Need help in implementing email based approval system. Ex: Manager gets an auto triggered mail for his/her approval with a approval link in email body, when the manager clicks on the the link, it should validate the manager and then approve it. I tried searching on the internet but didn't find relevant resource.
Request you to Please help me with your ideas, suggestions or how I should proceed, or any plugin or jar is available??? It would be very helpful to me... Thanking you...
EDIT: Thanking you for replying. We have a java web app build using spring framework (MVC) where in employees can apply leaves which has to be approved by his/her manager. If an employee applies leave then a mail is triggered for approval to his/her manager with the leave details. After looking the mail, the manager logs-in to the application to approve or reject the leaves. So request you to Please help me in how to give a direct link in the mail to approve or reject the leaves.
For one of our applications we had the same requirements - employees can submit vacation requests and supervisors will be notified via mail. We have written an article about the exact way we did it - available here.
So in a nutshell, we are using Spring Integration and GMail. Each new vacation request yields an email send to all supervisors. Supervisors can reply with either approve or reject. We only accept email addresses from our domain, but since these can be faked we introduced a shared secret - a UUID added to the mail's subject which then relates to the id of the vacation request.
Once an email comes in we run the business logic to figure out whether a request shall be approved or rejected.
As I stated in my comment, I used Velocity to template my email message. You don't have to use it, but it made my job easier. You should be able to read up on it.
Java itself has the ability to send emails in it's Java EE framework using JavaMail, or you can use Spring's wrappers. You will need access to a mail server of some sorts, and would highly recommend that you setup an email box specifically for this process. I actually used my gmail account during testing, but I wouldn't recommend that for a long-term solution. I assume your company would have an email server setup somewhere you can use.
The process flow would be:
Employee fills out request
System generates an email to employee's manager(s) with a link to approve
Manager clicks on link, taken to approval page
Manager approves/denies request
The next question is how to build the URL. I would suggest using something like a UUID or something like that, or the request ID if that makes it easier. You can generate a UUID from any seed String or set of bytes. I like UUID because it obviscates the data being sent.
Anyway, the URL will basically point to a Spring form that will allow the user to approve that request. So, thinking about what you would need, I would expect some DB record that relates the information in the incoming request to the time off request that was filled out. Read in the record, load the page and display it. Simple enough.
The next issue is locking it down so only the authorized people can approve. Again, making a huge assumption here, but I am guessing you are using Spring Security? If you are, you should be able to add a condition to the Controller's handler for this approval form that requires the user to be authenticated (read here) and add a java.security.Principal to the handler methods arguments (read 15.3.2.3 here for what you can pass into a Controller's handler). With the Principal object in-hand, you should be able to compare that to a list of approvers associated with the request record in the DB. I would then have the system generate approval/denial emails that code to all concerned parties.
Let me reiterate that this is NOT the only solution, only one possible solution. This is why I feel this is not a good question for StackOverflow, as it asks a very broad question that doesn't really have a single right answer.
Related
I'm trying to figure out how Websockets works. I read some articles, tutorials, etc and I have a pretty basic understanding of how it works, but there is one element that I can't understand how to implement.
My idea is the following : One user will load a "customer" page containing all informations of that customer + a discussion thread. If an other user load that same page, they will be able to discuss in real time and if one user update the data of the customer, the second one will see the update.
The thing that is bugging me, is how can I allow users to access a customer data, but by checking that they can access it (for example, users can access the customer of their group, not all customers)
How can I be sure that the current user will access a customer he has the right (in the websocket)?
Thank you for your help!
Think of the websocket connection itself as a separate thing. A socket used by a client can subscribe to many different events.
What you're describing is topics. When the websocket connection is established, you send a message using whatever socket framework you're using to subscribe to a topic. For example, it could be a topic called customer-123. (A analogy for a topic, is a chat room)
Your application logic (server side) will verify that the currently logged in user has permission to access customer 123, and if so, permits them to join this topic. If you don't do this, it would be trivial for users to listen to any messages relating to any data.
Whenever a user updates any data that is relevant to customer 123, a message is posted to that topic. And thus, any user who is in that topic will receive the message.
An socket might subscribe to many many topics for each customer they open in your app. And topics can be combined and managed in groups depending on how you want to send messages.
In a typical large app, it's common to have a websocket subscribe to topics like user-123, team-456 by default so the server can send messages to them individually or to the entire team to which they are a member of.
For example, if a user updates customer-123, I might send a full data object to the customer-123 topic, and if customer 123 belongs to team-456, I would also send a small notification object like 'User 789 has updated customer 123' to the entire team (which is what powers Facebooks feed like system).
As your app grows, you'll use services like notification hubs to manage the fact that there could be thousands of topics each with thousands of subscribers.
The best thing to do is share a session ID and set up authentication token policies between your web application and your socket session. You could set up your own policy middleware to check the session ID.
You aren't really clear about how you're trying to accomplish this. If you're using express/socket.io, you can use this module: https://www.npmjs.com/package/express-socket.io-session
Hope this helps!
Like any other production application, you need authentication (who is allowed to use the app) and authorization (what functionality can a authenticated user perform). Authorization (ie, access control - ACL) is probably more precisely what you are looking for. Your app has to consult an authorization subsystem to see if the current user has access permission to edit/view another user's information.
This is not a trivial concern for many applications; security and privacy are important aspects of any web-based (distributed) application.
