Am I doing it right?
I have a couple of entities
Organisation
Forms
I grant users different ACL permissions on the Organisation, based on these permission I restrict routes by using the following
$authorizationChecker = $this->get('security.authorization_checker');
if(false == $authorizationChecker->isGranted('VIEW',$organisation) ){
throw new AccessDeniedException();
}
Now inside a organisation a user can create forms, but I want to restrict access to the whole form process based on if the user is a member of the organisation.
So I have the following route
for the index view of the forms
/form/{id}
and something like this for a new form, etc etc you get the drift
/form/new/{id}
And i'm passing in the Organisation based on the id, i'm then just checking the users permssions based on the ACL for the organisation and using that to determine weather they can see/create the forms
So I'm using a ACL from the Organisation Entity to restrict working with the Form Entity
Is this the correct way to do this? if not, how would I do it?
Related
The document shows that the r_fullprofile member permission is needed to get the user's organizations field.
I can not find in the document way to get the r_fullprofile permission.
I have already created new developer application.
Question:
How to get permission to fetch user's organization data via API call.
As per my understanding, I have only seen basic and lite profile member permissions.
Currently LinkedIn provides only 3 type of products, which are given below
and the scopes are provided based on these products.
For you requirement, you can opt for the marketing developer program, which will give the permission r_organization_admin
and using this permission, you can use following endpoint to get user's organizations along with roles.
We also did similar things in our app, where we list down user's organizations and user can select them to share their posts from our app.
The setup
I have a Power Apps Portal with the following pages:
Prequalification page. This has an entity form embedded inside it. The entity form is linked to the custom entity SupplierPrequal. When the user fills in and submits that form, they are redirected to the next page.
Submission List page. This has a List embedded inside it. The list should show each of the logged-in user's form submissions.
Submission Edit page. This has an entity form embedded inside it. The entity form is linked to the same custom entity SupplierPrequal and lets them attach files to a previous submission.
The problem I am facing
On the Submission List page, it shows submissions of users other than the logged in user. Here is a screenshot. You can see that the metadata for fields like [Created By] does not identify the user who submitted the form.
I was able to autopopulate the field [00_lkp_UserSubmittingForm] with the logged in username. Unfortunately this is not a unique identifier, and is also editable by the user.
I see these potential solutions, and would appreciate your advice
Change the metadata so that instead of recording the field [Created By] as "SYSTEM", it will record the logged-in user's unique identifier. Then change the view's filtering conditions, so [Created By] equals the current user.
Change the metadata so that a new field such as [00_lkp_UserSubmittingForm] will be autopopulated with the logged-in user's unique identifier. Then change the view's filtering conditions, so that new field equals the current user.
I suspect that both these approaches will require a lookup of the [External Identity] entity's field [Username]. They will probably involve configuring the entity form's tabs "Entity Reference" and "Entity Form Metadata" in Portal Management.
What I've researched
This link describes a similar problem, although the solution is for a CRM Portal, not a Power Apps Portal.
This link addresses the issue for a Canvas App, not a Portal App
This link apparently got it working, although I am still trying to understand what I need to configure.
If I understand your problem statement you wish to filter out Entity List, in your case Submission List page based on your logged in user.
As you might now, every user in Portals is a Contact record in CRM.
If I see your createdby, modifiedby and owner fields, I believe you have some background logic which runs under System (user) and does the required.
You have 2 way to solve your issue:
Either change your background logic to run under the context of running user. This will createdby, modifiedby and owner as running user and not System.
or you create a lookup field 00_lkp_UserSubmittingForm I say lookup and not plain text field. This lookup field will have relationship with contact. So you can autofill this field (lookup) with contact as user. In this way you get unique value in your 00_lkp_UserSubmittingForm field. Because it has unique guid for each user (in turn a contact)
Now with above any method what you get is current user (unique).
Then you can follow any of the below article to solve your issue.
List item
In Entity List itself, there is one option to add Filter Condition. Please check below:
Article Ref
Or follow this article
There's one special folder that I need everyone as collaborators. I can add all existing members but would like it be automatically done for all future new members.
I know I could write an app using Box API to check for new members and then add collaboration through API, but just want to know if there's a simpler solution - just create a folder and apply some settings, then new members could be automatically invited.
Thanks a lot!
Is your account enabled for single sign on? If so you can pass the group membership via SAML and assign the folder you wish all users to be collaborated on to that group.
For instance you could create an "All Users" group on Box (Admin Cosole >> Users and Groups) and then assign it your "All Users Default Folder" then pass this "All Users" group name as an attribute in your SAML assertion.
If you do not have single sign on enabled I would still recommend collaborating new users by group membership but you will need to perform two steps
1. Create a new user
2. Add the user to the "All Users" group
These functions can both be done via the API. It just depends how you are currently provisioning seats to your Box account.
Currently i'm trying to retrieve all of a users contact information as well as retrieve their unique User ID.
Our app needs to utilise a users google contacts and the user will sign in using google. Thus we require some way of identifying each unique user (most likely a unique user id provided by google)
Is this possible only using the google contacts API.
The initial call I make to retrieve an access token is:
"https://accounts.google.com/o/oauth2/auth?client_id=51672309258-94cnvnrkrverd72neakom9d3siscda5o.apps.googleusercontent.com&redirect_uri=http://localhost/lunch/oauth.php&scope=https://www.google.com/m8/feeds/&response_type=code"
However I do not believe the access token returned from this call has any information for user ID and, also, does not provide the permissions to retrieve User ID from the Google+ Api.
Is there anyway that one can obtain a unique user ID from the google contacts API? There are examples of obtaining a user id of the users contacts but I need to obtain the actual users ID (i.e. the user whose contacts I am obtaining)?
Does this require another scope or can this also be accomplished by using the contacts API?
You can identify a user by his/her email address, which is unique AFAIK. When you issue requests to google contacts api you get a field in the xml which is called Id, that is the user's email address.
For example you could ask for all contacts and you would get an xml like this .The Id field is what you want, and depending on the programming language, lib , etc you are using you can get it with your existing permissions. For example in C# and gdata you would do something like this(googleCredentials is supposed to be your object):
var cr = new ContactsRequest(settings);
var feed = cr.GetGroups();
googleCredentials.Email = feed.AtomFeed.Id.Uri.Content;
Note: The special userEmail value default can be used to refer to the
authenticated user.
from the documentation documentation. You may try the keyword default as userEmail.
We are creating a back end admin system and want to allow users in roles such as finance and membership to have access to certain areas. Ideally we would like to show only areas that you have access to in the navigation.
Using umbraco 4.7+ and razor. We are using the Microsoft role provider.
I was wondering if anyone knows how I could access the currently logged in users role?
DynamicNode has two methods that will be your friends here, HasAccess() and IsProtected(). Here's an example of how to filter and show nodes that the user only has access to. Here's another one.
Using those methods you shouldn't need to have to get the roles of the currently logged in user, but that's not hard to do as well. Roles.GetRolesForUser() returns an array of the currently logged in user's roles. For more information, refer to the documentation.