Can MODX serve a single site instance to a subscriber-based audience, whereby common elements are served to all users, while each individual subscriber's content is stored uniquely and presented in the front end only to them?
To clarify this scenario, consider a website that provides financial budgeting tools. In this example, a single instance of the website and its components is served to all users, simplifying maintenance, progressive design enhancements, etc., while each user's data (i.e. their financial details) is accessible only to them via log-in credentials.
The default MODX setup does not to support this example. Static elements can be used, but this alone doesn't cover the above scenario. So my question is whether MODX can support the above scenario, and if so, how it can be accomplished? I'm not looking for specific details -- but broadly, what options exist? If there are options, is it even a good choice for this kind of scenario?
MODX does an excellent job with common pages, and the built-in ACL system will allow you to differentiate access for any number of closed participants groups.
As for the user's personal data, there are two possible ways: create some custom code or use an existing one. Each of these paths will almost certainly extend the current user model and use it for your needs.
Here are a couple of useful links regarding your question:
https://docs.modx.com/current/en/extending-modx/custom-users
https://docs.modx.com/3.x/en/extras/login/login.tutorials/using-custom-fields
https://modx.com/extras/package/classextender
Related
I'm creating a website for a company which has 3 different firms. The domain hence will have 3 sub-domains like this:
www.example.com
firm1.example.com <-> www.example.com/firm1
firm2.example.com <-> www.example.com/firm2
firm3.example.com <-> www.example.com/firm3
The firms will not share code between each other. Each firm has its own db hosted on the same server. Each firm will have a link to main page ie, www.example.com.
I decided to create one module for each firm and a main module which will be called from main.dart. Now how and when do I call the second module. While doing so, I'm not understanding the necessity of having a module over controller.
Is this right to modularize the app in this scenario?
What are the advantages of having multiple modules?
Should we use one router for each module? The reason I ask this is that in the future if I plan to remove firm3 and put it in a separate domain which will no longer be sticking to the main application, then I will have to remove the corresponding routes from the router which is unlikely for a modularized app.
A module is for combining a group of type registrations for the injector. Usually you also have several modules even when you have only one company.
Have a look at this example: https://github.com/akserg/angular.dart.ui/blob/master/lib/carousel/carousel.dart
This is a Carousel component which consists of two components which are always used together and which depends on the TransitionModule.
The CarouselModule allows you to register all those types with just install(new CarouselModule);
A module has nothing to do with program logic, it is more for registering a group of Angular components, directives, services, ... at once.
A controller is all about program logic.
What are the differences between these three companies?
You could create three different apps and move the code you want to reuse between these apps in a package and import this package from these three apps.
Update
If the 3 apps share no code it doesn't make any sense to put them in one application.
You can use virtual directories functionality of the web server you are using.
What you get is a dependency between applications that have otherwise nothing in common (besides being served from the same server).
You have to cope with code size. Each user loads the code for 3 apps even though he wants and can only use 1/3 of this.
In Dart it is not so easy to load code on demand (at least not yet).
Summary: Your approach has no advantage and serius disadvantages. Create three independent apps instead.
Modules are not the same thing as Controllers. A module holds all of the parts of your application. That includes Controllers, Services, Directives, etc. A Controller is only one thing that belongs to a Module. A Module not only holds parts of your application, but it also allows each of the pieces to find each other. Modules are the basis of dependency injection.
So you have 3 different firms within a single company. Are those firms apart of the same domain? Are they separate websites or a single website? If each firm has their own domain or separate websites you will have no choice but to separate them into separate angular apps. A single page application cannot span multiple domains.
If you are defining routers per module then you're looking having separate applications. You can define 3 separate modules and import them into a Main application, but the Main application would define the router. I'm not entirely sure you can have multiple routers per app in separate modules. I can't find any examples of that. In theory maybe, but it seems like it would be difficult to maintain.
But only given what we know it's hard to make any more recommendations because how the 3 firms interact isn't really known. Will they share code? Do they have to be all in a single page application or can you split them into separate html pages each with their own angular app?
Updated:
So I would separate each firm into their own App with their own router. I would make them each a separate single page app. You can choose to share code or not. My application consists of multiple single page apps and I share code between them. Here is how I do it:
var RegistrationApp = angular.module("RegistrationApp", ["ngResource",'ui.bootstrap',"ngRoute", "ngAnimate"]);
var App = RegistrationApp;
Then in any other type of thing I define I use the global variable App like so:
App.factory("RegistrationService", function($http) {
By having the global variable App defined in all of my applications that I build I can share code simply by including those components in with the app the client is loading and it'll pull in that code into that App's module.
