In my web app, i need to use Struts2 Tiles for role based access.
I have admin, agent, manager and user roles.
Based on the person logged in, i need to show him the extra links
in the menu.
After login with user if i try to browse admin link directly
in browser the it should not allow to the user
If i have admin logged in and in tiles definition i use for an
attribute role="admin",
How come tiles know that admin has logged in, where does it check for
those roles?
Related
I want to something like:
After user logged in open a view to select the Tenant that user will use to work. But I want to prevent user to access the system without set the Tenant.
Details:
I need the tenant selection to be in a second page different of the login page, because I want to show only the Tenants that have relashionship with this user.
I am trying to understand how to create MVC5 website with Active Directory authentication. Also I want to manage users. So for this I created a simple project in VS2013 and selected "Windows Authentication". When I run the application I get authentication popup to enter AD username and password. After that it does says on top right "Hello AD/UserName!".
But I am not seeing logic where it actually calls for authentication. Also I want to save few AD users to database and allow only them to login to website. How can I do this? Also how will my other web pages know whether user is already authenticated. Thank You.
One Approach-
Instead of selecting 'Windows Authentication', you choose 'Anonymous' (doesn't remember exact word here)
Implement logic to Authenticate user against Active Directory. Once user is Authenticate, store that user object into 'User' property of Current Context. So that you can access it and authorised user in subsequent request.
As you are aware, AD can only authenticate user against it. Providing access to few of them is authorisation part which we need to handle as part of our application. Since you want to enable access to website for few people of AD, what you can do is add those users in your application's database and allow authorisation to those only.
My app is built with Devise and sometimes some users report a problem, so I would like to be able so log in with their accounts and see the dashboard (the website in general) as they do (as a regular member).
How to do that with Devise? Is there any feature for this?
Use a field role to define user access. In case of other users just assign as guest. Make a admin role for your user entry. Now instead to logging into others account, create a custom option in dashboard which can be accessed only by admin, provide a option to change users which helps in viewing different dashboards depending on users.
I want to be able to sign up new user even if I am logged in.
Right now if I click "sign up" while logged in, registration form will not show up. Instead the error message will say "you are already signed in".
I want to allow user(admin) to add new users to the system.
Create a UsersController and authenticate the user as admin. Then in new and create actions of the controller, you can put your user creation logic. And copy the content of views/devise/registration/new.html.erb file to views/users/new.html.erb.
Expanded answer:
You can create a role table if there are more than two roles to manage. That will make it easy to manage them. May be you can you cancan and rolify gems to manage scope for a role if needed.
And if there are only two roles (Admin and other/normal users) then you can add a boolean column admin in the users table.
Within my rails app, I would like the user to be able to browse and explore without signing in, However, when the user is trying to create a record, it should let him save it only after he/she is signed in. If the user is not signed in, then it should route him to the signup process. The user should not go through the trouble to creating the record all over again.
For example, the user can go to any shopping site, add items to the cart. While checking out, the user is prompted to signup/ sign in. Even if the user is routed to the sign up page, The items are still present in the cart (the user doesn't have to add them agn)
Is there a gem for that? or how can this be achieved in a rails app.
Shortly, what you have to do is to create a guest user instance for every user which is not logged in and visits your site. You treat this user as if it was a registered user, persisting everything to the database accordingly. Then when the user comes to the point he has to register you alter his guest user details on the database, this way everything he has done as a guest will remain the same.
You can find a screencast explaining exactly how you can achieve your goal here: Guest User Record - RailsCasts
You could store this info in your session, then when the user signs up and logs in to the site , you could show the stored info in the session.