I have a spring application, with Oracle database behind. I have a user table in the database.
The users' active state in the database can have three values: -1, 0, 1.
I can access this value from thymeleaf this way: <span sec:authentication="principal.active"></span>
I would like to show a div only for the users that's active state is -1.
What's the correct <div th:if ...> syntax to check this?
Thank you!
You are looking for the following:
th:if="${#authentication.getPrincipal().active} == -1"
Watch out however, because depending on the version of thymeleaf-extras-springsecurity you are using, the access to the authenticated user differs (you might have to use #authentication.principal.active or something of the sort).
Related
Say I have the following q-input:
<q-input
v-model="form.email"
inverted-light
color="white"
stack-label="Email:"
type="email"
#blur="$v.form.email.$touch"
:error="$v.form.email.$error"/>
I'd like to be able to make it so that if the domain of the email is mydomain.com that the form action will change to another website (without csrf protection) and the POST will be made to that website instead of the main one.
To do this I was thinking I could use jQuery. eg. $('#email').val().replace(/^.+#/, '') == 'mydomain.com' then change the form action and submit.
The only problem is: I don't know how to set an id attribute on q-input.
Any ideas?
As of early Quasar 1.4.2 (November of this year) you can specify the id value on the resulting html generated by q-input by using the "for" property (see the end of the behavior properties: https://quasar.dev/vue-components/input#QInput-API).
So, for example, you could add for="myInputId":
<q-input
v-model="form.email"
inverted-light
color="white"
stack-label="Email:"
type="email"
#blur="$v.form.email.$touch"
:error="$v.form.email.$error"
for="myInputId"
/>
The id attribute with value "myInputField" will end up on the resulting <input> element in your HTML.
Not using the "for" in the elements gave me a lot of headaches because the Jest snapshot generated random IDs
I have a page that is a report from a database and I'm working on modifying how the filtering works. The intention is to allow the user to select possible values form a list that will be used to filter the resulting report. There are too many values to do this with checkboxes. I'm defining a multiple selection list box with this:
<g:select name="country" from="${countryDataList.KOUNTRY}" value="${params.country}" multiple="true" />
countryDataList is a List<> of objects with a name and a value which I create in the controller. I'm able to get the selected counties and process them without an issue.
But when the page returns from the controller with the filtered report, only the first selection in the list is selected. It doesn't re-select all of the items that the user selected. I am passing the params.country object back from the controller as
country:params.country
I saw some posts about this not working, but they are all from several years ago. Am I missing a vital step?
Ahh sorry, I was reading it on the phone initially and missed the point.
So what you want is a way of sending a multiple select box to a confirmation page. If I understand correctly?
Anyways how many objects in the select are we talking massive or a dozen couple of dozen or so ?
What I did was use check boxes and did a confirmation which shows the selection ticked in check boxes.. So this is the confirmation page that loads in https://github.com/vahidhedayati/mailinglist/blob/master/grails-app/views/mailingListEmail/confirmcontact.gsp
this page which is where multiple attachments selected from the schedule re-appear...
https://github.com/vahidhedayati/mailinglist/blob/master/grails-app/views/mailingListAttachments/_mailerAttachmentsDisplay.gsp.
Please note advice below is all conceptual stuff and there may be easier ways than this
Other than that You could create a taglib call on the confirmation page https://github.com/vahidhedayati/ajaxdependancyselection/blob/master/grails-app/taglib/ajaxdependancyselection/AutoCompleteTagLib.groovy#L55 which takes in your arrayList you could probably convert it to JSON pass it into the javascript that you load in within the taglib (on mine further down it loads this page in)
https://github.com/vahidhedayati/ajaxdependancyselection/blob/master/grails-app/views/autoComplete/_selectJs1.gsp#L23
and look to reselect them using javascript... as I say I haven't tested the last bit, the first bit i.e. checkbox works it is/has been in use.
Years later from you I just had the same problem. What I figured out is: it happens when params.country is an array instead of a Collection (i.e. an ArrayList).
A workaround for this if you want to stick to the array type is at the value attribute of the tag doing this: params.country?.findAll().
I have check boxes in a list
HTML Code
<g:checkBox id="isBookable_${index}" class=" isBookable" style = "width :auto" name='isBookable' value='${careProviderScheduleExceptionInstance?.isBookable}' />
Problem
When I get the list of this checkbox i.e isBookable in params, the values for only the checkboxes that are checked comes in the list and the value comes as on and not true.
I want the values should come as true or false based on if the checkbox is checked or not.
Thanks in advance.
Grails g:checkbox does some shenanigans for the binding magic to work correctly when you do something like:
def schedule = new Schedule(params)
So that schedule.bookable would get populated correctly. I've never been a big fan of how it works but it is what it is and at the end of the day, it does work for typical use cases.
You have to remember that per the HTML spec, you're not going to get unchecked checkboxes passed in on a form submit. So looking for false is a moot point. What you would have to do is take the ones that do get checked (and submitted) and compare that against a list of possible bookable 'schedules'.
A work around would be to use Javascript to submit your form and pass in all the checkbox's with whatever value you want mapped to the correct instance.
I've been reading about adding Honey pot fields to my forms for combating bots/spam. Only problem is theirs no guides or anything on where to start. Many sites say to make a field that is hidden that only the spam bot would fill out. But as I'm new to this, don't know where I would start in my application. Could anyone give me the advice on how to set this up? I am trying to make my Devise registration page use honey pot fields.
