How to disable searching for a resource with Scout without removing the Searchable trait from the resource model?
I want to deliberately bypass the Scout search inside Nova.
Add this to your Nova Resource
public static function usesScout()
{
return false;
}
Related
what is recommended way to create custom pages OAuth Approval page:
I have to completely override the stuff on the page, need to add styles, branding etc. What is the right way to achieve that? Where could I see the source of the default page to use it as a starting point?
I also need to override the /login page but I think the approach of overriding it is going to be pretty much the same.
The recommended way is to provide a normal Spring MVC #RequestMapping for the "/oauth/confirm_access". You can look at WhitelabelApprovalEndpoint for the default implementation. Don't forget to use #SessionAttributes("authorizationRequest") in your controller.
In addition to #DaveSyer's answer, which should work for the most of the cases. Sometimes based on configuration and customization the aforementioned method may not work, if FrameworkEndpointHandlerMapping from Spring Security OAuth package has higher order than RequestMappingHandlerMapping of your application. If this is the case, then servlet dispatcher will never reach you mapping and will always show the default page.
One way to fix it is to change the order of mappers, given that FrameworkEndpointHandlerMapping's order is Order.LOWEST_PRECEDENCE - 2.
Another way is to set the approval page to a custom URL, not mapped by FrameworkEndpointHandlerMapping, thus servlet dispatcher will reaches you application's mapping
#Configuration
#EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
#Autowired
private AuthorizationEndpoint authorizationEndpoint;
#PostConstruct
public void init() {
authorizationEndpoint.setUserApprovalPage("forward:/oauth/custom_confirm_access");
authorizationEndpoint.setErrorPage("forward:/oauth/custom_error");
}
}
With such a configuration mappings of /oauth/custom_confirm_access and /oauth/custom_error will be used as a confirmation page and an error page respectively.
I'm looking for a better logging approach for a large MVC project. I tried to look around towards other's suggestions (like Log4Net, Nlog, ELMAH, EntityFramework's Self tracking & few others), but could not find reasonable answer. By term logging i don't simply mean logging few requests or exceptions etc. But log for every little change in properties. That's the reason I'm looking for some perfect (generic) approach, which can be used for several applications. I need to roughly log as:
public class someModelPerson
{
public string Name { get; set; }
public string Age { get; set; }
}
If through some action, the current object of someModelPerson is updated, I need to log at the end of the method as:
Property Name changed from 'John' to 'Don' by user 'xyz' on 12/12/12
I worked with EntityFramework selftracking and implemented something similar and generic (using templates etc) but it's no more recommended by Microsoft.
I'm okay if the solution requires a little customization accordingly.
plus do suggest the better DB schema for storing log of single model modifications. (like update_person method may change name, age, height of a person. How should it be logged at DB level? single entry? separate table for changeset?)
you can use Postsharp as stated in website :-
PostSharp offers a solution to all of these problems. The logging
pattern library allows you to configure where logging should be
performed and the pattern library takes over the task of keeping your
log entries in sync as you add, remove and refactor your codebase.
Let's take a look at how you can add trace logging for the start and
completion of method calls.
For more information take a look here :-
http://www.postsharp.net/diagnostics/net-logging
public class LoggingFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.HttpContext.Trace.Write("(Logging Filter)Action Executing: " +
filterContext.ActionDescriptor.ActionName);
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
if (filterContext.Exception != null)
filterContext.HttpContext.Trace.Write("(Logging Filter)Exception thrown");
base.OnActionExecuted(filterContext);
}
}
Is there any way how to display only links with access, which is defined by
[Authorize(Roles = "SomeRole")]
In controller?
I don't believe that there is a simple solution for doing this without reflecting the Controller, getting the Action and checking the AuthorizationFilters.
With that said, an alternative solution might be to create an extension method overload for Html.ActionLink which takes a role name and check User.IsInRole(roleName). Only output a link if the user has access to the specified role.
Something like this:
public static class EntentionMethods
{
public static MvcHtmlString ActionLink(this HtmlHelper helper, string linkText, string actionName, string controllerName, string roleName)
{
if (!helper.ViewContext.RequestContext.HttpContext.User.IsInRole(roleName))
{
return MvcHtmlString.Empty;
}
return helper.ActionLink(linkText, actionName, controllerName);
}
}
Not a pretty as you might have been hoping, but this often serves the needs.
The Authorize attribute should be placed on the controller actions (or controller itself) in which you want to restrict access to, this way you are enforcing only users with the role of "somerole" to access the links generated to and from the controller actions. The links you want to restrict access to will not be displayed from the Authorize attribute. It simply restricts and enforces users in roles, or users with certain names to access the actions, if roles and users are explicitly defined.
One possibility is to use MvcSiteMapProvider for your menu. It has a built-in security trimming feature that automatically hides links according to AuthorizeAttribute. If you don't like the built-in HTML helpers, you can customize the templates and/or build your own HTML helpers that hide links based on node accessibility.
Or, if you don't want to use a 3rd party library, you can reverse engineer the AuthorizeAttributeAclModule to make your own implementation.
Full Disclosure
I am a major contributor of MvcSiteMapProvider.
I am writing an Orchard CMS module within a multi-tenant application.
I would like to be able to access the settings declared when the tenant was set up, namely the DB table prefix which i'd like to use as a unique identifier for the current tenant in other areas of my system.
Is there an API/Helper I can query for these settings?
Cheers.
Get the site item from the work context. It has all the settings as parts. For the table prefix specifically it's a little different: you need to inject ShellSettings. But I would question the need to do that first...
I have found this, if it helps:
private readonly ISiteService _siteService;
public MyController(ISiteService siteService)
{
_siteService = siteService;
}
public void MethodExample(){
var myVar = _siteService.GetSiteSettings().BaseUrl;
}
I realise that I can prevent unauthenticated users from accessing views at controller level by applying the [Authorize] attribute and can also filter views down to individual users or roles using this. However, my question is regarding doing the opposite... Is there a way to deny authenticated users from certain views without having to manually add in checks to see if they're authenticated in the opening lines of the controller code? Ideally an [Unauthorized] attribute or an equivalent if such a thing exists?
The reason for this is that I don't want authenticated users to be able to visit the account creation pages of the site I'm working on, as well as other resources. I realise I could check them in the controller explicitly but I'd prefer to decorate the controller methods if at all possible.
Thanks :)
This is along the lines of what LukLed was referring to:
public class UnAuthorizedAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
bool excludeCondition = false;
if (excludeCondition)
filterContext.Result = new HttpUnauthorizedResult();
else
base.OnAuthorization(filterContext);
}
}
Simply put in the logic for your excludeCondition. You can also to choose to do things like redirect to other views. Just mark your code with [UnAuthorized]
You can write your own authorization filter. Inherit from FilterAttribute and implement IAuthorizationFilter. Call it UnauthorizedAttibute and you will be able to use it like [Authorize].
Hear You can read about filters:
http://www.asp.net/LEARN/mvc/tutorial-14-cs.aspx
A simple way to accomplish this? Just leave the action untagged, and start with:
If(Request.IsAuthenticated)
// redirect somewhere, or return another view...
this could also be accomplished fairly simply if you are already using a roleprovider. then your actions would just need to be filtered by the appropriate role:
[Authorize(Roles = "Admin, Editor")]