I want to have these 2 routes in my api
GET /students/ID (Fetching all student personal details, by student ID)
GET /students/ID/grades (Fetch all grades of specific student, by student ID)
Grades are related to student specific student.
What is the best way to implement this scenario?
I must have 2 Resources? One for student and one for grades?
Seems to me like a recipe for a long long code, or this is the right way?
Thanks Alon
Yes, you must have two Resource instances.
Each will implement its own get method and bind to Api with its own URL path via api.add_resource(ResourceClass, '/url/here').
Related
I wanna make a export page for all completed courses from each user. but which API function I can use best.
I have found the function core_completion_get_course_completion_status, but the problem is that it needs a courseid and a userid. The problem is that with 100 users and every user has 20 couses he has to make 100 x 20 = 2000 API calls. I find that a lot myself.
Does anyone have a better way for me?
You have to make a plugin first, then populate it with web service
I have this project which is school management system, i have created Roles(Teacher,Admin,Staff) now i can assign what role is allowed to be viewed in each page and i want the Teacher Role to be more specific cos i have this page where the teacher can see all the list of subject that she/he teaches.
Now my problem is when the teacher login, i want all the subject of the current teacher who login can see her subjects only, right now with my role as (Teacher) they can see all the list of subject from other teachers too. Any idea on how to solve this? or what are the things i should add or learn to achieve my goal? i heard about MVC identity is it the one responsible for fixing this issue. appreciate if u guys could give me idea on how to deal with this. thanks!
If I did understand your problem correctly.what you are looking for is Resource Based Authorization (Authorization depends upon the resource being accessed). As far as I know, this can not be done with declarative security.
In order to gain such flexibility, you have to call an authorization function inside the action method.
Depending on the result of that authorization function, you can return 403 or the required resource.
Speaking of your requirement, extract the user id inside your action method and filter out other teachers' subjects.
If you are using ASP.Net Identity this link may help you to get started.
these days I’m facing a fundamental problem – let’s call it an architectural design decision.
So my team and I build typical line of business (lob)-web-applications for my company. For my purpose, lob means especially this:
A lot of user-interaction (entering data, CRUD entities, display data, aggregating data, statistics and reports, validation and so on)
Very restrictive (users have to login, users have different permission-levels, they can make different kinds of changes on different entities, display various reports and so on)
For an example, let’s take an ordinary approval-workflow: I need a new laptop, so I go to the “ressources-webApp” and create a new purchase requisition. My boss gets a notification and has to approve my request. In the next step, the proper department has to buy the laptop and finish my requisition.
I know this is a simple “hello world”-example and in real life you would use an existing software for this purpose (SAP or something like that), but it describes my use-case pretty well: data-driven and very restrictive (I can see all requisitions of my department but only change or delete my ones, I should not see the page for the approval or call the approval-api, my boss should only see the requests of his employees but not for the empolyees of another department, neither my boss nor I should see the page or be able to finish a requisition and so on).
Currently we are using ASP.NET MVC and WebAPI in combination with angularjs 1. For each “action” (page or view) exists a mvc-controller which listens to a specific route and returns the appropriate view. Each view references a specific angular-controller. Also each view may consist of different “partial views” (components or controls). To handle data the angular-controller calls webAPI-controllers which also listen to specific routes and handle the request (GET/POST/PUT/DELETE). Each controller (mvc and webAPI) checks the authorization-token of each http-request which comes in a cookie, if the user is allowed to open the page or call the action.
Now I’m wondering how to do this in a SPA-application with angular 2. Angular 2 sounds pretty interesting for me and has some nice benefits over angular 1, so I want to try angular 2. It seems that with angular 2 you only can build a SPA-application (compared to the “classical” MPA-application I mentioned above, where every page comes from the server and contains a angular-controller).
Generally I’m not disinclined to SPA, but I’m not sure how to handle the security-questions mentioned above.
In addition there are other common problems with SPA: not working back-buttons from the browser, no way to enter a specific url directly to the browser, no bookmarking etc.
So, do you have any advice, tip or best practice for me? Do you think that SPA is a good “pattern” for lob-web-applications? And if yes, how would you handle the security-problems as well as the other common SPA-problems?
Best regards,
Alex
I have a client who wants to build a web application targeted towards college students. They want the students to be able to pick which class they're in from a valid list of classes and teachers. Websites like koofers, schedulizer, and noteswap all have accurate lists from many universities which are accurate year by year.
How do these companies aggregate this data? Do these universities have some api for this specific purpose? Or, do these companies pay students from these universities to input this data every year?
We've done some of this for a client, and in each case we had to scrape the data. If you can get an API definitely use it, but my guess is that the vast majority will need to be scraped.
I would guess that these companies have some kind of agreements and use an API for data exchange. If you don't have access to that API though you can still build a simple webscraper that extracts that data for you.
I'm creating a members only Parent Directory for my son's high school International Baccalaureate website. This directory will contain contact information (names, street addresses, phone numbers, email addresses) of parents from each grade who have students currently enrolled in the IB program. I need to be able to authenticate a parents access to the directory against a valid student ID (which is a number).
I have a spreadsheet that contains the names of each student, their student ID, and their parent's names. There are some instances where a family has more than one student/student ID.
I'm trying to figure how I should be thinking about this, as a general approach. I have a few ideas but I need to distill them down to a more succinct inquiry.
One thought would be to bulk create wp subscriber accounts for all students. Their student IDs would somehow be appended to the user record. Parents would be directed to a login page, where they would login with the username of their child, password(which could be reset), and a fixed student id. If validation passes, they are redirected to the directory page.
Another thought would be to create user accounts on the fly that references a separate table which includes the student ID. So long as that unique student ID is part of the registration and it authenticates, anyone who has that number can register a profile.
In either scenario, once an account is created, the contact profile could either be pre-populated with the users info or updated at that time.
So my question is: Am I thinking about this in the right way? If so or if not, how can I better define this idea to get a more accurate scope? And then, ultimately, I need some direction on some possible options for getting it done in DIY way.
Sorry for the long word count. Your feedback is greatly appreciated. Below are some links that seem to be in the neighborhood of what I'm trying to do.
https://wordpress.stackexchange.com/questions/45900/adding-extra-authentication-field-in-login-page
Integrating wordpress authentication with an existing user database