Scenario:
I want to implement user editable app settings in my symfony application but don't know what's the best practice.
The user should be able to edit global settings like company address or alike in the app backend, no user specific settings.
I had a look at the CraueConfigBundle, but I think a file based settings solution fits more to my problem.
It's difficult to find something on Google for my problem, maybe you can help me find that out.
What do you use to give your app admins the possibility to edit global settings?
For basic CraueConfigBundle can work for you (didn't use it just read docs) even tho it's saving to database.
Do you have particular reason why you need saving into file? You can always set up case to save data from database to file.
But if you want to write something in general, its require few steps like basically like this:
You need service which provide reading / uploading of configuration
This service can take use of adapters to do real Saving reading from your chosen source of data (for example you can use symfony Yaml component which can read / dump data from Yaml)
Then you need write user interface which suits your needs for that
Related
I am building a notes functionality with attachments in it, I have been using Meteor Uploads for file uploading. Everything works fine except for permissions. I have searched almost everything related to this but somehow I can not find a full example neither a clear answer.
There is an event shown below which is supposed to handle permission checks, but this does not run in fibre, so you have no access to collections and UserId
validateRequest: function (req, resp) {
}
There are two issues I am trying to solve:
Allow only the users that have permission to post notes, to be able to upload files.
A way to provide more secure file accessing
The first one would not exist as an issue if there was a way to call file start upload in server(As far as I know/tried it is only called in client).
Uploader.startUpload.call(Template.instance(), e);
I have made some security checks before uploading file(calling a server method) but that is in client. I have also added a cookie after opening the page which I then validate in server in order to make files not accessible out of app.
I have also read that permissions can be achieved by using tokens/secret keys as mentioned here but could not find a proper example.
PLEASE NOTE
Maybe the first issue is not a real issue in my scenario because I have permission checks when showing Note post ability but I wanted to know what is a good approach I could take.
Most important issue I believe is the second one regarding file access, what is a proper way to serve files based on User permission? Also a good way to encrypt uploading file's name so that users do not access files by guessing the file name might be helpful.
Thank you guys!
I`m looking for some solution which will make my directory with pictures secured.
In my page only Administrator have permission to upload the pictures. User have opportunity only to view a picture for products. I want to make directory more secured. I want to make it difficult to download all pictures from some kind of scripts.
For now I tried with .htpaccess and .htpasswd it work fine but when User trying to see the product page(where are available pictures form secured folder) htpaccess is requiring a username and password.
Is it possible to enter username and password to this directory from server side when user is watching the product page. And in case that he open a link of the picture in new window then user name and password is required?
Do you know some other solutions?
Cheers
Don't store the images in your web folder where everyone can access them. Instead, store them outside of the web path (for example in app/data or so) and use a symfony controller to deliver them. This way you can use the symfony security component.
In addition to good answer by #Pierre, you can use a filesystem abstraction layer. I'd recommend using Gaufrette. To integrate it with Symfony, you could use KnpGaufretteBundle.
It will give you way more flexibility as
using external filesystems (ex. Amazon S3, FTP, sFTP)
use Symfony Security component or ACL.
Everything depends on your need and your approach in the project. However, if you need some flexibility, I'd recommend try it out.
Im wondering if this is possible. I would really like to ship my application with no configuration file (stop users fiddling with it). Is it possible to set all the configuration in memory in say the global.asax (application_start) event? For example I dont want users messing directly with the connection string I want them to be able to modify it in the gui only. And i dont want to have to write to the config file as there may be security issues....
you could still use the file system and have the files encrypted. In this way only you can modify or from the app, but no one can really modify the configurations directly from the file. Also you could encrypt Configuration Sections: Check this Microsoft Link out.
Good luck!
I've been messing around a bit with various solutions to what I would see as a fairly common problem, but I've not yet been able to solve it in a satisfactory way.
What I wish to achieve is some kind of functionality where a user can upload new files, or select existing files to reuse them.
What I've been using so far is a combination of the filefield, filefield_sources, imce and ckeditor modules. I guess ckeditor isn't really important for the solution, but I need to be able to embed images from the archive somehow, and this is done with IMCE . Since I do not want everything to be accessible from the filebrowser I created a subdirectory and set full access to it in the IMCE settings, lets call it default/files/site
This worked fine as long as all filehanding was done through IMCE, but when I uploaded files directly from the filefield my files ended up in the default/files root, so I set up folders for my fields, for example default/files/site/movies in a field that allowed the .flv format. This worked fine to, as long as I didn't try to access the files through IMCE. It appears the folders created by filefield are not accessible from IMCE?
I'm also in a position where I need to support large uploads (200MB+), but from my experience in other projects, allowing file uploads through FTP is usually a life-saver, but from what I understand IMCE won't support files not uploaded through Drupal in some way, since they are not present in the database (giving the message: The selected file could not be used because the file does not exist in the database.)
I'm aware that I don't really have a clear question to my problem, but somehow I need to figure this out pretty fast. How would I preferably solve this? I'm aware that I'm not the first to have this problem, but I have not yet been able to find a nice and stable solution. What am I missing?
Also check this thread (http://drupal.org/node/438940) and the reference to John Locke's work at: http://www.freelock.com/blog/john-locke/2010-02/using-file-field-imported-files-drupal-drush-rescue
Well, I'm not personally familiar with IMCE off of the top of my head, but if you need files that have been uploaded via ftp to be added to the files tables, then my impulse would be to write a small module which would then allow the user to click a button and start off a batch process. (This is me assuming that you are using Drupal 6, as the batch api doesn't exist in 5.)
Said batch process would then iterate over all of the files in the appropriate directory, which I would assume you had uploaded the files to, use file_copy() (from Drupal's file API) to copy the files to default/files/site, and then would add said files to the files table, which is actually quite simple with drupal_write_record().
It might not even need to use the batch api - it somewhat matters if you're just uploading 10-30 really big files, or 200-300 MB files.
For using the batch api, I'd look at http://drupal.org/node/180528 - this has a fairly basic example of how the batch api works, which basically consists of telling the api that you want to keep calling function_a, and then inside of function_a setting your progress in the context array until you're done, at which time the batch process finishes. Then you just have whoever uploads the files via ftp to hit a button on the website to move and register the files.
I've been reading others questions regarding storing settings in the web.config. Most of you agree that's a good way to store settings.
I just have another doubt about that.
In my app, I need to map some ID's in the web.config. For example:
[Table = UserType]
1 - User
/2 - Admin
Is it a good idea to store these settings in the web.config so I know what is the right ID in my application? Do you have a better solution?
Thanks guys,
G
If that values doesn't change too often, it's better to create a enum to store that values. An enum sample could be:
enum UserType
{
User = 1,
Admin = 2
}
For more options, also take a look into [Flags] attribute: Enums, Flags, and C# — Oh my! (bad pun…)
Keep in mind every time you edit your web.config file, your IIS application pool get recycled.
I typically use the web.config to store things like connection strings, or key/value pairs that rarely [or never] change.
What you described would be ideal for an enum or perhaps a look up table in the database.
In my web application I have a number of "Configuration" settings that exceed the structure of the Web.Config file, and don't want the web site to restart after changing them.
I ended up creating a number of xml config files where the xml data maps to objects that get cached into collections. This allows us to change the config on the fly, while not restarting the web site. We have a filewatcher that triggers a reload of the cache objects from the Xml files when something in the configuration directory gets modified.
You can also use the database for this obviously, but in our case this was configuration data that is maintained by development and deployed with the build.