Login will be something the server side does and it will drop a cookie on your browser so each app technically could use that authentication provided the cooke maps to the domain. If you have separate URLs for each firm (ie firm1.company.com, firm2.company.com, firm3.company.com) you have to be careful how that cookie is defined because by default if you login under say www.company.com that cookie will not be seen by firm1,firm2,firm3 because those are different domains. You'll have to set a cookie for .company.com so subdomains can see it. But if you do it right login won't require communication between firms/Apps.
I think the easiest would be to manage that at webserver level.
If I understood well, you have 4 independent sites:
www.example.com
firm1.example.com
firm2.example.com
firm3.example.com
I you are using Apache, that would mean different 4 virtual hosts. Then, you just need to redirect www.example.com/firmN to firmN.example.com using, for instance, .htaccess.
Alseo, security-wise, this method allows to have the data of each company in a separate container, if once you have an attack in one site, you don't want the attacker to have access to all the other sites.
I’m currently building an ASP.NET MVC 5 EF6 blogging web application.
I have two databases and contexts :
-a database for the actual data of my application (blog posts, blog categories, tags, etc) .
-a database for authentification and membership purpose (users and roles).
I am able to authorize a given user the right to add/edit/delete blog posts, using the authorize attribute in the BlogPostcontroller :
[Authorize(Roles=”Administrator,Author”)]
and it works pretty well..
MY GOAL : let’s imagine I want to grant an user the right to add/edit/delete a subset of all the blog post or blog categories (let’s say only to the “Cooking” and “travel” blog categories).
I started to think about creating a navigation property between the user and the blog category entities, but apparently foreign keys between two separate databases are not supported by the entity framework.
Do you guys have an idea of a walk-around for this problem?
Your help will be much appreciated.
This is what you need.
http://typecastexception.com/post/2014/02/19/ASPNET-MVC-5-Identity-Implementing-Group-Based-Permissions-Management-Part-I.aspx
Basically, the privileges is what you will need to configure and associate user roles.
If you want to keep your authorization data separate from your business data, i.e. in 2 separate databases where one contains user information and permissions and the other contains your blog data, then what you actually want to achieve is externalized authorization. That's actually a great intent. After all, do you keep authentication information with your application data? Of course you don't.
Different frameworks give you externalized authorization capabilities. For instance, in .NET, you have claims-based authorization.
You can also take a generic approach and use XACML, the eXtensible Access Control Markup Language. XACML uses attributes (it's an attribute-based access control model as opposed to simply role-based) and combines them into policies & rules to define what can happen. For instance, with XACML, you can write the following rule: A user can edit blog posts he/she owns.
In XACML, you have the notion of an authorization engine called the Policy Decision Point (PDP). That PDP links together all the information it needs to make decisions. In your case, it will use the 2 separate databases and create the relationships on them.
Now, if your use case is simple, using XACML might prove too much. In that case, just use claims-based authorization.
We've been having a debate at work recently about the merits of encoding output data from trusted sources such as an Active Directory. We have a web application that displays list of users that are queried from AD and allows them to be managed in various ways. The argument goes that if the data coming from the AD is not Html encoded, then it's possible to inject script and perform XSS style attacks against the site if you have access to the Domain Controller; for example by adding a script as the first name name of a AD user.
The two schools of thought (1 for not validating and 2 for validating) seem to be:
If you've got access to the DC, you can do a lot worse than inject code into a site which displays information you've already got access to. You could also just view the information directly. So why bother?
If you were a domain admin, you could craft this attack thus creating a backdoor which would enable you to get access to information even if you left the company.
I think the issue at hand is really a more generic one, do you need to guard against (and thus encode) output data from a trusted source, in addition to the common practice of guarding against malicious input.
It is good practice to always do output encoding. You've tagged the question with MVC, so I assume your web application is an MVC one. If you're using Razor views, output is automatically encoded. More details here.
So I am creating a web app, that will give each registered user a unique 'workspace'. This workspace should be accessible by anybody they give permission to.
I have the main domain for my marketing website, but I am trying to figure out how to manage the nitty-gritty domain management of the web app itself.
Should I buy generic domains that I then use to allow the users to chose one of them for their workspace, and create a unique subdomain there, or how should I approach this?
My web app is written in Rails.
The term Domain has a few meanings - I assume you mean "Domain" as in the hostname in a Domain Name or URL, also known as the "third-level domain name" (e.g: www.mysite.com - where mysite.com is the hostname).
