I have a simple supabase DB that I want to be able to show data from within a Vue 3 app without validating the users, anyone can view the page(s) and see the data. There will not be any update/delete pages available as all the necessary data is already in the supabase DB.
Is this possible?
I am very new to Vue and supabase.
Thanks
Ken
Yes, it is possible to enable all users to view items from a database, but cannot insert/update/delete. In Supabase, there is Row-Level Security, so you can configure whether users can view/insert/update/delete separately.
An example would be this, this enables viewing profiles for everyone, but insert/update/delete is disabled by default.
-- 1. Create table
create table profiles (
id uuid references auth.users,
avatar_url text
);
-- 2. Enable RLS
alter table profiles
enable row level security;
-- 3. Create Policy
create policy "Public profiles are viewable by everyone."
on profiles for select using (
true
);
Related
I have created a single table DB Model for my project. It contains multiple products. The application has 3 user roles SuperUser, ProductOwner & BasicUser. I want to fetch multiple products to show in a table in UI where logged-in user should see only those products on which user is having access. e.g. SuperUser can see all the products whereas a ProductOwner can see only those products on which he is ProductOwner. How can I achieve this behavior in dynamodb model
You can put another attribute in dynamodb which basically stores the users/role names to whom the product is accessible. As you are saying for superuser everything is accessible, so for SuperUser you can directly return all the products but for the other two roles you can use this technique
I am working on an app which allows users to upload resources to the internet.
I'm struggling with how to write a resolver for fetching resources posted by a specific user.
I have 3 DynamoDB tables
UserTable -> a collection for user
PostTable -> a collection for resources
PostUserTable -> a collection for storing relations between User and Post
In a traditional RDBS, it would be done by joining 2 tables(UserTable and PostTable) using PostUserTable. Even though DynamoDB, or any kinds of NoSQL database allows us to have a more flexible way to store data, I expect(hope) each user has many resources at the end of the day, so I decided to design tables in the same way as RDMS.
But I'm not sure how you can write a resolver for filtering posts only by a specific user? I have a graphql query named getMyPosts and I want it to return posts uploaded by me.
If you go to the AppSync console and click "Attach" on a field to add a resolver, there is a drop down in the top right of each resolver template code editor that has a number of commented examples of how to craft resolver templates for DynamoDB. This is a good place to start and has multiple examples of filters and more. You can read more about the full DynamoDB filter syntax here: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.html#Query.FilterExpression.
I'm using Dexi.io to scrape some data that outputs to Google Drive as a CSV, that gets parsed (through a Google sheets script) and added to a Native sheet (all automatically).
I'd like to push my data (automatically) to a "database Visualizer" of some sort (using knack.com currently) that allows me to display the data (in Table format) with some options to filter, sort and dig deeper; all protected by login creds that I manage.
I tried using Zapier to automate the Google Sheets to Knack integration, but Knack only has an option to "Create New Records" through Zapier and not "Update Records". (Updating records exists as an API endpoint)
I need help proceeding as I'm not a developer and am starting to hit the limits of my capabilities.
Could someone please recommend a tool (that integrates with Sheets, updates data periodically and lets me control the domain and login creds) or the optimal way to proceed with this? (I'd gladly hire a freelancer to help me build this out optimally)
Some more, potentially relevant, info: Dexi.io can output through FTP, Drive, Box or Amazon S3 (remember, not a dev :$)
kintone is a "database Visualizer" similar to Knack, and they have actions to update records.
https://zapier.com/zapbook/kintone/
There are two options to update records as there are two ways in which the unique key can be defined.
Each record in kintone has a "Record ID" associated with it - this is an autonumber made by kintone. You can specify this as the key to update, in which case you would use the "Update Record By Record ID" action.
If you would prefer though to set your own unique key and use that as the key to update, you can define that unique key in your database (I guess the data you are scraping has its own ID for each record). In this case, you can place a "Text (single-line)" field in your database, open up the options and select "Prohibit duplicate values" which will make this field into a unique field - meaning that no two records can hold the same value.
Once you set that field up (and update your kintone App settings), you can select this field to be the unique key to update for the "Update Record By Update Key" Action (the "Update Key" in the action name is referring to the unique key that you just made).
And yes, kintone gives you control over login creds, and each login cred can have different view/add/edit permissions over each record you have in your app.
