Move guards to database in ZF2 application with ZfcRbac - zend-framework2

I am using ZfcRbac for managing role-based access control for my ZF2 application. Currently I am controlling the access by updating the guards in zfc_rbac.global.php file in following way.
'guards' => [
'ZfcRbac\Guard\RouteGuard' => [
'p304' => ['*'],
'zfcuser/logout' => ['*'],
'home' => ['admin', 'engineer', 'user'],
'application*' => ['admin'],
'AppUser*' => ['admin'],
'Clients*' => ['admin', 'engineer', 'user'],
'zfcadmin*' => ['admin'],
'zfcuser' => ['admin', 'engineer', 'user'],
'zfcuser/login' => ['guest'],
]
],
I am struggling to find a way to move it to Database. Hope any one can help me to move this access control definition to database.

If you are using Doctrine as ORM there is already a documentation in ZfcRbac on how to implement this.

Related

getting wrong user with laravel sanctum

I am using Laravel Sanctum to provide a personal access token to my clients.
I am using these guards in auth.php:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'client' => [
'driver' => 'token',
'provider' => 'clients',
'hash' => false
]
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'clients' => [
'driver' => 'eloquent',
'model' => App\Models\Client::class,
],
],
I give my clients tokens using the following code:
$client = Client::find($id);
$token = $client->createToken('CLIENT_TOKEN');
but whenever I try to access the user with $request->user() I get the wrong user. while the token is completely different from what the retrieved user is.
I am using laravel-swoole package as my webserver.

How do I access "request" and "session" objects from within my rspec tests?

I have a Rails 4.2 application that does different business depending on host name. I know this practice is frowned upon in certain circles but I managed to get the same code base working on about 400 websites, the amount of time|cpu|ram|db|money|squirrels saved is tremendous.
Eg:
For www.example.com for user john#doe.com it might show Product 1 with a $5000 price tag;
For www.blah.com for all usrs it might show Product 1 with a $123 price tag. And a shipping fee of $400.
This is all based on host name and a number of variables stored into session when users visit and/or log in to the website.
I'd like to write a bunch of specs to test various aspects of the application but I need to be able to set the request.host, format and some things in the session.
How do I get this done?
Later edit:
I managed to do a find and replace through the source code and get the session/request access done from within some helper methods. Now I can stub within my specs as follows:
allow_any_instance_of(ApplicationHelper).to receive(:detect_user_info_by_ip).with("ip").and_return( { :provider => "dummy", :ip => "127.0.0.1", :lat => 1.0, :latitude => 1.0, :lon => 2.1, :long => 2.1, :longitude => 2.1, :regi
on => "EU", :country => "GB", :city => "Testville", :country_iso2 => "GB", :success => true} )
allow_any_instance_of(ApplicationHelper).to receive(:detect_user_info_by_ip).and_return( { :provider => "dummy", :ip => "127.0.0.1", :lat => 1.0, :latitude => 1.0, :lon => 2.1, :long => 2.1, :longitude => 2.1, :region => "EU",
:country => "GB", :city => "Testville", :country_iso2 => "GB", :success => true} )
Bottom line is: easier to refactor and stub than access the request and session objects from within specs.

How to update groupings via Mailchimp API?

I'm trying to subscribe and update members of a Mailchimp list from my Rails 3.2 app via the API.
Everything is working fine, except that I am unable to set interest groups.
What is the correct format for setting groupings.
I've tried
merge_vars: 'GROUPINGS' => [
[
'id' => group_id,
'groups' => ['array', 'of', 'groups']
]
]
and
merge_vars: 'GROUPINGS' => [
[
'id' => group_id,
'groups' => "comma,separated,groups"
]
]
and
merge_vars: 'GROUPINGS' => [
0 => [
'id' => group_id,
'groups' => "comma,separated,groups"
]
]
and several other variations.
Nothing seems to work and the docs are unclear
Took me some time but I finnaly figured out the correct format :
#gb.lists.subscribe({:id => list_id,
:email => {:email => self.email},
:merge_vars => {:FNAME => self.firstname,
:groupings => [{:id => grouping_id,
:groups => ["name","of","groups"]
}]
},
:double_optin => false,
:send_welcome => false,
:update_existing => true})
I'm using rails 3.1.11 and gibbon 0.5.0
Hope this will help !

