populating model through rest api - ruby-on-rails

I'm currently working on a rails app where I have two model classes, Account and User. I want to allow users to link their User with account information from other places.
What I want the user to be able to do is, under my edit user form, I have a list displaying the names of all linked accounts, and a text input for them to add more.
All I want them to do is fill in one field (account name) and hit a button, and the back end will hit a restful API for that account name, pull back relevant info, and populate an Account model object, linking to the current user.
For example, from the user page I would like the user to be able to type in their twitter handle, and in the back end I'd look up that twitter account id and associate it with that User in my database.
Where is the right place to have a hook so that I can take an input (twitter handle), fire off a helper method that populates a Account object, and then link that to my current user?

I'm not sure I understood exactly what you were asking but I'll try my best : If your account 'belongs_to' your User model, it would seem logical to use the create or update method (depending on your standard case) of your Accounts controller, to retrieve a JSON with the accounts datas, and that the client parse this answer (with some JS).

Related

Link existing PFUser Facebook and Twitter with Parse on iOS

In my iOS application on the initial launch user can sign in with 3 different ways: email/pass, Facebook or Twitter. Registering with each of them will cause to create 3 different users.
Later in my app user should have the possibility to link accounts. For example, if he signed in with email/pass, then he should be able to link Facebook and Twitter.
Parse native -linkInBackground works great in case we have only one user, which is email/pass. But if we will already have Facebook or Twitter account created, the Parse SDK will reply with error, saying that this account is already linked to the social.
At first I thought that I've figured out the workaround:
Save the old user data
Delete the old user
Sign in (not link) with the social (say, Facebook)
Fill all the data from the saved user to the new one.
Everything went well with one social, but it appeared that the "authData" field, which is very important in my approach, is not contained in the [PFUser currentUser]. And so despite the fact that all other data is transferred successfully, the authData is not transferred, so that we don't have authentication data of the old user.
The question is: Is there a way to get authData from Parse, or is there any "legal" way to achieve my initial goal of merging (linking) two (three) users?
No, you can not access the auth data, just like you can't access the password when the user authenticates directly with email/pass. This is a security requirement and will not change.
Ideally you should add some logic which checks if the new user should be created or if a user with the specified details (probably email address) already exists. If it does then you can reject the new user creation and return a suggestion as to how the user should login.
Well, I've got it working in a bit different way than I wanted, but looks like it's a quite stable solution.
I've created a custom Parse Class, called, say, MyUser. This class has several fields, like: facebookUser, twitterUser, regularUser, anyOtherSocialUserYouWant. Each of them is a pointer to the _User class.
Now if we are signed as, for example, a regular user, the regular user is created. The same happens with the rest like Twitter or Facebook. By signing in with three different socials we will get three different parse users. That's okay.
Next somewhere in the app, user will press "Link to Facebook" button. We need to save the current user. Next we will make a query for both users if there is a MyClass object with pointers to one of those two users (first is the current user, the second is the new user after sign in). If there is no such MyClass object, we will create one and fill in two fields: regularUser and FacebookUser.
Later if user will try to link to Twitter, we will do the same, and the query will return existing MyClass object, which will have two fields with pointers to regular and Facebook users. We will just add a pointer to the newly signed in Twitter user to that MyClass object.
The only trick is with the data, which should be common for all of the users. It is easy enough with the appropriate query. We will need to do two queries (or one "OR" query, but looks like "OR" query is not working with pointers): first query for required object with "user" field of current user, and the second query (inner query) is for objects with "linkedUser" equal to current MyClass object.
And thus to maintain objects we will need to have two fields on each object: "user" and "linkedUser". First field will be used always, and the second field will be used only after linking.
And yes, after MyClass user is created you will need to check if objects for current user and newly registered user has this fields "linkedUser" and fill it with the MyClass pointer in case of that field is empty.
Hope this will help someone.
P.S.: Dear Parse.com developers, I really appreciate your work, but you should really think about creating the kind of mechanism to merge users.

