I would like to verify if the user has access to more than one url, in a view, like this:
<sec:access url="/user,/client">
Just like the sec:ifAnyGranted tag for roles:
<sec:ifAnyGranted roles="ROLE_ADMIN,ROLE_SUPERVISOR">
In my verifications, the sec:access url just works with one url.
Is there any way or alternative to this?
I'm using the spring-security-core:2.0-RC2 plugin for grails.
I don't thing multiple URLs is supported. You can create your own tag to do this like
class CustomTagLib {
static namespace = "myTag"
def ifAnyGranted = { attrs, body ->
List<String> urls = attrs.remove('urls').split(',')
Boolean hasAccess = Boolean.FALSE
for (int i = 0; i < urls.size(); i++) {
hasAccess = sec.access(url: urls.get(i).trim()) { Boolean.TRUE }
if (hasAccess) {
out << body()
break
}
}
}
}
and use it in the view like:
<myTag:ifAnyGranted urls="/domain/index,/domain/show">
Something to display if has access to anyone of the URL
</myTag:ifAnyGranted>
Related
I am using an extension in Magento called web-forms to create all the forms on my website. What I need to do is add the email verification fields (user must enter email twice. Both emails must match) How can I do this? I looked thru the extension but did not see a way to do it.
It looks like the web-forms is using prototype.js for validation.
I got it in case someone in the future has the same problem and in using the web-forms extension here is how you do it.
Assign css class thru the back end in magento->web-forms-(your form name)->the confirm email field(which you should create if you don't have it all ready)design tab->CSS classes for the Input element(put your class name here and remember it you are going to use it later)
Next open up in your root directory of the magento installation the validation.js file. Which is located in js/prototype/
Open the file and paste the code below after the validate-email
['[your class name]', 'Please make sure your emails match.', function(v)
{
var conf = $$('.[your class name]')[0];
var pass = false;
if ($('email')) {
pass = $('email');
}
var emailElements = $$('.validate-email');
for (var i = 0; i < emailElements.size(); i++) {
var emailElement = emailElements[i];
if (emailElement.up('form').id == conf.up('form').id) {
pass = emailElement;
}
}
if ($$('.[your class name]').size()) {
pass = $$('.validate-email')[0];
}
return (pass.value == conf.value);
}],
save it and upload it
Hope that helps somebody you has the same problem.
Above code is not working correctly following part is creating issue
if ($$('.[your class name]').size()) {
pass = $$('.validate-email')[0];
}
at my end following code is working
if ($$('.validate-admin-email').size()) {
pass = $$('.validate-admin-email')[0];
}
so the complete working code can be:
['validate-cemail', 'Please make sure your emails match.', function(v) {
var conf = $$('.validate-cemail')[0];
var pass = false;
if ($('email')) {
pass = $('email');
}
var emailElements = $$('.validate-email');
for (var i = 0; i < emailElements.size(); i++) {
var emailElement = emailElements[i];
if (emailElement.up('form').id == conf.up('form').id) {
pass = emailElement;
}
}
if ($$('.validate-admin-email').size()) {
pass = $$('.validate-admin-email')[0];
}
return (pass.value == conf.value);
}],
.validate-cemail is your defined class in template.
like:
<input type="text" name="email-confirm" id="email-confirm" class="input-text required-entry validate-cemail"/>
I use the Grails Application Info Plugin to get active sessions as:
ScopesInfoService scopesInfoService
List<Map<String, Object>> activeSessionsMap = scopesInfoService.getSessionsInfo()
activeSessionsMap.each { sessionMap ->
def tmpSession = sessionMap.session
}
How can I see which page a user with a session has been requested and is requesting?
Create a filter and store the current controller and action or request.forwardURI for each request in a variable called currentLocation or something. When you access sessions just read that. you can be creative with it and store any data. but not sure this is a proper approach anyway.
storeLocation(controller: '*', action: '*') {
before = {
session.currentLocation = "$controllerName/$actionName"
}
}
This plugin will not give you that. You need to develop something yourself.
You can create a grails Filter that saves to your database (create a new table for this) the information about the session, user and about the URI (your pages) is being requested.
Sample filter:
class UserInfoFilters {
def filters = {
all(controller:'*', action:'*') {
before = {
SessionUserInfoDomainClass s = new SessionUserInfoDomainClass()
// populate your domain class above with the info you need. Examples:
s.user = session.user
s.controller = controllerName
s.save()
}
}
}
}
Then you can easily have some UI (even with scaffolg) of this SessionUserInfoDomainClass to read the info you want.
I am using the OData sample project at http://www.asp.net/web-api/overview/odata-support-in-aspnet-web-api/working-with-entity-relations. In the Get I want to be able to change the Filter in the QueryOptions of the EntitySetController:
public class ProductsController : EntitySetController<Product, int>
{
ProductsContext _context = new ProductsContext();
[Queryable(AllowedQueryOptions=AllowedQueryOptions.All)]
public override IQueryable<Product> Get()
{
var products = QueryOptions.ApplyTo(_context.Products).Cast<Product>();
return products.AsQueryable();
}
I would like to be able to find properties that are specifically referred to. I can do this by parsing this.QueryOptions.Filter.RawValue for the property names but I cannot update the RawValue as it is read only. I can however create another instance of FilterQueryOption from the modified RawValue but I cannot assign it to this.QueryOptions.Filter as this is read only too.
I guess I could call the new filter's ApplyTo passing it _context.Products, but then I will need to separately call the ApplyTo of the other properties of QueryOptions like Skip and OrderBy. Is there a better solution than this?
