I want to make dynamic multi-subscribing modeling like Twitch, Onlyfans. For example, my customer can subscribe user1 feed also user2 feed but user1 and user2 is not static, it's dynamic.
How can I achieve this in RevenueCat? Is subscribing API allow that? How Twitch achieved this?
I am developing a REST API for a website, let's say i have a POST endpoint('/users/create') which i want to create the user if they don't already exist and return the user as a result.
What this would look like is:
#PostMapping(value = "/users/create")
public User createUser(#RequestBody UserDTO form)
The problem with this is that when the user is successfully created there is no problem just returning the user with a response code 200. The problem comes when I am doing input validation and for example a user with that email already exists and i want to return user: null and some sort of message as to what specifically failed in the user creation. I've thought about multiple posibilities such as creating a custom object that has fields for both an object of any type ( user in this case ) and a message along with it, as well as using HttpServletResponse / ResponseEntity. They all seem like they are overcomplicating something that should be realtively simple in my eyes and i don't know which approach is the best. First time posting so excuse me if i'm a bit all over the place.
there probaly is an solution which uses the Http error system but as an alternative I would use an if statement on both sides, which checks if the user already exists and if it does it sends user:error or something like that. The client side then has to check if the anwser is a user or error and if it is error a pre programmed message is shown
I've got a question about the best way to allow user's information to be visible between users in certain situations.
For example, my app will have a "FriendRequest" class to model friend requests between users. The "FriendRequest" class has two User pointers, "toUser" and "fromUser".
I also set a default ACL for all user objects to restrict access to that user only for read/write.
My question is, when a user sends a friend request, I add the pointers for each user, and set the ACL of the "FriendRequest" object to allow both users to read and write to that object. However, when the user retrieves the friend request data, the "fromUser" data is not returned from the query because the ACL of the "fromUser" allows access to only that user - not to the other user who receives the friend request.
What is the best way to allow this data to be visible? Whenever a "FriendRequest" is created, should I add read permissions to the "fromUser" ACL for the "toUser" to be able to read it's information?
Any help is appreciated!
Thanks
Ok lets setup some sample data to make the example problem clearer.
In the Users table:
{objectId:"BBBB", name:"Bob", age:18, email:"bob#email.com", ACL: only Bob Read/Write}
{objectId:"JJJJ", name:"Jane", age:27, email:"jane#email.com", ACL: only Jane Read/Write}
So Bob sends a friend request to Jane. You create a new object in the FriendRequest class.
{objectId:"XXXX", fromUser: <ptr to BBBB>, toUser: <ptr to JJJJ>, ACL: Bob and Jane Read/Write}
In your current setup, since you have setup the ACL so that noone else can read them.
Option 1
As you have suggested, when Bob makes the request to Jane, since it is initiated from a device where Bob is logged in, he can add Jane to the ACL. You will then need to remove Jane from the ACL either when she accepts or rejects the friend request, or perhaps after a certain amount of time.
This is simple when Jane needs to request data from Bob, as she can pull it from his user class, however it requires more management later on (ensuring the ACLs are reset properly later on, using a scheduled task to ensure that all friend requests not resolved after 2 weeks are "rest", finally, if there is some reason you are securing all user classes so that they are read only, temporarily making all of Bob's attributes readable to Jane might be a bad thing.
Lazy Option
You could just make all users read-to-all. More insecure obviously and something I imagine you want to avoid since you are using ACLs and posted this in the first place.
Data Duplication Option
This requires temporarily data duplication, but then you are only the specific information you require, nothing more. Say you want name and email but not age from the user.
{objectId:"XXXX",
fromUser: <ptr to BBBB>,
fromUserName: 'Bob'
fromuserEmail: 'bob#email.com'
toUser: <ptr to JJJJ>,
ACL: Bob and Jane Read/Write}
So when Bob creates the request, he puts his own info into the request object. Jane can read this info. Once the request is complete, you could make it so that Jane could read Bob's data, or you may have some other table FriendRelations which described these relationships (again, duplicating relevant data if this made things more secure for you).
We've got a few emails that get sent out by our ASP.NET MVC 3 application.
In one of the emails, we want to add "Did you find this helpful?" to the footer of the email.
If they click "Yes", some action needs to be taken in the database.
What approach should i take for these links?
I don't really like the idea of doing a GET (e.g when they click the link), which then adds something to the database. GET's should never update state. Is there a way i can make it do a POST instead?
I'm using ActionMailer to perform emails, if that matters.
EDIT:
To be clear, i'm how asking "how" to implement the MVC side of things. I know i can create an action which takes the id, etc and saves to the DB, but i'm asking about what is the correct approach from a REST-style point of view.
You can create a form and do a POST in an email but it wont work with certain mail clients. Here is a reference from 2007 that shows where it works and where it doesn't:
http://www.campaignmonitor.com/blog/post/2435/how-forms-perform-in-html-emai/
ETA: A POST would of course fit the REST pattern but probably not a good option in your case. Since you are presumably just incrementing a counter for helpfulness, having this URL exposed shouldn't cause much of a problem.
please excuse me for asking this but I have no other option apart from asking you all.
I am using ajax to send some data to a function on the server which does something with the database and then returns some json data.
Now the question is if someone goes through my javascript he/she would come to know of the function on the server to which the data is being posted. for eg: I post some data to a server side function which resides at mysite/postdata.
Cant a person get access to this link and use it. I am sure there should be some way this can be avoided.. just that I dont know....
Since nobody's posted an answer with more detail.. Here's my comment from above:
Anything you put in JavaScript can and will be seen by users. You'll have to take measures to ensure that malicious users can't retrieve or insert data that they're not supposed to.