I have developed an app using Parse as my backend.
I'm able to create users (PFUser) ,login, and create custom objects just fine. I now would like to implement Roles and the role I have in mind will be called "admin".
The goal of creating this role is to know when a user is an admin so they have more access to things in the app. I read through the documentation but I did not understand it as much as I would have liked and I know roles are something you don't want to mess up.
So, these are my questions:
How can I create a user role called "admin" from the Parse Dashboard? When I click on the "Role" tab, it asks me to create a new row and then I'm not sure what to do from there.
How can I assign an already created user the role admin? Can I simply go into the dashboard and change the ACL there?
How can I check if the role assigned to the current user is "admin" from iOS (Objective-C)?
Thank you so much for your help!
Related
I have a functioning rails app with devise Admins and Users, and I want to create a secure way that will only allow users with specific IDs to become authorized to become admins. Currently, I have a static link that is not very secure that will make the current user an admin(website.com/make_admin), but I want to find the most secure method to turn specific users into administrators (I am open to all options that could accomplish this). What would be the best way for me to do this?
I'd recommend adding an admin field to the user form to select if they're an admin user, but do a check in the update/create actions on your users controller to check if the current_user (if using Devise) is another admin user (or whatever role type they need to be to update other admin permissions).
You would also probably want to do a check to make sure they can't set themselves as admin=false, otherwise you could end up with no admin users left on the site and no-one with permission to change this. That said, depending on the app you could always just manually manage admin users - my company will do this depending on the client and their needs.
You can use Rolify to give roles to the user's and CanCanCan for access control.
You can assign roles to user either from rails console or you can generate a view for it, and restrict it to admin and assign roles to each individual user.
You could add an admin boolean to your user model, and update it through the rails console
rails g migration add_admin_to_users admin:boolean
I'm building an app that users have to register before they can view the content, I am using Parse for my database needs.
What I need is have a class of Users (Parse.User) for regular users and a class of Users (Parse.User) for admins. The regular users would only be able to access the app, the admins would only be able to access an admin website where they will add the content (products) that will show up in the app.
Is it possible to create 2 different classes of Users with Parse? Or should I create the admin user class manually (not using Parse.User)?
Thanks for the help! I'm pretty new at this databases and user thing haha
What you really want is to create a Role for Administrators. You can assign ACL permissions to this Role and it will be respected throughout Parse. As you add/remove Users from this Role they automatically have the permissions of their current Role(s).
You can read more about Roles in the documentation, there's a whole chapter about it.
I'm fairly certain that you can't create 2 different User classes. (Though I may be wrong.)
But regardless, the easiest way to do this would probably be to keep all the users in the same class and just add an admin boolean key to indicate whether or not the user is an administrator; then log the user in (to access the current user's keys) but only proceed with the actions following a successful app login if the admin value is set to false and, likewise, only proceed with the actions following a successful website login if the admin value is set to true. If the admin value indicates that the user shouldn't be logged in on that platform, don't proceed with the login and instead log the user out.
In my App, a user can take on more than one role. My solution to this is to have a User class and then a pointer for each type of user (could be a regular object pointer, but I use something similar). So there would be an "adminLink" pointing to the Admin role-specific object and a userLink pointing to the user role-specific object. The pointer designates the object containing the attributes relevant to that role (user or admin). Attributes common to all roles are stored in the User object.
"Roles" (capital R) are needed to control access to objects. So for each User, you may need to create a user Role and an Admin Role if the person performs both roles (small r). You have to have a reference for each Role. These can be stored either with the User object in separate attributes or in the role-specific user objects.
-Bob
I am creating a Grails website where users will have access to the resources they create. Till here everything is clear to me. I define ROLE_USER and lock down my controllers and actions using the Config.groovy file.
The issue I am facing is that I have requirement to support group of users such that some resources created by a user can be edited/updated/deleted by other users of the same group. How do I associate a user with a "group" in spring security, what is the design/library I should use here?
What you will need to do is to have your users' roles (the authorizations) come from the database. Once that is the case, you can then easily adjust the roles a user (or set of users) has and create/remove them on the fly. The docs have some pretty good info on how to get the roles to come from the database, so I won't go any more into that here.
Once the dynamic roles are in place, however, you still need to be able to connect roles to the objects that are created. There are essentially two ways you can go about doing this:
Access Control Lists
Custom logic
Depending on the granularity you need and the flexibility you want, one option may be more appealing than another.
Access Control Lists essentially allow you to have a permission mapping between each user and each entity instance. As you can imagine, it's a fair bit of overhead and can perform poorly if you have a large number of entities and users.
Putting together your own logic, on the other hand, is much more flexible because you can set up your own scheme to connect entity instances or entity classes to users and their roles.
I dont think that spring-security provides such functionality out of the box so you will have to do that manually.
For each domain class that you this kind of functionality, store the user name of current logged in user
def authenticateService
def user = authenticateService.principal()
entity.setUser(user?.getUsername())
Then in the update/delete method of the contoller you should check if the role of the current logged in user matches
the role of the user that created the entity. If you have a match you should proceed with the update/delete otherwise throw an exception
/redirect the user to an error page
As role you can use the spring security roles or you can create a property on the user object you have created
i have something in mind, i have some user types, Building owner, building manager.
I want to create user as building manager, but i dont want they have access to login system. this user are only for some selectbox in my website, but i need to show them in my user index page.
what i think i can do is create normal user and with a before_save i create a new data in another table.
In a request i need to be able to setup in my building form more than one building manager. maybe the best are with nested form.. I think i will need to add building id to my user table. maybe they can be assigned more than one building.
for now, my db structure are like this :
table users with user data (username, password, email, first and last name, phone)
table usertype have userid, typename and accesslvl
But this problem give me some managing problem. They will not be associated with user data.
How can i resolve this? Does Device can block some user? I searched in the Devise docs, but nothing found.
Thanks for your help.
There is an approach where admin users can approve other user accounts for login. You could use a similar approach but programmatically approve the accounts you actually want to allow logins for. Details are here:
https://github.com/plataformatec/devise/wiki/How-To:-Require-admin-to-activate-account-before-sign_in
I have a table of users where each has a role (provided by the cancan gem). All new users are given the role of author.
I would like to be able to issue a sort of voucher code to certain users which when entered will change their role from author to admin.
Is there a way of doing this?
All the roles are already set up and can be changed by an existing admin by editing the users profile.
Thanks very much for any help its much appreciated!
Here is an idea:
Generate a token for each user in the system and store it in the database. Make a form where user can submit his code. Then, in a controller, you may add role you want, if the code supplied by user corresponds to the one written in the database.