I am trying to build a control that the user can use to send feedback to developer. I am using email as a delivery method and I leverage sendgrid email service for this. Now I want to know the users email address so I can respond back to the user's concern. I am not sure how to get the user's email in window 10. Any help or pointers please?
I would strongly recommend to use the sharing approach that has been introduced with Windows 8 - instead of writing and maintaining your own mail functionality and trying to access additional user data.
Have a look at the existing and built in e-mail functionalities. They make use of the user's connected mail accounts and the mail app. This way you don't need to worry about handling the message transmission or anything but rather hand the information over to the mail client. This way you also know how to reply back.
And as a bonus, the user can still access their message via the Sent Mails folder :)
There is a specific class for that, the EmailMessageClass (https://msdn.microsoft.com/en-us/library/windows/apps/windows.applicationmodel.email.emailmessage.aspx?cs-save-lang=1&cs-lang=csharp#code-snippet-1) as well as a dedicated guide with code example.
https://msdn.microsoft.com/en-us/library/windows/apps/mt269391.aspx
Essentially you can prepopulate the Mail fields with necessary app information where applicable. The user gets to choose which accounts he wants to send the mail from, but it will open in the mail client.
I am making an event organisation platform. Whenever user creates an event, the candidate gets an email notification as well as sms notification asking whether the suggested time fits or not. The problem is that since it is event organisation, there may be more than one occurance of candidate's mobile phone. So I need to have some unique information to identify to which event candidate is responding to.
I have tried identify using Message SID, but then I realised that Message SID is different on reply message.
So my question would be: is there any way to authenticate to which message candidate is replying to?
Hi Twilio developer evangelist here.
Because every message is idempotent, you wouldn't be able to track them just via the call sid. however, there's way to get around that such as passing a code that goes with each message which you can then read, or using cookies.
I think you are probably going to be more successful using cookies, and luckily enough there is an article on twilio's website that describes just how to do that. And because I noticed you're using PHP, I'm pointing you directly to the PHP article on tracking SMS conversations.
Hope this helps you
I am building an MVC application (using the Zend Framework).
When users first register, the applicaiton sends them an email. My question is, where should I trigger this email from? The model or the controller? My thoughts are as follows:
In some ways, the model makes sense, since sending a registration email is part of my business logic. Users must click the link in the mail to validate their email address.
But by putting it in the model, I am 'encumbering' the model. The model's registerUser action is then only useful within the context of an application that needs emails sent for every registration.
Instead, by triggering the email from within the controller, my controller would be a litter 'fatter', but my model a little more 'fine grained'.
I have written an email service which actually configures and sends the email, and I think this is a good design decision. I am really just asking where I should be calling this service from.
Your thoughts are most appreciated!
According to Zend Framework's definition of MVC, you should put send the email from the controller:
Controllers...decide which view to display based on the user's request.
Models, on the other hand, contain:
...basic functionality behind a set of abstractions.
An email may be considered a "view" in that it displays information to the user. It is the controller's job to activate this "view."
In my opinion, I would want this in the model, as I would consider this an assumed process of the create user method, rather than any specific interaction with the user making the request.
In other words, since I would always want this email sent, regardless of the source of the request, I would identify this as a natural byproduct of the create user action, similar to a record being saved in a database.
You might want to look into using something like NServiceBus to queue messages to be sent to your Email Service.
This way you can have NServiceBus subscribe to an event that occurs and omit any manual firing of the email service etc.
Ultimately you want a failsafe way of ensuring your messages get to the intended people. This kind of framework will greatly help you ensure that this happens.
Alternatively you could store the emails to be sent inside your database and have your email service check the database queue every x minutes for new emails to send and omit the need for triggering the email sending.
Again, doing it this way will ensure at the least that the emails get sent. Should the network go down or some other disruption occur during the sending of each email you can simply leave them in the queue until the network comes back up.
So, here's my situation. We have a department that needs the ability to use queues in CRM 4. They also need the ability to reply to e-mails that come to that queue from their department e-mail address. (So that any customer responses will go back to the queue to be handled by agents)
I originally was going to build a JavaScript customization that inserted a checkbox that said "Send From Business Unit". Toggling this would look up their department user based on the e-mail address on the Business Unit. I successfully got this working (as a concept), but found that actually sending triggers the dreaded "CrmCheckPrivilege failed."
Which is good, because that means CRM is actually enforcing security.
So my problem? I have no idea how to replicate this functionality and it's a must have for this customer group. Is there anyway to modify the e-mail after it's already gone through security checks via a plugin? Perhaps a pre-stage send plugin?
I want to be reasonably certain of success before I commit a lot of time to this solution. I'm also open to any other ideas too.
Thanks in advance,
Clif
Well, first, a "CrmPrivilegeCheck failed" can always be fixed by adjusting the user's roles and giving him the appropriate privilege (the privilegeId is always returned in the exception but may not be shown in the particular error dialog you are getting) and level, but this may not be wanted by the department.
A solution we have used is just slightly different from yours: Do not send the mails through another user, but through the queue. Queues can also be eMail senders in MSCRM. The queues should already have the correct eMail addresses set in order to work properly with the eMail router. Set up a way to determine the correct queue (like a field on the systemuser entity or a hardcoded queue name in your JavaScript) and set the from lookup accordingly in your JavaScript. That way the eMails will be sent using the name and address of the queue, so any direct replies will always have that queue as the recipient.