Unable to override route via DI

I'm attempting to override the routes provided by ZfcUser using akrabat's method, however it doesn't seem to have any effect. I'm starting by rebasing the routes from /user to /users but will want to add other routes later on (should be simple if I can get this working).
My DI configuration:
return [
'di' => [
'instance' => [
'Zend\Mvc\Router\RouteStack' => [
'parameters' => [
'routes' => [
'zfcuser' => [
'options' => [
'route' => '/users'
]
]
]
]
]
]
]
];
Am I making an obvious mistake or has the configuration structure for this changed since this blogpost?
You'd overwrite configuration from within your own modules.
'router' => array(
'routes' => array(
'zfcuser' => array(
//...
)
)
)
Though if i'm correct the full DI Path should still work... It's important, too, that your module loads AFTER the zfcUser-Module. So within your application.config.php be sure that your modules Namespace is listed after zfcUser. Since the arrays simply get overwritten depending on load time ^^

Ruby add_item for eBay

I am attempting to write a ruby on rails app that posts an item to eBay. Cody Fauser/Garry Tan have a gem called ebayApi which is built on top of the ebay gem. When I attempt to post an item, I am getting an error back from ebay that says the condition ID is required for this category. I have found a category that does not require the condition, and I can post to that category. Searching through the eBay API documentation, I have found a tag conditionID under the "item" class. However, in the documentation for ebayAPI, there is no such tag. Looking back at the ebay API documentation, there is an older way to specify condition, using lookup_attributes. I have noted that the return xml is coming in API version 745, and Garry Gan's updated of the ruby interface is running version 609. I have tried using the lookup, and seem to get the same error (condition required). I am using the following code to specify the item:
#ebay = Ebay::Api.new :auth_token => #seller.ebay_token
item = Ebay::Types::Item.new( :primary_category => Ebay::Types::Category.new(:category_id => #ebayTemplate.categoryID),
:title => #ebayTemplate.name,
:description => #ebayTemplate.description,
:location => #ebayTemplate.location,
:start_price => Money.new((#ebayTemplate.startPrice*100).to_d, #ebayTemplate.currency),
:quantity => 1,
:listing_duration => #ebayTemplate.listingDuration,
:country => #ebayTemplate.country,
:currency => #ebayTemplate.currency,
:payment_methods => ['VisaMC', 'PayPal'],
:paypal_email_address => '********#gmail.com',
:dispatch_time_max => 3,
:lookup_attributes => [Ebay::Types::LookupAttribute.new( :name => "Condition", :value => "New")],
# :attribute_sets => [
# Ebay::Types::AttributeSet.new(
# :attribute_set_id => 2919,
# :attributes => [
# Ebay::Types::Attribute.new(
# :attribute_id => 10244,
# :values => [ Ebay::Types::Val.new(:value_id => 10425) ]
# )
# ]
# )
# ],
:shipping_details => Ebay::Types::ShippingDetails.new(
:shipping_service_options => [
# ShippingServiceOptions.new(
# :shipping_service_priority => 2, # Display priority in the listing
# :shipping_service => 'UPSNextDay',
# :shipping_service_cost => Money.new(1000, 'USD'),
# :shipping_surcharge => Money.new(299, 'USD')
# ),
Ebay::Types::ShippingServiceOptions.new(
:shipping_service_priority => 1, # Display priority in the listing
:shipping_service => #ebayTemplate.shipSvc,
:shipping_service_cost => Money.new((#ebayTemplate.shipSvcCost*100).to_d, #ebayTemplate.currency),
:shipping_surcharge => Money.new((#ebayTemplate.shipSurcharge*100).to_d, #ebayTemplate.currency)
)
],
:international_shipping_service_options => [
Ebay::Types::InternationalShippingServiceOptions.new(
:shipping_service => 'USPSPriorityMailInternational',
:shipping_service_cost => Money.new((#ebayTemplate.shipSvcCost*100).to_d, #ebayTemplate.currency),
:shipping_service_priority => 2,
:ship_to_location => #ebayTemplate.shipToLocation
)
]
),
:return_policy => Ebay::Types::ReturnPolicy.new (
:description => 'this product for suckers only!',
:returns_accepted_option => 'ReturnsAccepted'
)
#:condition_id => 1000
)
#response = #ebay.add_item(:item => item)
As you can see, it is just a mutation of the example given by Cody Fauser. The condition_id at the bottom will bring up an error as there is no such attribute. It seems to me there is no facility for this in the gem since the requirement came into existence after the gem was created. I have not been able to find any other gems to connect with ebay. I have also noticed, there are very little complaints about this even though people are still downloading the gem (10 people downloaded it today). I think there are quite a number of people writing for ebay. Is there a key word I am missing to specify the condition? A work around that people have been using? Another gem I have missed?
There is an existing item_conditions_codes.rb in the gem's type directory and only has two values New and Used. Guess you could add more values in there. However still needs mapping to ID's per the updating (and changed from Attributes) method
You have to modify in the gem library in .. ruby/1.8/gems/ebayapi-0.12.0/lib/ebay/types/item.rb
and add the following new lines
# added to allow ConditionID to be pushed into XML
numeric_node :condition_id, 'ConditionID', :optional => true
then in your ruby ebay code use the following convention
:condition_id => 1500,
At least that seems to work for me right now.

Resources