Currently the API GET https://api.medium.com/v1/users/{{userId}}/publications will return the publications where user has a role of "editor" or "writer" along with a maximum of 200 other publications the user follows or has other relationships with.
How to get only those publications user has a role of "editor" or "writer" ??
Related
A react application queries the Microsoft Graph to discover if a user is a member of a particular active directory group. Right now, there's this route:
https://graph.microsoft.com/v1.0/me/memberOf
The above does work in the application. It returns a (fairly sizable) object containing all of the user's groups, so I could iterate through the list, but it would be nice to directly check if the user is a member of a single group.
Given that I can already see the list of all groups, this doesn't seem like it should be difficult, but I'm not finding the route to do so.
Am I missing something obvious?
Thanks.
P.S. It would be nice if I could do this without requiring administrator permission on the application registration.
If you already know the group's ID, you can get the members of that group, and check whether the user is a member. I.e. the inverse of what you are doing now.
Or, if you have both the user's and the group's ID, you can filter like this:
https://graph.microsoft.com/v1.0/users/48d31887-5fad-4d73-a9f5-3c356e68a038/memberOf?$filter=id eq '1e770bc2-3c5f-487f-871f-16fbdf1c8ed8'
The first ID is the user, and the filter's ID is the group.
If it is for the currently signed in user, you can shorten it to
https://graph.microsoft.com/v1.0/me/memberOf?$filter=id eq '1e770bc2-3c5f-487f-871f-16fbdf1c8ed8'.
If the user isn't a member of the given group, you will get a return code Request_ResourceNotFound
I have an rails app wherein am trying to either downvote or upvote an contact. I have a user model powered by devise. I have an feedback model too in place which stores which user has upvoted/downvoted an contact. How do I get to insert record into the feedback table when two users are trying to upvote/downvote the same contact details?
Contract.find_or_create_by(name: 'xyz') do |contract|
contract.user_id = current_user.id
end
In the above code you have two case
Case 1) Contract name xyz exists in this case that contract will be updated with a id of current user
Case 2) Contract name xyz doesn't exists in this case a new contract will be created with a id of current user
More information can be found in Api Dock
I have 2 roles
1. user
2. Gatekeeper
my database is like this
table:spree_roles_users
fields:
role_id
user_id
Both users and gatekeeper have rights to create new visitor,
but on index page it should display visitors which are entered by gatekeeper only
so how to check role of user_id
example:
There is a society say "My society"
There are 5 users who are registered from My society ,3 users have "User" role, 1 user have "admin" role, and 1 user has "Gatekeeper" role.
All 5 of them can save Visitors form, but in index page,only those visitors should b visible which are entered by person with "Gatekeeper" role.
So how to check Id_user with spree_roles_users
so visitors entered by Gatekeeper should b visible
I think you might be more interested in Solidus (a fork of Spree) which has received a lot of work pertaining to permissions inside of Spree. The permissions are managed by CanCan and you can find them located inside of permission helpers.
https://github.com/solidusio/solidus/tree/master/core/lib/spree/permission_sets
Spree is not that mature when discussing permissions...
I am working on a Rails app where the data model involves the following:
Companies, which have_many Restaurants
Restaurants, which have_many Reservations
Customers, which mave_many Reservations
My confusion comes from the fact that there are 3 distinct types of users:
An employee of the Company, who can see an admin dashboard showing data on all of the restaurants that company owns/manages
The restaurant itself (which will, in theory, have their dashboard open all day, and should be able to log into their own dashboard, but not be able to see any other restaurant's dashboard)
The customer, who has a UI to make a reservation at a certain restaurant
Should the Restaurant be a type of User?
Should each restaurant just get it's own standard user-login to access their specific restaurant? If this is the case, would a Restaurant have_one User, and I can use something like CanCanCan to restrict Users so that they can only access a Restaurant where the Restaurant's ID == User.restaurant.id?
This is my first app that addressed atypical User types, so I'm at a complete loss on this. Any guidance/best practices on how to address a situation like this would be much appreciated!
Additionally, I would like to use Devise for the User model(s). Thanks!
I would say, first of all, that it is only ever a User that is actually logging into your website. A restaurant can't log into a website. A user who is a representative of the restaurant can log in. Therefore the restaurant should not be a type of user.
A better fit is to give your users roles, and have one of the roles be "restaurant_manager" or something. These users would naturally be associated with the restaurant too, so your code could look something like
if current_user.role == "restaurant_manager"
#show extra links for the restaurant admin section
elsif current_user.role == "company_manager"
#show extra links for the company admin section
or something along those lines, and, like you suggest, you make sure that a user can only ever access their own restaurant/company in the restaurant/company admin sections.
I am creating an online survey tool.
As an administrator, i would like to see what the users have answered and also be able to answer on their behalf. The system get's a users answers and other information based on his/her username, when they are logged in, using the built in membership provider.
There are currently three roles: Administrator, Moderator and Respondent
If i would like to show my administrator a list of users,
how would it be possible to create a "backdoor" for the administrator, so that he can "log" in as the user, see the users answers etc ? (Just like the user would be able to if he was logged in to his own account).
When answering and retrieving quyestions, the system is bound to `User.Identity.Name
My suggestion on how to solve this:
Currently, when i want to retrive a users answers i use the following code:
Firma_ID = db.Firma.Single(x => x.CVR_nummer == User.Identity.Name).firma_id;
var answers = db.Tabelform_Answers.Where(x => x.question_id == model.Question_ID && x.respondent == Firma_ID);
This is because i have a table named Firma, that has a column referencing to a users Name, called CVR_Nummer. I then retrieve all the records in the Tabelform_Answers table, that match question_id and Firma_ID (A users answers for a specific question).
Instead of using `Firma_ID = db.Firma.Single(x => x.CVR_nummer == User.Identity.Name).firma_id;
to retrive the Firma_ID of a given user, i could store it in the Session upon Login. When i want to view a specific users Answers as Administrator, i would then just change Firma_ID in the Session. Changing Firma_ID in the Session would only be allowed through a controller which has the following code:
[Authorize(Roles = "Administrator")]
Also, i would set the Session timeout to be the same as the Authentication timeout.
Can somebody tell me which pros and cons of this solution? Are there any other ways of storing a "global" variable for a Session? (Firma_ID)?
Thanks
If you only need to log in as your users, I went for a ticket-method.
I have a special login-page that can take a ticket-id. This ticket is created in the admin-gui when the admin wants to log in as another user. The login-page checks the ticket in the database, logs in the wanted user, and then deletes/marks the ticket as used. As an added security, a ticket is only valid for 10 seconds after creation.
Another option is to make answers from users available from the admin-gui...
also you can do in your log-in script override
so you have at present something like
if user name and password match string then user is logged in and based on this you get user permissions
instead have admin page,
where you can select user and then you can apply permissions of the user instead of admin.