I have a little problem about this scenario.
I have 300 users in my system. each user must have user panel. it is one page that each user after sign in to the system and went to own page,can edit his content and customize it.
my question is : how to define permission for each user in order to access to own page and don't access to other's personal page.
thank you.
You just need [AbpAuthorize] attribute for the related application service to prevent unauthorized users to see that personal page. And when the user opens the page load the data with the current user's information as #aaron stated in the comments.
Related
In my codeigniter application following is the format of user profile
http://example.com/foo/view_profile/userid
how can I restrict a user to view others profile? that means he cannot browse any other link than his profile.
so user foobar420 can not browse following links for example
http://example.com/foo/view_profile/foobar250
http://example.com/foo/view_profile/
http://example.com/any-this-else
How can I achieve this?
Was going to comment this, but it's sort of an answer. Well an idea on this subject at least.
Instead of having "/view-profile/userId" why not just "/view-profile" and send the user model as an object to the page. Then you can just render the proper information only for the user who is actually logged in to the server. Assuming you have access to the user model in your server side script, this is the preferred method.
And if no user model is present, redirect to the login page.
Hi I am customizing OpenERP. I want to restrict user to login into application once at a time. That means; I have a user called "Accountant". I want only one session should be allowed to login with "Accountant" user name at a time. Others can login with their own user names.
Like that application should allow only one session for each user at a time.
I have not seen any plugin for this. Can I do this through customization?
Please guide me.
This blog highlights how to do it. But I don't think there is a live implementation of this available as open source http://www.zbeanztech.com/blog/how-restrict-multiple-logins-user-openerp-0
We do plan to do it ourselves as well but haven't had a moment yet.
I've researched really a lot, but found no way to embed a share button which posts directly on the fanpage, not the personal profile.
I'm working with the JS API and also tried the direct link, neither worked. There is also no way to change account directly in the popup. Settings the publisherid also didn't work.
Is there any way to embed a share button which will share something on my fanpage?
That's nothing you as the website owner can take influence on. It depends on how the user is logged in on Google+.
As a page owner you can create a username/password for the page and login as the page on Google+. Here is a post describing that: https://plus.google.com/108210288375340023376/posts/8nmNsfL8G2R
does anyone know of a simple module or extension etc for Joomla that would enable the admin to upload a file relevant to a specific user login?
For example, they have a bunch of user accounts, and would like a registered area on the website that would show files relevant to only that user credentials.
In the backend, they would easily like to add a document and select which user can see it.
You might want to check out the "Component Access Permission" extension, here
I am wanting to build an admin tool where I can "impersonate" users of my site, without having to lose my session as an admin.
I would like to be able to open an iframe that will view the website "as the user", without changing the state of the page that opened the iframe.
Is that possible? Is there a better way to do this?
It's possible, but there's a bit "but" :)
Just a couple options to start with:
Use URL-based session tokens (as Java Servlets do when you have cookies disabled)
Use different domains for "normal" site and admin interface
iframe itself won't help you much: it will always share its cookies with the browser. So in order to avoid that, you can use either of the above options—but that does not depend on the iframe.
What language? My answer is based on the assumption that PHP is your chosen language.
Firstly, I would say you have planned your application wrong if session impersonation is the only way you can view your site as another user while still keeping your admin login intact.
One way you could do it, and again this is assuming that you are using PHP as well as the default session management functions within and you do not have a custom session handler would be to load the iframe url with the ?PHPSESSID=sessionidhere parameter.
A better way to do this is to create your site and authenticate users via a user object of sorts and then add some sort of url parameter such as ?userbrowseid=123
Then when you load the page, your code will only check if the parameter exists if you are already logged in as an admin. The page would then overwrite your current user object with the user object of the user with the id 123. Steps should be taken to make sure your session cookies are not overwridden with the impersonated user object. As this would be in an iframe, your site will work as an admin and the iframe will be loaded as the user object.