On my parse based application, each user will have a list of notes that are private to him by default.
The user will be able to invite other users (identified by their email address) to view the notes.
I want to use ACL for that, but was wondering what should I do if the invited user is not registered yet as a Parse user on invitation. In that case, the notes creator user cannot add him to the note's ACL since there is no ParseUser object yet.
What is the best solution for this type of invitation?
Can I use ACL for this or do I have to manage the access myself?
If you're familiar with Parse technology called Cloud Code then you should check this https://gist.github.com/mikevansnell/5140654
This code creates future user from the email passed to the function and asign it with some random password. And then an invitation email is send to the passed email with all the info, including password. And when the invited user goes to the app just fill the logi
These are two options I can think of.
1) Use ACL
Modify the note's ACL so that it has read access by the users invited that are already registered. Any users that are not registered, get a new row containing the email and note id in a separate table called NewUserAccess. Whenever a user is created, query NewUserAccess for rows with the registering email. Update those notes with the newly created user's objectId.
2) Manage Access Yourself
The second option is just creating a table called UserAccess. With this, when you invite a user you create a row with their email and the note they have access to. This would cause problems if the user changed emails which would require additional work.
If you want to use ACL in order to control user access to classes, objects
just create a new _Role='registered_user' in the parse built in class "role" .
and when user xyz registers, add them to role 'registered_user'
in the ACL of the classes where you want to restrict READ to the role, use the following:
"ACL":{"registered_user":{"read":true}}
Explicitly setting READ permissions in ACL instead of just wildcarding it using "*" will lock down the access to members of "registered_user" Role.
Its just like groups in the file system.
Related
I want to Create a user screen with Two authentications (SMS and Email)
User will receive email to verify and activate his account first.
After that he set password and he will receive SMS massage to verify the password.I want to do this in Oracle apex.I have tried Custom Authentication but i didn't found fruitful, Any one have some good idea to achieve this.
after u take care of the email and sms verification, u should store that data in the data base and create a function to use in your custom authentication that verifies if the user is already validated.
put the function in shared components -> authentication schemes -> settings -> Authentication Function Name
(the function must return true or false to allow the login)
I'm not a fan of using SMS for Two-Factor Authentication, but if you must, perhaps this might demo implementation for Time-based One Time Password (TOTP) might give you some ideas: https://github.com/fuzziebrain/orclapex-tfa-demo
I provided some background information here as well: https://fuzziebrain.com/content/id/1718/
Good luck!
I have achieved this in one of my APEX project but only with the e-mail. For the sms I use it in another context but you could still do it. You will need a smtp server ( you can run one on your server ) and for the sms you will need an external provider. In your oracle database, create a table called OTP ( one time password ).
This table contains a foreign key to a user. When the user creates an account, run a dynamic action in pl/sql that will generate a random 6 digit number that will be encrypt in your OTP table. This dynamic action will also send an email to the user with APEX_MAIL. The full documentation for how to use APEX-MAIL is here and it is pretty easy to use. You can send the user the password for authentication trough email.
Create a new session user called user_na (not authenticated) and make it so that when he connects, the only page he can see is a page with a text field to enter the password he receive through email. After he enters it, encrypt it the same way you did when he created an account and compare the password in the OTP table. If they match , change his account type to user and then he will be able to access every page that you made accessible for the users.
If you also want to send an sms, I recommend using this tutorial. The sms provider have a free trial if you want to test. If you have any questions don’t hesitate to ask I can easily help you with this.
NOTE: if you don’t want to create different session_users you can just add a column in your user table named authenticated. Set it to 0 by default and to 1 when he enters the email password. Then, when he log in, check if this value is 0 or 1 to know which page you should redirect him to.
Using Laravel Spark, is there a way to -- either via UI or programmatically -- assign a team role to an invited user?
That is, Laravel Spark doesn't allow admins to create users. Instead, a owner user invites them. This creates an entry in the invitations table, and sends an email URL to the potential user. Users can then follow this URL, and sign up for a user account. Once they've signed up, an admin can change their role via UI.
Laravel Spark lets you set a default role for all invited users. What I want to know is: Does Laravel Spark provide a mechanism that would let me invite user A and have them end up with role B, and invite user C and have them end up with role D.
I can think of a number of ways to achieve this myself with custom code, but before I do that I want to know if this wheel's been invented.
Spark Roles is useful as it will allow you to assign user roles/permissions as the user signs up and/or is assigned to a team. https://github.com/centrality-labs/spark-roles
I am trying to set roles with parse.com
My aim is to set role to get all the data only for login users.
can you please proved step by step how should it be done with parse.com,
I tryed to play with it and read the tutrial but I am all the time getting accecss to data even if I am not logined.
thnx for helping!
When you create your data object you should be adding an ACL to it, created with the current user and limiting read and write to that user. This is done before you save the data object. You don't need to use a role. A role would be used where you had a group of users who all needed access, then you would add the users to the role and create the ACL for the role instead of a user.
Not sure if this is possible or if anyone has managed to do this. I have user with super admin access, with which I can create a new user for my domain. However I also want to add a couple of calenders to the created user's calendar list. When I create a user I authenticate using my super admin, but then I can't add a calendar to the user's calendar list since I am not logged in as the user. Is it possible to do this as the super admin, or do I have to logout and authenticate as the created user in order to add calendars to their list? This is the base url to which the post request is made:
https://www.googleapis.com/calendar/v3/users/me/calendarList
in the place of me could I pass in the id of the user? I couldn't find any parameter in the documentation with which I can specify the user to whose list I want to add a calender.
Thanks
Two options:
Each user much login to google calendar and share thier calendar to a single user. You can then use this account to update their calendars. Note that google has limitations to how many calendars and request you are allowed before the account goes to read-only mode.
Buy a google apps domain (5$per user per month) and create a service account at console.developers.google.com. Create a project and give it domain wide delgation at admin.google.com. In Apps engine you should be able to give access for admin to modify all users calendars.
No matter what case you choose, you also need to enable CalendarAPI at dev console site. Now with private key created from website request OAuth2 access token, where sub field is set for the users that you want to change calendar for. With returned access token use CalendarAPI to modify calendar.
Sry for bad english and short description, i'm in a hurry. /conner ;)
Is it possible to manage multiple calendars from a single program? The task is to add events for different users in a domain, but do it from single program without knowing all users domain passwords. What type of authentication should be used to connect EWS? Is there any admin account exists? How to specify which calendar to update on each operation?
sure is this possible. You will have to create an ExchangeService-instance for each user and set the ImpersonatedUserId property to the mailbox of the user you want to the appointment or whatever you want to add.
have a look at http://msdn.microsoft.com/en-us/library/exchange/dd633680(v=exchg.80).aspx there you can find how to work with impersonation and also have a look at http://msdn.microsoft.com/en-us/library/bb204095.aspx where you can see how to set the rights your user needs to impersonate.
hope that answers your questions...