Separate Users class [Parse]

I'm building an app that users have to register before they can view the content, I am using Parse for my database needs.
What I need is have a class of Users (Parse.User) for regular users and a class of Users (Parse.User) for admins. The regular users would only be able to access the app, the admins would only be able to access an admin website where they will add the content (products) that will show up in the app.
Is it possible to create 2 different classes of Users with Parse? Or should I create the admin user class manually (not using Parse.User)?
Thanks for the help! I'm pretty new at this databases and user thing haha
What you really want is to create a Role for Administrators. You can assign ACL permissions to this Role and it will be respected throughout Parse. As you add/remove Users from this Role they automatically have the permissions of their current Role(s).
You can read more about Roles in the documentation, there's a whole chapter about it.
I'm fairly certain that you can't create 2 different User classes. (Though I may be wrong.)
But regardless, the easiest way to do this would probably be to keep all the users in the same class and just add an admin boolean key to indicate whether or not the user is an administrator; then log the user in (to access the current user's keys) but only proceed with the actions following a successful app login if the admin value is set to false and, likewise, only proceed with the actions following a successful website login if the admin value is set to true. If the admin value indicates that the user shouldn't be logged in on that platform, don't proceed with the login and instead log the user out.
In my App, a user can take on more than one role. My solution to this is to have a User class and then a pointer for each type of user (could be a regular object pointer, but I use something similar). So there would be an "adminLink" pointing to the Admin role-specific object and a userLink pointing to the user role-specific object. The pointer designates the object containing the attributes relevant to that role (user or admin). Attributes common to all roles are stored in the User object.
"Roles" (capital R) are needed to control access to objects. So for each User, you may need to create a user Role and an Admin Role if the person performs both roles (small r). You have to have a reference for each Role. These can be stored either with the User object in separate attributes or in the role-specific user objects.
-Bob

Rails: How to restrict actions to only certain users?

I am currently doing a project for uploading pics. There are users, albums, and pics. I added a friendship model so that people can friend each other like a social network. However, I noticed that I put a lot of <% if current_user.friends.include?(#user) %> in the view to check if the user of the page I'm showing is a friend of the logged in client, and therefore allowing them to have certain privileges and forms and etc.. Is there a better way or place to do this than to pollute my views with if/else statements ? Also, I don't feel like my method is very secure since someone could always manually enter the url and mess with info that they're not supposed to.
You want an authorization framework such as CanCan.
In an ability file, you configure it that a user can, say, view something or edit some other thing, only if the user is a friend of the owner. Then in the view or the controller, you can just check that the user is authorized to do the appropriate action.
For specific details about setting up an ability based on details of the models (i.e. whether the owner is a friend of the current user), go to this documentation and look for "Hash of Conditions".
Consider using something like the mosaic-access gem, which allows you to white/blacklist controllers and specific actions for the currently logged in user.

Concept for a grails app

I am working on a Grails project, its an accounting project. We have multiple clients and they can have multiple types of accounts. I have to create the 'create' page for client, there should be a way to add multiple types of account to the client.
So I was thinking of making a drop-down list with account types and few text boxes to enter account name and other info about account. Also, as a client can have multiple accounts, so I want to create a 'add' button, when clicked it would display a new row to add a new client. I have done this kind of UI before using javascript but in this case, as there is a drop-down list and other components, I think it would be very hard and may not work.
I was thinking of creating a partial view which would render each time user clicked the 'add' button with additional row, problem with this would be during validation errors, edit page and i would also have to pass all values each time user clicks 'add' button.
Is there any other for doing this?
For the template approach you must use ajax if you don't want to carry on the params that the user has already set.
It is possible to make new drop-down lists appear (or any group of elements inside a <div>) when a user clicks a button, since Grails already comes with jQuery you might want to take a look at the .clone() method.
The problem with the two listed approeaches is that it will be possible to have duplicates.
Now, another option is to use checkboxes, so you can check just the type of account you want.
But to be honest it does seems a bit odd or even inapropiate to let the user choose the type of account he wants with such freedom.

rails 3 - devise block user to login

i have something in mind, i have some user types, Building owner, building manager.
I want to create user as building manager, but i dont want they have access to login system. this user are only for some selectbox in my website, but i need to show them in my user index page.
what i think i can do is create normal user and with a before_save i create a new data in another table.
In a request i need to be able to setup in my building form more than one building manager. maybe the best are with nested form.. I think i will need to add building id to my user table. maybe they can be assigned more than one building.
for now, my db structure are like this :
table users with user data (username, password, email, first and last name, phone)
table usertype have userid, typename and accesslvl
But this problem give me some managing problem. They will not be associated with user data.
How can i resolve this? Does Device can block some user? I searched in the Devise docs, but nothing found.
Thanks for your help.
There is an approach where admin users can approve other user accounts for login. You could use a similar approach but programmatically approve the accounts you actually want to allow logins for. Details are here:
https://github.com/plataformatec/devise/wiki/How-To:-Require-admin-to-activate-account-before-sign_in

Resources