Can I explicitly specify the particular policy to use along with the method, instead of using the policy that pertains to the object of the second parameters?
I would like to do something like this:
$this->authorize('FeatureNamePolicy', 'isEnabled');
the parameters are:
Name of the policy
Method of the policy
Instead of using the parameters:
Method name within the policy
Object (determines the policy used)
I did it with this
$this->authorize('featureIsEnabled', sheetPolicy::class);
Related
How can route a request from API Gateway based towards the lambda functions A/B/C based in the fact that specific header is present or not?
https://api.example.com/prod
if the headers "UserType" is:
guest -> redirect to lambda A
normal -> redirect to lambda B
admin -> redirect to lambda C
I know how only using different URL, e.g:
https://api.example.com/prod
https://api.example.com/dev
It's actually not possible. We can bind only one Lambda function with a specific resource of API Gateway. The headers are accessible as an event parameter within the lambda function itself.
Preferred way would be to create 3 different functions(your business logic's will reside here) within your lambda & based on usertype you can call the function.
And if you really want to make use of three different lambdas, you can make use of invoke method available in aws-sdk. You can refer following link for code syntax & example.
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html#invoke-property
2nd method will definitely increase the response time.
So I have done a lot of research and could not find a proper answer. This might be a bit long post so sorry for that. I am making a backend API using golang. I am using gingonic for routing and api stuffs.
There are 2 part of the service. Application and user. When lets say createAccount endpoint is called from the other micro service, it need to pass the user information and application token in body. Each application is like micro service that is registered to this micro service that I am building and have a unique token. If the token they pass matches then I will get the id of that row and use that to create an entry in user table which will have the id associate with it.
Now for every API call to this micro service, it is important that they are sending the valid token and that row id is needed to do all sort of functionality like login user, edit user info and so on as the each user is connected with that app id by foreign key. Currently, I wrote a middleware and when any api call is made I get row id and save it to a global variable and then when necessary I am using it in any part of the codebase.
Lets say if 5 multiple API call is made, will that global variable information will be persisted or for each call its brand new value? If it is persisted then what can I do to achieve the brand new of Global variable for every API call or if there are better approach can you please recommend it?
A global variable is not the answer here. It will be overwritten by each request as you suspected. Instead, the typical way to handle this situation is to have a context object that is created within the scope of the HTTP Request and passed to each method that requires knowledge of that context.
One basic rule is to AVOID using the global variables, it is bad practices, you cannot manage the state and you are limited for testing and concurrency using.
In my mind come two basic solutions:
Use context for this. In your handler, add the value in context and propagate this context by all your service calls. It is also useful for tracing if you are working with microservices, then you also should take a look for this. And in the place where you need the value from your global variable, do simple call: ctx.Value(YOUR_KEY) Take a look at the end of the page, you shouldn't use string as the key to context values.
You can wrap your data in the struct with this variable value. For example:
type CreateReq struct {
Token string // value from global variable
User user
}
and use this Token in your services.
Specifically, can SCIM be used to add Users to pre-existing (non SCIM-created) groups? We need to provision users via SCIM, but then add them to Groups created manually in the site (a .Net application).
As I understand it, it can't be done like this. Group Update requests (i.e. PATCH requests) seem to require the "id" attribute as the unique identifier for the group, and this "id" seems to be only generated in SCIM Create Requests. So if a Resource (Group / User) wasn't originally created via SCIM, SCIM can't update/replace/delete it. Is that correct?
e.g. PATCH /Groups/acbf3ae7-8463-4692-b4fd-9b4da3f908ce
I thought about a workaround convention, such as using "user:1234" and "group:1234" as the "id" attribute format (i.e. [resource type]:[internal type-specific ID]), and then any User or Group can be specified by "id", even if it wasn't created via SCIM. But that seems pretty hacky.
Is there a better way of doing this? Many thanks for any help, very new to SCIM!
Yes, SCIM can be used to manage "brownfield" scenarios where existing non-SCIM created objects exist.
Typically the logic flow that happens for a user object is:
GET on /users with a filter (as defined in RFC7644 3.4.2.2) using an attribute that is uniqueness constrained (such as userName, email).
If no user found matching that criteria, create a new user with POST to /users
If a user was found, it should bereturned with an id value even if it was not created via SCIM
The general logic of "Search using a friendly identifier -> create if not found/cache the id value and associated it with existing user in the other directory" is pretty simple and can be successfully used with other object types (ie: groups) as well.
New to APIM. Trying to change the exposed querystring parameter name (not the value) with a different name that the backend api expects
For example, APIM endpoint expects /v1/Customer?CustomerId=123
I think I need to use rewrite-url policy on the inbound section?
To change it to this: /v1/Customer?ExternalCustomerId=123
Was trying this, doesn't work
<set-query-parameter name="ExternalCustomerId" exists-action="append">
<value>#(Context.Request.QueryString["CustomerId"])</value>
</set-query-parameter>
Error: The name 'Context' does not exist in the current context
This has changed as of september 2019. now use the following:
<set-query-parameter name="ExternalCustomerId" exists-action="append">
<value>#(context.Request.Url.Query.GetValueOrDefault("CustomerId"))</value>
</set-query-parameter>
Try lower case "context". Plus QueryString is a IReadOnlyDictionary as described here: https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-expressions#ContextVariables, but there is a handy overload:
<set-query-parameter name="ExternalCustomerId" exists-action="append">
<value>#(context.Request.QueryString.GetValueOrDefault("CustomerId"))</value>
</set-query-parameter>
I have a post-confirmation lambda function that writes user attribute information to a dynamoDB table. I've managed to get access to standard user attributes fields in the "event" parameter by doing stuff like
event.request.userAttributes.sub
but trying to run
event.request.userAttributes.role //where role is the name of my custom attribute
doesn't seem to work. Anyone know what the proper syntax for this is? And do I need to set any special read permissions for custom attributes? I created this custom attribute a long time after I originally made this user pool, if that changes things.
All custom attributes are prefixed with the custom: prefix (Documentation - Custom Attributes).
Therefore (I'll assume you're using JavaScript here- if not feel free to specify and I can change this example), you'd need to use:
event.request.userAttributes['custom:role']
You don't need to set any special read permissions- all the user attributes are returned in the PostConfirmation lambda.