I'm creating an application where in I'm registering myself and saving details to users table as follows.
users(id, first, last, email, phone);
After that I wanna create many accounts under users like account1 and account2 as follows.
accounts(id, name, user_id);
Each account has its own purposes and does the functionality on behalf of signed user like CRUD.
Once user logged in, the user redirected to dashboard - that contains the no of accounts.
So he can switch between these accounts.
Please help some suggestions regarding this. The work would be more appreciated.
You question is too "macro". Its better you start by modeling your database with relationships and so on.
Later you can come here and post some "micro" question. Because your "Switching between many accounts" envolves a lot of things that cant be solved just like that.
Related
As a freelancer, I used opencart for my clients, one table called users, another table called customers.
I tried wordpress + woocommerce, that's only one user system. I haven't really used this, just test.
If we use only one user system, I have a question. What/how account should the employee/staff use? Use the private email, like peter#gmail.com? This maybe not easy to manage. Any characters could be the email. like haha123#gmail.com. then we don't know who is who.
Or create a company's account like peter#nike.com, force the staff to use the real name.
But when a staff have two accounts, he login as staff at work time. And he buys things for himself. Then he resigned, leave the company. His work email is canceled, frozen, inactivated. Which means that he cannot access his own order records. And maybe the private order is still ongoing, haven't received, not paid yet. This caused problems.
What solution should we use?
WordPress is based on the Roles and Capabilities system. Users will have a role while Each role will have different capabilities assigned.
Whenever WordPress code performs an action as a logged-in user, it basically checks if the user has the capabilities to perform that action or not.
As you explained in your use case, in that case, a staff member will be assigned a role(let's call it manager) that will allow them to do some staff-related things and he can also use that account to make orders and buy things.
If he resigns then the site manager/admin will change his role as a customer and will allow him to use the website and buy things but he won't be able to staff related things, because the custom role will not have those capabilities.
And in some cases, his connection with any data that should be only assigned to staff will be removed and assigned to someone else.
In short, capabilities do all the magic here and instead of assigning multiple capabilities to each user, WordPress creates a role with a set of capabilities to make it simple, and we can assign that role to a user and change it anytime, to revoke or grant more capabilities.
i am working on a multi user application where i have two tables for authentication, admins table and users table.
currently when a user registers, their information gets saved in the admins
table(which automatically makes them admins for the registered account) and are authenticated using the same table.
These admins can create other users and assign roles and permisions to restrict them from accessing certain information associated with that account.
These users are saved in the users table with admin_id to track which account they belong to,they are authenticated using the same users table.
Now my issue is how to track all records created by all these different users of the account.
For instance when and admin creates a post, the admin_id will be used to track the post and when a user creates a post the user_id will be used to track the post and with the help of a hasManyThrough relationship between the Admin,User and Post models all posts associated with the account can be obtained and displayed to the admin.
But for a case where a user is given the permision to view all posts associated with the account i do not know how this is going to work.
Initially, what i wanted to do to avoid all these confusion was, during authentication,i would just get the id (if admins table is being used for auth) or admin_id (if users table is being used) and store as account_id in localstorage or session.
This way, account_id will be the same for all the different users of the account and posts created by an admin of an account will be tracked with the same id as posts created by different users of the same account.
So is this approach good enough?
Is there a better approach to this problem?
and finally is this a dumb question?
Help me out guys!
Thanks in advance.
We are trying to integrate our platform with Pipedrive. As far as we have researched, in a pipedrive account, there is one admin and he can add multiple users. And the users later can login in their respective accounts.
What we are trying to make sure is that once a Pipedrive account is integrated with our platform, the same account should not be integrated twice. So, I need a unique identifier, that lets me know whether the account has already been integrated.
My initial approach was to check the api key. But it was not successful, since every users in an account have different API Keys.
After a bit of research, I found out that there is an identifier called company_id which is common for all the users in an account. But I could not find anything regarding it in documentation. So, I am not 100% confident to go ahead and implement it in our code.
Does anyone have an idea about this?
Pipedrive support rep here.
The most sure-fire way to ensure this is to make a GET request against http://api.pipedrive.com/v1/users?api_token=your_token_here.
You are correct in assuming the company_id in the additional_data object in the response is static and won't change across any users on the account.
Note that a Pipedrive account may have more than one admin, and that non-admins (regular users) might have visibility (and editing) restrictions in place, which may cause some of your GET, PUT and DELETE requests to fail.
In case you're not doing this already, I'd thus advise filtering the data array from the abovementioned endpoint for user.is_you to equal true and check whether the is_admin property is set to 1 during "registration" to ensure the user setting up the integration is an admin.
Hope this helps!
I'm not quite sure what you're asking for. Are you looking for a unique identifier for each user?
Each user has an id, you can get all users by calling
https://api.pipedrive.com/v1/users?api_token=____
This will return a JSON Object with data on your users, including their names and associated IDs. Admins are just users with different privilege levels. All admins are users, but not all users are admins. All users are part of a company, the company is identified by the first part of the Pipedrive account url ie.
https://FooCompany.pipedrive.com
Are you trying to see if a certain company has been integrated already?
I am about to define permissions for users in my project. I checked the laracasts videos regarding ACL, Roles and Permissions.
I have a doubt. Do I need Roles for normal users?
I mean, in my project a user should be able to create / update / delete his own posts, he should be able to comment on his own posts and posts by other users and delete his posts and posts left by others on his own posts.
The point is: do I really need to define Roles for this kind of permissions? Shouldn't I just define some policies like can / can't post / update / delete etc. and only define roles for admins?
You don't necessarily need a full featured, powerful Roles/ACL system but if you are storing both admin and basic users in the same table then you do need something to distinguish between them. This could be something as simple as a Role field as a string on your users table e.g. Admin or Basic, or even a boolean is_admin field.
This would give you the ability to implement a Policy or Middleware to prevent basic users accessing the admin panel, and you can have permission checks to ensure a user can't update other users posts etc.
If you don't foresee needing anything more complex in future then this would suffice. However, as your app becomes more mature, you might wish to have a more advanced roles system, for example where a user needs to have multiple roles.
You don't necessarily need to define a role for every user...
It's probably a good idea to, however, you can 'hardcode' and make some assumptions about some of the access...
For example:
If you assume that anyone who is logged in can make a post and can edit their own post, you don't need to make a role for users to say "can_make_post", just have a check saying "if user is logged in, then let them make a post"
then if you say, have an admin area, then you can go "if user a has role
with the 'admin_access' permission, then allow access"
It would be a good idea to have roles for everything, as it allows more customisation, however, your the one designing it, if you don't need the customisation, you can probably just make some assumptions like above.
I have set up on my test server codeigniter with tank_auth but I would like to know how I would be best to make sure when new user is registered make sure some selected data goes in to the database table user_profiles i.e. Country, Website,
I am going to be creating a users profile page dashboard/account/
If there are any links on this subject please give them to me.
It's best to just let people make a basic account: email, password (, username) and after they are registered and logged in let them add this extra info (e.g.: gender, website, county, etc.) on their profile page.
That's the way way i do it and i think it works fine.