I am trying to figure out how to
manage the nitty-gritty domain
management of the web app itself
I've usd 4th level domains before (also known as local hostnames, e.g: images.mysite.com, admin.mysite.com), but these were provisied via a helpdesk at the telco who managed the A-Records for our domain name, so it wasn't a quick and easy automated process.
I've also seen hosting firms provide web-based tools that allwo you to do this yourself - where they manage the A-Record.
In both cases management of the 4th level domains is performed manually. I haven't hread of anyone automating this within an app the have developed - it's obviously possible but definately non-trival.
Should I buy generic domains that I
then use to allow the users to chose
one of them for their workspace, and
create a unique subdomain there, or
how should I approach this?
It depends. Even if you host the application there's no reason why the client can't set-up a 4th level domain that points at your server and not their own; this would mean that your app would need to lookout for the 4th level domain only as there's no guaratee they'll be using a 3rd level domain your app "knows about".
Say John Brown from 'Studio ABC' signs
up at mysite.com, what should I do?
Give them studioabc.mysite.com or
mysite.com/studioabc
It depends on what you want to achieve and what over-heads your comfortable with:
The "mysite.com/studioabc" option should be easy to auto-provision through your app, so in some ways that'd be easier to work with.
A problem with the "mysite.com/studioabc" option is that (depending on how much control you have over the web server) all your files (from all clients) will be in the same place - that will make it more complex to manage (back-ups, etc).
The "studioabc.mysite.com" is going to be harder and slower to provision (as DNS changes are required), but you have the advantage in that you can run them as seperate sites if you want to. For example, if "thebeatles.mysite.com" takes off you'd be able to move it to a different physcial web server that had better performance, but you can't move "mysite.com/thebeatles" so easily.
In both cases your app will be a Multi-tenanted one (except in cases such as studioXXX.mysite.com where the site is hosted elsewhere); data access becomes an issue - keeping the clients data separate. There's different approaches you can take for this, see this article on Multi-Tenant Data Architecture. (BTW - I know it's an MS article and you're working in Rails! - but it's an excellent article which will be helpful).
Buying a generic name is, well, generic. If you wanted to foster a community of clients around a particular thing then get a domain name that makes sense for that; if you use your own domain name it would in-effect be a form of advertising.
And rather than it being mysite.com,
should it be obscuredomain.com that
the actual web app resides at and
therefore gives the subdomains of,
because mysite.com is the marketing
site.
I think either will work - the question is what do you think you're clients would prefer? How does that stack up with your business model? The domain name is an important part of any online presence (from a marketing side) as it helps define the identity of the site and those who use it - so choose carefully.
Do you ever want to sell this off? If you do you'd want to build it on a domain name that you were happy to sell with it. So with that in mind I'd have a domain name for your product / service and a seperate one for your business - assuming that you'd one day want to sell the site but not your business. Alternatively, if the website is the business and you're happy to sell them as a whole package then I'd put it all under the same domain name.
Finally, you might have more than one domain, each providing a different level of service (and each could have 4th level domains hanging off it instead of www):
www.mysite.com
www.mysitepremium.com
www.mysitecheapskate.com
I want to create some kind “social” connection/interaction in an application that I am creating.
The application is for a restrict group of professionals, that would benefits for social connection/interaction with each other.
So now I don’t know what to do. Do something new, integrate with an existing one ?
I am open for ideas.
---- UPDATE ----
Some basic features should be:
•Private Messages
•Blog functionality
•Publications
•A user profile, with basic info
•Friends list
•Pools
Open source product, if possible.
Platform. For now yes win32 application. Later if the concept catch on we can go web. Be this is only an extra feature of a big application, not the main feature.
Your question is quite vague but I try to give you some pointers.
First you need to define what functionality you want in your application. You want a social network site for professionals so we can rule out the fluffy bits. But there are other aspects of a social network site that you maybe want to include:
Real time chat (one on one or multi, and do you want to include voice and view)
Private Messages (like email)
Discussions (like a discussion forum)
Blog functionality
Publications
A user profile, and what do you want to include.
Do we need to maintain a friends list?
And special purpose groups.
Then you need to decide if you are going to buy, take or make the software. Maybe you can adapt some open source product.
Then you need to decide on a platform. You have tagged this question delphi win32. But why not use a web based concept.
If you have more concrete problems, we are glad to help.
Looking at your requirements– you need a web based application
Use something like Drupal it can do all the basic features you require
And you will not have to write a single line of code.
It uses MySql as it’s database – and has hundreds of different plug-ins