I've setup an editing profile user flow in AzureAD B2C with standard attributes (GivenName, Surname, DisplayName and Country) and also with custom attributes (e.g. VAT and FavoriteProduct).
After I run the user flow and modified the attributes values, I see the resulting audit log with the value changes, but only for the standard attributesv (GivenName, Surname, DisplayName and Country).
Is there a way to see also the changed values of custom attributes (in my case VAT and FavoriteProduct) in the audit logs? I need to collect them.
Also tried with a custom policy user journey, same result
Related
I want to ask you a question about my project.
I have a DataGridView in my C# project which has two columns: One is DataGridViewTextBoxColumn, the other is DataGridViewComboBoxColumn.
I have usernames and authorities columns in my DB. Usernames are email addresses like abc#domain.com and authorities are either user or admin.
I want to bind via DataTable usernames to DataGridViewTextBoxColumn and authorities to DataGridViewComboBoxColumn but combo boxes must show usernames' authority by default and also have the option to change it between user and admin.
Thanks for any help.
you can do all you need in the designer ... you just have to put "user" and "admin" in the Items collection of your DataGridViewComboBoxColumn
In order to minimize the number of joins that I have to execute in my application I decided to copy in my database the same field in several tables for example :
I have a User, Product and a Wishlist Table.
My Product pages shows the user who created the product, as the wishlists pages which also shows the user who created them.
So I added in my products and wishlists table all the users field needed to show the required informations.
How can I update the users related fields in my Products and Wishlists Table as soon as the user change his information ?
Here is a part of my model :
User Table
Full Name
UserName
Avatar URL
Product Table
Product Name
Product Price
User ID
User Full Name
Username
User Avatar URL
Wishlist Table
Wishlist Name
User ID
User Full Name
Username
User Avatar URL
Thanks in advance for your answers !
Firstly, by denormalizing the data in the way that you are, you are working against what relational databases are meant to do. They thrive on joins, and having each piece of data appear as few times as possible. So you really want to make sure that this is the schema that you want.
That being said, you can use the basic update_attibute syntax to update any field in any table. So, if a user edited his or her username, you would do:
User.update_attribute(:username, username)
Product.update_attribute(:username, username)
Wishlist.update_attribute(:username, username)
I was looking for a data level Authorization filter in my ASP.Net MVC 4 Application.
We are using Entity Framework for Data access.
The application need to display all the data but should restrict the access to certain fields in a table based on the user roles.
eg: TASK table
{
int Id,
string TaskName,
DateTime StartDate,
DateTime EndDate
}
This whole data will be displayed to all the users and users have the options to edit the fields also. But should restrict the edit options like as follows
Role Admin can edit all the fields
Role Manager can Edit TaskName but cannot edit StartDate and EndDate
Role Users cannot Edit any of the fields
All these edit will be calling the Edit action in the TaskController.
How can I implement the functionality in my application.
You might try Postsharp. PostSharp allows you to design custom attributes for injecting boilerplate code at compile-time. It should be possible to use it for scenarios such as your example. I've used it for exception handling, logging, caching, & security. It can be applied to any layer or framework.
See, "Securing Fields and Properties" in the following illustrated example:
http://www.sharpcrafters.com/solutions/authorization
Hope it helps.
This is not EF, another ORM, but might help to see how it can be done - full source code is here.
Autorization subsystem is explained here.
It does what you need - row-level, up-to-column granularity, role-based authorization.
Sounds like what you are after is a true 'business' object that is smart and contains authorization at the property level not just at the method level. I would suggest using CSLA.NET and create your business object model with smart objects. This gives you that feature as well as a bunch of others.
This whole data will be displayed to all the users and users have the options to edit the fields also. But should restrict the edit options
Instead of a single Edit action in Task controller
create a specific action for each unique field set allowed to be edited
Edit(TaskName, StartDate, EndDate) for Admin
Edit(TaskName) for Manager
no Edit action for User, since ther are not allowed to change any fields
use authorization per action
How can I get a list of students from D2L? I want to get the grades of the students and when I get the classlist, I get both instructors and student marks.
You can use /d2l/api/lp/{ver}/enrollments/orgUnits/{orgUnitId}/users/. This will fetch a paged result set of all the users enrolled in the course offering identified by orgUnitId. Note that you can filter the result set with the roleId query parameter; if you know the role ID for students, you can provide that to fetch back just the users in the course with a student role:
https://your.lms/d2l/api/lp/1.0/enrollments/orgUnits/6784/users/?roleId=78&{all_auth_qparms}
Note that the enrollments API calls require certain role permissions of the calling user context. The calling user account needs 'View User Enrollments' permission, and to have the 'Search for <rolename>' permission for the enrolled user roles visible in the output:
Without 'View User Enrollments', you won't have any permission to query enrollments at all, and you'll likely get a 403 back (no permission, or forbidden).
If you don't have the 'Search for Student' or 'Search for Instructor' permission (or whatever your local roles are), then although you can make the enrollments call, the list of enrolled users you get back will get filtered down to only the roles you can 'Search for'.
Edit. I've fixed this answer; the default role ID for students was not 3 (that's the default OrgUnitID for course offerings, I think). On our test server the default student role ID is '78'.
Edit 2. I've added more information about the permissions required to get useful information from the enrollments call.
Our web application needs one common parameter in every action method.
In our case it is the customer account id and we need to support the following scenarios
a. A group of users might have the same account id which can be derived from the user profile.
b. Customer Support team should be able explicitly supply the account id of a customer and also should be able to switch the account on any page
We are trying to not to use asp.net session to store this kind of data.
Are there any other options to store and manage this kind of common parameter data?
Write it out as an ecrypted value to hidden field on your master page and supply the value to every view. When the user is in a a customer role, place a change account "control" on the page that is able to retrieve and update the account data -- via AJAX, perhaps -- to change the current account id. It might be easiest to do this with a custom base controller which gets the data via the ValueProvider directly and stores it as a property on the page rather than having it be a parameter to every method.
Use Routing for the value. So if you need to change the id you can use another URL or post it as a parameter.
Whenever you need the value just ask the ValueProvider for it.
In case it is blank - use the one from user profile.
Of course you'd better write small method that will do just that:
// Register route like:
route.MapRoute("ProvidesAccountId", "{controller}/{id}/account{accountId}/{action}.aspx")
// Property on the base controller
protected Account CurrentAccount {
get {
var accountId = ValueProvider.GetValue<int?>("accountId"); // GetValue is just a helper
if (accountId.HasValue)
return YourRepositor.GetAccountBy(accountId.Value);
return CurrentUser.Account;
}
}
Not to use current user's account hit the URL: Profile/123/account/Edit.aspx
To use another account you can hit the URL: Profile/123/account-456/Edit.aspx
You get the idea.
Cheers,
Dmitriy.