Hi I am customizing OpenERP. I want to restrict user to login into application once at a time. That means; I have a user called "Accountant". I want only one session should be allowed to login with "Accountant" user name at a time. Others can login with their own user names.
Like that application should allow only one session for each user at a time.
I have not seen any plugin for this. Can I do this through customization?
Please guide me.
This blog highlights how to do it. But I don't think there is a live implementation of this available as open source http://www.zbeanztech.com/blog/how-restrict-multiple-logins-user-openerp-0
We do plan to do it ourselves as well but haven't had a moment yet.
Related
Is there any way to login other users account for admin user ?
Currently authentication based on Meteor Accounts
I saw this post but didn't working at all now.
The feature is important for us because when user have problem in system then admin need to see it this by simulating user account.
Thanks in advance.
It seems you want to impersonate a user. This means that you want to have Meteor.userId (or this.userId depending on context) reflect the _id of a specific user both on the client and the server.
afaict the only way to do this is to login as the user. Presumably you don't want to ask the user for their password so you have a couple of choices:
Save their existing password, replace it (temporarily) with a password of your choosing, then after you're done impersonating their account, restore their existing password.
You probably don't want to ask the user for their password and you don't need to. All you need to do is set aside Meteor.user.findOne(userId).services.password.bcrypt, then reset the password to your temporary value, then restore the original bcrypt value later.
The downside is that the original user would not be able to login while you are logged-in. Plus it's really hacky.
Extend Meteor's Accounts package to provide impersonation capability in a more elegant manner.
You might also look at validateLoginAttempt. The docs are unclear as to whether a failed login attempt could be overridden with a successful one but if it could then that would provide another pathway to solve your problem.
Instead of logging in as the users, which requires their password and which is a total no-no, you may use rather alanning:roles and allow the admin to assign the role of any user in order to draw views based the user's role.
This requires a well designed role system.
As a plus you could then at least load the documents associated with the user who you want to support.
This requires a well designed document and data model.
But generally spoken you should rather focus on writing good tests (test driven development) for components as unit tests, integration tests and UI tests.
This will reduce the need to manually view the app as an end user a lot.
The most common end user problems can be reduced by creating a good knowledge base like a wiki or video tutorials.
Even if then an error occurs in the end user side, I would rather try to implement a well designed error log that allows users automatically create tickets on error which also include the error stack.
All the above methods are to be favored before logging in AS THE USER.
As #Jankpunkt has already mentioned alanning-roles I can add something you can use without installing any external package.
Just keep a type key in the profile object of the users collection. Then define some types like 1 for super-admin, 2 for admin, 3 for general etc. Then check the authorisation of particular action by checking the value of user.profile.type key.
Caveats: Make sure you are checking the type in server side. By default profile field is writable from the client end, so if you are putting type field in the profile object make sure that you are not allowing users to modify users collection in the client end.
Here is how to restrict client end update in users collection:
Meteor.users.deny({
update() { return true; }
});
Read more on roles and permissions here:
https://guide.meteor.com/accounts.html#roles-and-permissions
I have a little problem about this scenario.
I have 300 users in my system. each user must have user panel. it is one page that each user after sign in to the system and went to own page,can edit his content and customize it.
my question is : how to define permission for each user in order to access to own page and don't access to other's personal page.
thank you.
You just need [AbpAuthorize] attribute for the related application service to prevent unauthorized users to see that personal page. And when the user opens the page load the data with the current user's information as #aaron stated in the comments.
I recently noticed the addition of a "Session" object in Parse dashboard. Now, from what I understand, a session uniquely identifies a user to the server. So why would we need such a Session? For the session token? We already have a currentInstallation... so I don't really see the point. Can someone explain and provide a scenario where I would use the "Session" object. Right now they just annoy me by their presence because they take up potential space on the Parse server and I would like to go delete them all but want to make sure that isn't stupid.
The sessions are used by parse to deal with the users (is the user logged?, on which devices?, etc.), and are available as a class as you may want to manipulate them. By deleting the sessions you would automatically logout all your users, so it's a pretty bad idea.
You don't have to use or touch anything about this class, but here are few examples of why it can be useful:
[...] If a user contacts you about his or her account being compromised in your app, you can use the Data Browser, REST API, or Cloud Code to forcefully revoke user sessions using the Master Key. These new APIs also allow you build a “session manager” UI screen where your app’s users can see a list of all devices they’ve logged in with, and optionally log out of other devices. [...]
You can read more about the Sessions on their blog post.
I've developed an app in laravel and sentry2 as ACL. Login occurs through SAML.
Whenever a user logs in from SAML is redirected to my app where I check server variables, and if credentials are correct I let him pass to the site with sentry.
My issue occurs when I try to log in with the same account in two different browsers. Looks like when I log in in the second browser the existing session in the other browser gets overrided.
I've found out this looking into sessions table:
http://pastebin.com/6iEnRkEs
Any ideas? Will appreciate your help on this very much.
Thanks a lot!
Pablo
EDIT:
The idea would be that the app work like gmail/fb that allows the user to be logged in both browsers at the same time.
It's correct the way it is.
Different browsers different sessions. This is a security feature/matter every single app should enforce.
If you log in a different browser how could Laravel tell if it's not a different person login in from a different computer in the same network? Log someone off in this case it's also the correct thing to do, because if some kind of exploit is happening, user will see something is wrong and, maybe, change his/her password.
Some (ie: banking) also do: different browser tabs, different sessions, but this is not the Laravel case.
I was wondering if anyone can shed some light on setting up basic user authentication. I've installed the admin app into my project and it works great. But I need a basic user role that can have it's own registration page etc.
I need to see something like
domain.com/users/user.slug
would take them to their profile page
I'm also going to have nested resources, so a user can have a project associated to them.
domain.com/users/user.slug/projects/project.slug
or
domain.com/users/user.slug/project.slug
The admin piece worked great, but I have no idea how to setup registration etc for a user model?
I've used devise in the past with Rails and I'm wondering if anything like it currently exists? I've seen some discussion around warden. Is there a defacto solution that people are using or am I able to implement the admin app to handle this? Right now /accounts is protected and can only be accessed by the admin role.. so I can't have users go to accounts/new
Thanks
For now I basically just copied the admin app.. into my own Users app while using my own User model.
The user model is basically a direct port of the account model.. as is the session controller etc. Just switched the model names around.
I'm still not sure if this is the best approach or if I'm able to leverage the admin app to handle this also?
This solution is working, though again, I'm not sure if it's the optimal approach.