The basic idea behind honeypot captchas is that you have a hidden (via CSS) field named something like "form" or "email" or "content" that (to a bot just reading the field name) looks like it should be filled in. Then, when the server looks at the submission, you make sure these hidden fields are blank. If they aren't, then you flag the post as a bot.
Here's a well explained example (with some code in ASP), and here's a Rails Gem that provides honeypot captchas.
That Rails Gem I linked looks like it's very easy to use once installed:
<% form_tag comments_path, :honeypot => true do -%>
...
<% end -%>
Although if you're interested in learning about the approach rather than just having it implemented, I'd recommend you roll your own. If you're rolling your own, it's important to make sure that the field is hidden by CSS (or some other style/positioning trick) and not input type="hidden" - as otherwise the bot might not fill out the field.
As Michael Mior pointed out in the comments, it's important to have a message next to the hidden field telling the user to leave it blank - otherwise users with screen readers might erroneously fill it in. This feature is missing from the gem I linked to - so if you're making an accessible website (which you almost certainly should be) you may need to modify it or roll your own.
Keep in mind that this trick isn't foolproof - there's nothing stopping a bot from rendering the page and determining which fields are actually visible to the user before filling any in - but that kind of bot would be considerably more complex than one that just looked at the form html. A honeypot captcha is likely to be very effective at stopping simple bots.
Try invisible_captcha (supports Rails 3, 4 and 5).
It works pretty well for small and medium (in terms of traffic) sites, with a simple and flexible approach. It also provides time-sensitive submissions.
Basic usage
In your form:
<%= form_for(#topic) %>
<%= invisible_captcha %>
...
<% end %>
In your controller:
class TopicsController < ApplicationController
invisible_captcha only: [:create, :update]
...
end
HTML -
<input type="text" name="verifyEmail" id="verifyEmail">
PHP Validation -
if(strlen($_POST['verifyEmail']) > 0){
header('location: {some redirect URL here..}'); //Send them way away from your form :)
die(); //Stop execution of the script
}
CSS -
#verifyEmail{
position:fixed;
visibility: hidden;
top:-500px; left:-500px;
}
dislplay: none; does not show to a bot in HTML (try it with view source)
visibility: hidden; left:-500px; top:-500px; (displays when you view source)
I used display:none honey pots for a while, then switched to visibility option when it occurred to me that the field didn't show in the source code. Do it with a class or id in CSS, not inline style. Notify users with label is good idea, and name is not so important because most bots generally fill in all fields.
Definitely not a catch all but very effective if used with a basic math captcha.
I will share what works 100% for my site right now.
For almost a week we have been testing ways to prevent the high number of fake users called "Spam Bots" as well as "Brute Force Registrations" both are FAKE USERS.
You can find on the internet many ways to apply what is called a honeypot or a hidden field in the registration form.
The purpose of this trick is we fool the FAKE REGISTRATION as it will always fill data in the hidden field thus causing the registration process to DIE preventing the fake registrations.
Now we mentioned many variations of this trick can be found on the internet, and we will explain why our code is quoted as 100% working as for 2 days now it stopped all SPAM BOTS, and all Brute force registrations.
The secret is how we hide the field with a name like "field1" as bots will catch on if we use a common name like password or zip code etc. Using a name like field1 and autocomplete = off force the BOTS to fill in the field and prevents it from determining what the field is for, so it will keep filling it in with data killing the registration attempt.
This image below shows the code we used in the registration form.
<input type="text" name="field1" style="display:none !important" tabindex="-1" autocomplete="off">
This image below shows the code we placed in the PHP form that processes the command to kill the registration if data is entered into the field
if(!empty($_POST['field1'])) die();
For the past 48 hours this code has yielded ZERO SPAM BOTS and ZERO Brute Force Registrations. Enjoy from all of us at AFFA Social
If you wish to manually test this code simply remove the style="display:none from the registration form code above. Try to register putting data in the hidden field, and then registration dies, and if you remove the data from the field the registration will continue.
<div id="honeypotdiv">
If you see this, leave it blank. Only bots should see this
<input type="text" name="body" value="" />
</div>
thanks in advance for any input. I am using struts2 and jquery in this app.
I tried to use displaytag for pagination but my tables have images and there wasn't a way I could make displaytag work with images.
So now I have custom coded pagination which uses <s:subset> which works great so far except that I don't know how to make it go to another page.
Basically in <s:subset> I just want to change the start attribute and then refresh my JSP. My code evaluates the start attribute correctly with a given page number.
My s:subset tag is like below,
<s:subset source="pageableList.pagedList" count="pageableList.pageSize" start="pageableList.start" >
<s:iterator>
I think I want to use <s:url> to display my clickable page numbers but I'm having trouble there.
I have my page numbers in a list (which I evaluate in my action class right after my search completes), then in my JSP where I need to display the clickable page numbers, I iterate through the list, displaying the page numbers like below -
<s:iterator value="pageNumList" > | <a href='#'> <s:property/> </a> </s:iterator>
I guess I need to pass the clicked value of page number to the action class, then since the search results are in a list in the action class, without hitting the database again just display the results page with the new value of start attribute.
Any ideas how I might do that? I have been considering using a Decider attribute with <s:subset> but maybe there is a simpler way?
Thanks again for any input.
Regards,
veeCan
If you do not want to hit your DB again, cache the results of the initial query in RAM in your Action class (reference a static cache somewhere). Also, you don't have to go with a cache-all-or-nothing approach -- you can cache the first N pages and then when you near the end of the cache, fetch the rest. If you do it right, you can maintain minimum RAM footprint but preserve a snappy user experience that leverages user think time (depends on your app).