In emails, the only type of action possible is to send link (GET method).
What is the correct approach to send a link that will execute a POST action in the app (Eg. accept friendship)?
I see two possible solutions:
custom GET action only used in the email (eg. /action?type=accept_friendship&user_id=10)
get to a page and execute javascript on load to execute the action (eg. what Twitter does to follow back a user from an email)
How does those solutions compare? Are there others?
Thanks
A link with a GET action is ok as long as you include a unique token in the url to confirm validity & origin of the action
Related
I tried to look for this way of adding a Zap action into an HTML button either for a website or a rich email but I couldn't find one.
Obviosuly, adding a link to a button is very simple; but is there a way to create a such Zapier link? That will trigger a Zap.
I believe webhook will trigger via a GET request with query params. So if you have an HTML button that sends the user to such a URL, it'll kick off an action.
You should also be able to use an onClick handler to call fetch to send a POST request to the webhook url. But, there may be CORS issues with this approach.
I have an app where I try to adhere to REST.
The app receives requests for external links that don't belong to the app, so the sole purpose of the action is to redirect the request to the external URL.
My suggestion is to have the following controller/action: redirects_controller#create.
Is my thinking correct or should it be the show action instead?
REST (apart from Rails) is about using the correct HTTP method for the correct action. The Rails part is just using the conventional controller action for a given HTTP method.
So, if you're doing a 301 or 302 redirect to another page, which browsers handle by issuing a GET request to the URL in the redirect response's Location header, do it in a show action. This will allow the user's browser to cache the other page when appropriate, and to not notify the user before redirecting.
(There is a way to redirect POSTs, but you didn't mention it so I expect you're talking about regular 301/302 redirects.)
Coming from a Java background, the REST actions must be related to CRUD operations. Requests that do not change the resource like in your case where the intent is to redirect to another page must be tied to a GET verb or show in your example.
If you were to create a new resource you would use POST.
A more detailed explanation can be found in Richardson's rest maturity model level 2
I want (in my rails app) to submit a post request to another site, setting some headers, when the user clicks a button. I want the user to be sent to the other site (rather than just have a request in the background or something).
I'm a bit stuck: my understanding so far is
a) Regular form submission (which handles the POST) can't set headers, so i can't just have a regular form on the page.
b) I could set headers in the controller, make the button go to that action, then send the request from there, but i can't do a POST redirect_to so this isn't possible.
Are either of the above possible after all? Is there another way to do this?
In rails, can I get a form submit to send the info in the form both to an external URL, and also post to my own server, all with one click from the user?
In the create or update actions in the controller, after the save action:
require 'net/http'
Net::HTTP.get('www.example.com', '/index.html?'+params)
You have to do it yourself, preferably by triggering the external request after you're done with your procedure, hopefully using message queuing.
I know that I can use annotation or Request mapping to restrict access to an ACTION by some specific ROLES. But now I have a different circumstance.
My scenario is: every user of my site can create posts, and they can make their own post public, private, or only share to some other users. I implement sharing post by a database table PERMISSION, which specify if a user have the right to view a post or not.
The problem arises here is that when a customer access a post through a direct link, how can I determine he/she have the privilege to view it? There's 3 circumstances:
The post is public, so it can be viewed by anyone (include not-login
user)
The post is private, so only the login-owner can view it
The post is sharing, it means only the login-user that is shared and the
owner can view it.
I want to process like this:
If the requested post is public: ok.
If the requested post is private/sharing: I want to redirect
the customer to the login page; after
logging in, the user will be re-direct
to the page he wants to see.
The problem here is that I can redirect the user to login controller/ auth action, but after that I don't know how to redirect it back. The link to every post is different by post_id, so I can't use SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl
Could anyone know a way to do this?
Dunno about grails, but spring security has a spring-security-redirect parameter which can be used to redirect the user to the specified url on successful authentication.
I think you could add your own filter that will be executed before the action is called and do the verification of the post permissions there. You can find more information about Grails Filters here.
Have you looked at the Grails Spring Security ACL plugin? I don't know it very well, but it's designed to restrict access to particular instances:
http://grails.org/plugin/spring-security-acl
I have found a quick workaround for this problem:
If the user is logged in: check the user's privilege, and return the appropriate result.
If the user is not logged in: At view action, set the post_id by:
session.post_id = 8
Redirect the user to the Login Controller/ Auth action.
At checkrole action(which is my grails.plugins.springsecurity.successHandler.defaultTargetUrl in Config.groovy), if session.post_id exists, use it to build the link for re-directing to the view action. Before redirecting, clear the session.post_id.