Update
I tried the following:
public override IQueryable<Product> Get()
{
IQueryable<Product> encryptedProducts = _context.Products;
var filter = QueryOptions.Filter;
if (filter != null && filter.RawValue.Contains("Name"))
{
var settings = new ODataQuerySettings();
var originalFilter = filter.RawValue;
var newFilter = ParseAndEncyptValue(originalFilter);
filter = new FilterQueryOption(newFilter, QueryOptions.Context);
encryptedProducts = filter.ApplyTo(encryptedProducts, settings).Cast<Product>();
if (QueryOptions.OrderBy != null)
{
QueryOptions.OrderBy.ApplyTo<Product>(encryptedProducts);
}
}
else
{
encryptedProducts = QueryOptions.ApplyTo(encryptedProducts).Cast<Product>();
}
var unencryptedProducts = encryptedProducts.Decrypt().ToList();
return unencryptedProducts.AsQueryable();
}
and it seems to be working up to a point. If I set a breakpoint I can see my products in the unencryptedProducts list, but when the method returns I don't get any items. I tried putting the [Queryable(AllowedQueryOptions=AllowedQueryOptions.All)] back on again but it had no effect. Any ideas why I am not getting an items?
Update 2
I discovered that my query was being applied twice even though I am not using the Queryable attribute. This meant that even though I had items to return the List was being queried with the unencrypted value and therefore no values were being returned.
I tried using an ODataController instead:
public class ODriversController : ODataController
{
//[Authorize()]
//[Queryable(AllowedQueryOptions = AllowedQueryOptions.All)]
public IQueryable<Products> Get(ODataQueryOptions options)
{
and this worked! Does this indicate that there is a bug in EntitySetController?
You would probably need to regenerate ODataQueryOptions to solve your issue. Let's say if you want to modify to add $orderby, you can do this like:
string url = HttpContext.Current.Request.Url.AbsoluteUri;
url += "&$orderby=name";
var request = new HttpRequestMessage(HttpMethod.Get, url);
ODataModelBuilder modelBuilder = new ODataConventionModelBuilder();
modelBuilder.EntitySet<Product>("Product");
var options = new ODataQueryOptions<Product>(new ODataQueryContext(modelBuilder.GetEdmModel(), typeof(Product)), request);
In magento as we use the REST url to access the data,as http://localhost/magemto/api/rest/products it returns in XML format.
But as my team requirement, I should send the data in JSON format to access AJAX calls easily.. I have used REST client to include a header as 'Content-Type:appilcation/json'.. Then it returns in JSON format.. But I want it as defaultly by the magento API..
Hey, I do have a solution for this, I would like to share with you.
First go to your magento root folder then go to following path
\app\code\core\Mage\Api2\Model\Request.php
Go to the method getAccepTypes() and change with this code below it will fulfill your requirement.
public function getAcceptTypes()
{
$qualityToTypes = array();
$orderedTypes = array();
foreach (preg_split('/,\s*/', $this->getHeader('Accept')) as $definition) {
$typeWithQ = explode(';', $definition);
$mimeType = trim(array_shift($typeWithQ));
// check MIME type validity
if (!preg_match('~^([0-9a-z*+\-]+)(?:/([0-9a-z*+\-\.]+))?$~i', $mimeType)) {
continue;
}
$quality = '1.0'; // default value for quality
if ($typeWithQ) {
$qAndValue = explode('=', $typeWithQ[0]);
if (2 == count($qAndValue)) {
$quality = $qAndValue[1];
}
}
$qualityToTypes[$quality][$mimeType] = true;
}
krsort($qualityToTypes);
foreach ($qualityToTypes as $typeList) {
$orderedTypes += $typeList;
}
unset($orderedTypes);
$orderedTypes=Array
("application/json" => 1);
return array_keys($orderedTypes);
}
Hope this help you.
I have several domain classes that are related and I am trying to figure out how to implement a constraint that depends on multiple domains. The jist of the problem is:
Asset has many Capacity pool objects
Asset has many Resource objects
When I create/edit a resource, need to check that total resources for an Asset doesn't exceed Capacity.
I created a service method that accomplishes this, but shouldn't this be done via a validator in the Resource domain? My service class as listed below:
def checkCapacityAllocation(Asset asset, VirtualResource newItem) {
// Get total Resources allocated from "asset"
def allAllocated = Resource.createCriteria().list() {
like("asset", asset)
}
def allocArray = allAllocated.toArray()
def allocTotal=0.0
for (def i=0; i<allocArray.length; i++) {
allocTotal = allocTotal.plus(allocArray[i].resourceAllocated)
}
// Get total capacities for "asset"
def allCapacities = AssetCapacity.createCriteria().list() {
like("asset", asset)
}
def capacityArray = allCapacities.toArray()
def capacityTotal = 0.0
for (def i=0; i<capacityArray.length; i++) {
capacityTotal += capacityArray[i].actualAvailableCapacity
}
if (allocTotal > capacityTotal) {
return false
}
}
return true
}
The problem I am having is using this method for validation. I am using the JqGrid plugin (with inline editing) and error reporting is problematic. If I could do this type of validation in the domain it would make things a lot easier. Any suggestions?
Thanks so much!
To use the service method as a validator, you'll need to inject the service into your domain, then add a custom validator that calls it. I think it'll look something like this:
class Asset {
def assetService
static hasMany = [resources: Resource]
static constraints = {
resources(validator: { val, obj ->
obj.assetService.checkCapacityAllocation(obj, val)
})
}
}
How about:
def resourceCount = Resource.countByAsset(assetId)
def assetCapacityCount = AssetCapacity.countByAsset(assetId)
if(resourceCount < assetCapacityCount) return true
return false
HTH