You can also set a custom subdomain name, but the domain name will have to be kintone.com i.e. you can have a https:/ /mycustomname.kintone.com sort of name.
Hope this helps.
I have an ASP.net website, with MS SQL Server on the backend.
For simplicity, I will describe my problem with three four tables though in reality it is much more than that.
TABLES:
tblSYSTEMS
• SystemID (PK)
• SystemDescription
• Other columns
tblSYSTEMS_Projects (many projects can be associated with each SYSTEM)
• Various fields that users can see/modify/delete, based on permissions.
USERS (as generated by ASP.net, for user/membership/roles etc...)
• userid
• Other columns
tblSYSTEMS_PERMISSIONS_LINK (this links the two tables)
• SystemID
• userid
• AllowEdit
• AllowView
• AllowDelete
• AllowInsert
I set up a Stored Procedure for each of the INSERT/UPDATE/DELETE functions in the database for tblSYSTEMS_Projects.
When the user goes to change/add/delete a record in tblSYSTEMS_Projects, I send a parameter of #userid (from the currently logged in user) to the SP.
For UPDATE I check to see that in tblSYSTEMS_PERMISSIONS_LINK they have AllowEdit set as true, for a given SYSTEM in tblSYSTEMS. The way the tables are linked, if they don't have EDIT permissions, there won't be a row updated (becuase the WHERE clause essentially returns 0 rows), which I get back in my execution of the SP. Fine.
Same goes for DELETE.
But for INSERT, there are no WHERE clauses available for INSERTING records into tblSYSTEMS_Projects.
How can I prevent a userid who does not have INSERT priveledges for a particular SYSTEM from inserting into the tblSYSTEMS_Projects table?
When the currently logged in userid tries to click on INSERT, what can I do to redirect them to a "you do not have epermission" page?
Can I simply hide the INSERT command based on currently logged in userid? When would I do that? On Page load? Any suggestions on methodology to do that? Simple SP that returns a scalar of the INSERT value?
I looked at roles/memberships etc... but that doesn't quite work, as many different people have different permissions based on the SYSTEM. In one system, one person could be an ADMIN, and ini another system, be a viewer only.
What I am trying to accomplish is to have users only have access to their records, but only granting them permission to do what they are allowed to do. But those permissions vary based on SystemID.
There are a lot of way to do it. Here is my approach which is Role based authorization -
I'll restrict authorization based on user's roles. For example, if System is in AddRole and a user is in AddRole, then the user can create a new record.
Page's authorization logic should not in Store Procedure alone. Instead, it should be started in Presentation Layer (such as Controller).
If you need addition logic checking, you can place it Business Logic layer.
tblSYSTEMS_PERMISSIONS_LINK (this links the two tables)
• SystemID
• userid
• AllowEdit
• AllowView
• AllowDelete
• AllowInsert
You should not create about tblSYSTEMS_PERMISSIONS_LINK table with individual column. It is not a good database design, unless you can 100% ensure that there won't be any new Authorization Type in the future.
I'm customizing a SugarCRM 5, and in my SugarCRM database I have all invoices which were imported from our ERP. Now, I would like to know if it is possible to create a new sub-panel in the Accounts Panel without editing the original SugarCRM files, so that my client invoices index are visible in that interface.
Last time I checked, you could use the module builder to extend the interface. From 5.0 (or maybe 4.x) on, Sugar added all those APIs, which should enable you to extend SugarCRM without hacking it in and losing it with the next upgrade.
Hope that helps!
You can create a new module - Invoices using Module Builder and then add relations between Accounts and Invoices. The subpanels will appear for both - Accounts and Invoices without any coding. You should just customize the columns again using Module Builder.
as stated above, create invoices module to hold all your invoices, but before doing import make relationship with accounts and map the account field when importing so the invoice is automatically connect in subpanel and shown
Basically, the Account name should be a related field in your new invoices module (base the module creation on something like QUOTES that has similar fields. Once you create the module (so simple you can almost guess your way through it in the ADMIN section) and the fields you like (using Studio) just add the RELATED field Account Name and the sub-panel will be established in your ACCOUNTS module and the invoice will magically populate, especially if you re-install them using the import feature from a CSV file (spreadsheet).
You can create sub-panels in account modules details view by just giving relationship within two modules. Create a one-to-many relationship from Account module to Invoices module.