enable it again when the event ends, i want to do this because it truncates the old data and fetches new one, so if a person is looking at the booking system this 2-3 seconds all the book schedule times will be free and i don't want this to happen.
Is this kind of thing possible?
Thanks and regards!
Well, my suggestion is to create a new field in your users table something like : is_google_sync_active and route middleware.
Then just before you will start sync. you change that field to true and in your new middleware you may check whether your sync. is active or not, then when your sync. ends you just change the value of field again to false. So, every time when user tries to pass to your sync route he will be passing your middleware which wil handle all job.
In addition, you can redirect user to page which shows status or progress if the sync. is processing.
I don't know how exactly handle this situation. I have a directory where I count the pageviews for each item. For authenticated users I only count as new pageview after a delay of 200 seconds between requests. For unauthenticated users I use the IP and also 200 seconds of delay.
I use a redis SETEX to verify and then the key will expire after 200 seconds. If the key doesn't exist, then insert a new page view.
Something like this
item_id:user_id (authenticated users)
item_id:ip (unauthenticated users)
Well, this works fine until a user try to increment intentionally the page views for a specific item. I have almost 3000 views for a specific item only yesterday (in last year the page has only 150 views...). So, he created some bot to visit the page with a delay to avoid my validation.
I need to register legit pageviews, but I need to avoid the type of fraud. Any idea?
As far as I know, the best way for handling bots is a way like Google Analytics.
Google Analytics works by inserting a JavaScript snippet into the
header of your website. This snippet counts a page view whenever a
visitor triggers that JavaScript, and most bots do not process
JavaScript.
You can integrate some kind of CAPTCHA in your application to limit the number of times a user can view the page within a specific amount of time.
Upon a set number of views within a given duration (say, 20 views in under 3 minutes) from the same user or IP, make them verify the CAPTCHA each subsequent time they try to view the page.
Issue a Token for every page view request. Store the token in the Cookie.
User your already available IP or USER_ID as a filtering mechanism.
After page loaded, User the token, old_token from the cookie, Operating System, Browser Name and IP / User_ID to validate the request.
Give two different timings, like 200 second expiration time and 3600 seconds of grace time, if any of the above data matches within the grace time, don't count the page view.
You can also extend this by keeping track of page views within grace time and create some methods to validate pageview request.
I usually register the Request Time together with the Request to measure the Visit Frequency and the Visiter Count per certain Time Span.
When you register all the Request that come in with with the item_id, user_id, ip and timestamp you can afterwards process the Registers by grouping them by user_id, ip and timestamp.
That way you can find out the amount of Hits per Second and identify and exclude those who clear surpass the normal Activity Pattern without loosing Data.
Often I use the Web Service Logs to generate Statistics about Visit Frequency to certain URLs on a hourly, daily or even monthly basis.
Hi Sitepoint wizard people,
Say we have an admin application that has multiple users and various objects. What I'd like to do is control access within the object itself - that is, it will behave one way for one type of user, and another way for other users. For example...
Director Mike can override Reception user Sally's registration date. One would assume that Mike could set any date both in the past or in the future. Then we have Payroll user Steve who can also modify Sally's registration date, but only for dates in the past up until (for example) one year ago. To spice things up, then we have the HR Manager Mary who can also amend Sally's registration date, but only for dates from precisely 23rd June 2007 up until one month from now...
How can I program the access restrictions so that on the front end, the form control is restricted with a min and max date, and in the backend, the validator checks the entered date to make sure it falls between those dates? I'd obviously need to be able to tweak the min and max dates for each user type. Other objects might have different parameters - maximum amount on a discount field or days of the week for overtime, for example.
I've asked this question in different ways, but each time I get bogged down by the implementation. I'm currently developing it as a php/MySQL web-based application, but thoughts and comments from other platforms very welcome! This time I'm looking at first principles, so it doesn't matter what your background is, if you have any ideas, please let me know! What do you even call this type of access control...?
Depending of how you application is based, you could ask for credentials at the start of the application and depending on who is requiring access, you could load a different xml file containing different settings.
As for security issue, make sure that the different xml files can't be reached by the users.
Edit:
Since you are using MySQL you could do something like this.
Let's say you have a table of users that has those fields : UserId, UserName, RestrictionId.
And with a Restriction table that looks like : RestrictionId, FieldName, FieldCondition.
This way, in your php app, when a user is authenticated, you can go fetch the correct "Restrictions" on the field and apply them in your code. If it happens that you have multiple fields that require different rules then you can simply add them with the correct RestrictionId.
This DB design is far from perfect, I'm pretty sure you can do better
Since, you are already using MySql db. You can maintain the UserRole Master table details in DB itself. Load the user role data based on login, then you can easily validate the changes made by the user accordingly.