I need define fts or lucene query with parameter current logged user, for example I need something like this:
ASPECT:'cm:lockable' AND! ASPECT:'cm:workingCopy' AND cm:lockOwner:'getCurrentLoggedUser'
I need this query for dashlet creating by saved search , which will show locked files which are locked by logged user.
Is there a way to get a username of current logged user?
Thanks.
You cannot use an expression like that directly in the query.
It won't be difficult to get the authenticated user first and then build the query with string concatenation.
Your dashlet should have a javascript controller where you can use "root" objects. One of them is person that is the current authenticated user.
https://docs.alfresco.com/content-services/6.1/develop/reference/repo-root-objects-ref/
Related
I am using firebase as a backend for my Android App. And this app is a social media app where users can post, comment & like. so I am storing user data in user_collection and this collection is secured by security rules where if uid == auth.uid (any user can only access data of himself).
Now in this app when a user post something every user can see this post. And in post_collection I am saving userId in post_doc.
So the problem is I need to show name of user to other users and I have only userId but the problem is a user can't get name of other user by uid beacuse of security rules. now I have to solutions for this please tell me which one is better or you can also suggest any other solutions also?
I can use cloud functions getUserNameById() (Problem : I need to call this function very frequently in feed when user scroll)
I can store name also in post_doc (problem : when user changes his name then It will show old name in old post)
Thanks for you kind help
In a scenario like the one you describe, I would typically store the user name in each post doc. I would also ignore updates to the name, as I think of the user name in the post doc as a historical value: this is the name the user had when they posted this. Now you may want different behavior of course, in which case I recommend reading: How to write denormalized data in Firebase
Your approach with Cloud Functions is fine too, and quite common in some situations. But I tend to only use Cloud Functions for reading data, it the read operation itself is particularly complex, which isn't the case here. In a case like this, I'd recommend coming up with a data model that allows the use-case and security you want.
For example: if you create a collection usernames where each document has the UID as its document ID, and then contains a single field with the username for that UID, you could implement the lookup of the user name through Firestore.
So you could have:
Store the full user profile in /users/$uid.
Store the user name in /usernames/$uid.
Have a Cloud Function that triggers when /users/$uid is written and that updates /usernames/$uid.
The client then has read access to each /usernames/$uid document, or even to the entire /usernames collection in one go if needed.
This way the names can be cached on the client, and continue to work when the app is offline, unlike in your approach with a Cloud Function that looks up the user name.
Consider the solution: whatever public data you need (author name, author userpic link etc) just save it with the post at the time it had created.
So your Message Pojo will looks like:
id
authorName
text
etc..
and just display this name (authorName).
It will be the bad way to go any time to User_collection folder to take the name even if there are would be not strict security (becouse it takes time and document reads)
If you use Wordpress's built in password reset service it will go something like this:
Click forgot password
Enter your email or username
Receive a link in your email inbox
Click the link
Fill out form
That link you click, will look something like this:
http://yourdomain/wp-login.php?action=rp&key=vqwwSPzf6OK6bUv42XPk&login=natelough
If you try to change the &login to another name, it will reject you.
So, somewhere that 'key' is being stored in some way, and compared.
Where is it stored in the database?
I did an export of the database and searched the db for that string. It returned no results.
So what gives?
That key is generated by hashing a random string. You can see how this key is generated in the WordPress developer reference.
To answer your specific question, when a key is generated it is stored in the users table in the user_activation_key column. Only the most recently generated key is stored (invalidating previous reset keys). The key is also removed from the database once it has been used.
If you are looking to send these keys programmatically, you can generate them when you need them using get_password_reset_key(). That function accepts a WP_User object as its argument.
Depending on what you are trying to accomplish, there may be a more "best practices" way to do it than accessing that function directly.
The password is stored as a hash of the login name and password. You will find it in the users table under user_pass as an incomprehensible string. If the login name is changed, the entered password hashed with the login name will not match the string found in the database where the password was hashed with the original login name.
I'm building a simple web form which allows user to edit there data like email, emergency contact etc.
The edit form is rendered using Asp.NET MVC 5. Proper html fields are rendered for Id, email, emergency contact etc.
Lets say the request to save the data is received by the following controller method.
SaveData(recordId, email, emergencyContact)
{
;
}
Question: How do I make sure that recordId was indeed the id that was rendered as part of the edit form? We don't want this user to update another user's record.
I have the following options in mind
1. Create a hash of the record id and send the hash as well.
2. Ensure user is authorized to modify the record indicated in given record id.
Is there any other way? Does MVC 5 provide any features so that I don't have to put this sort of logic in my application logic?
Typical approaches are:
Store the ID of the record as a hidden field. If you are concerned with hijacking, encrypt the value and decrypt on the server.
Store the ID of the record in session; this way, you always pull back the record and keep the value on the server. But when session dies, so does the link to the record.
Yes I'd highly recommend check permissions to the record if you store the ID in the URL.
i am creating site like say LinkedIn/spoke
like when i login ,i give my login id and password so database
checks it and allow me to access my profile
i need to know that in stackoverflow when we click to users
button all the users in stackoverflow are shown
but when i click to specific user
how does the database known that this specific user is clicked
and show's his/her profile data ?
should i create new page for viewing others user profile ?
and if i do so what will be the query for that
If you have 2 seperate queries then it makes easier (I'm not saying this is the best solution). So, you could have a 'select all users' query which could be something as simple as :
SELECT *
FROM MyUsers
This will return all of your users to your website, so you can view them. Then, when you select a user from your website, you call a different query, say 'select a single user', and pass a parameter from your website. The query could look something like :
SELECT *
FROM MyUsers
WHERE UserID = #UserID
This could be done in one stored procedure and test if your #UserID is NULL then run the required SELECT statement.
In my project i am sending a mail to the user to create a user account. I want to enable that link for the first time he/she clicks the link. if he clicks the link for more than 2 times,then it should go to custom error page.how to do this?
This depends on how the link is generated.
For example: If your link contains a username as GET-parameter, then you could simply query your database if the username is already in use. I would advise against that, because the user can easily change that GET-Parameter
I would recommend this: Your link should contain a unique identifier, most likly a hash. This hash is stored somewhere, to garantee it's uniqueness, like in the usertable of your database (a column for the hash of the registration link). That might also come handy, because you could create new user rows and already prefill them with necessary information. You could use these information upon rendering to insert text into the textboxes