Please help review this code even when the user is not in the role apply it fail to redirect the user to status.aspx
if (!User.Identity.IsAuthenticated || !User.IsInRole("apply") || Session["ctre"].ToString() != "Court" || Session["userName"].ToString() == null)
{
if (!User.Identity.IsAuthenticated || Session["userName"].ToString() == null)
{
Response.Redirect("Login.aspx");
}
else
{
Response.Redirect("status.aspx");
}
}
your condition is wronge.
try this one
if (!User.Identity.IsAuthenticated || !User.IsInRole("apply") || Session["ctre"].ToString() != "Court" || Session["userName"].ToString() == null)
{
Response.Redirect("Login.aspx");
} else
{
Response.Redirect("status.aspx");
}
There is duplication in your code, you may say its a code redundancy, use following conditions
if (!User.Identity.IsAuthenticated || Session["userName"] == null)
Response.Redirect("Login.aspx");
else
Response.Redirect("status.aspx");
Your code is
if (!User.Identity.IsAuthenticated || !User.IsInRole("apply") || Session["ctre"].ToString() != "Court" || Session["userName"].ToString() == null)
{
if (!User.Identity.IsAuthenticated || Session["userName"].ToString() == null)
{
Response.Redirect("Login.aspx");
}
else
{
Response.Redirect("status.aspx");
}
}
There are 2 if-statements and both of them have similar conditions
!User.Identity.IsAuthenticated || ... Session["userName"].ToString() == null
!User.Identity.IsAuthenticated || Session["userName"].ToString() == null
That probably means that first condition makes no sense and your entire code should be
if (!User.Identity.IsAuthenticated || Session["userName"] == null)
Response.Redirect("Login.aspx");
else
Response.Redirect("status.aspx");
UPDATE:
if you need to check for role, namely "if the user is autheticated but user not in role "apply" it should go to status.aspx and not login.aspx" use
if (!User.Identity.IsAuthenticated || Session["userName"] == null || User.IsInRole("apply"))
Response.Redirect("Login.aspx");
else
Response.Redirect("status.aspx");
Related
I have a realtime database. In rules, doing (a || b) works, but doing (b || a) does not work. I couldn't find the reason. Since my rules are long, I'm putting a small part of it here. actually it was working until today but today it stopped working and i didn't change anything.
Not working :
{
"rules": {
"allGames": {
"$gameID": {
".read": true
".write": "auth != null && ((!data.exists() &&
(newData.child('players').child('0').child('userID').val().contains(auth.uid) ||
newData.child('players').child('1').child('userID').val().contains(auth.uid) ||
newData.child('players').child('2').child('userID').val().contains(auth.uid) ||
newData.child('players').child('3').child('userID').val().contains(auth.uid)) ) ||
(!data.exists() &&
(newData.child('0').child('name').val().contains(auth.uid) ||
newData.child('1').child('name').val().contains(auth.uid) ||
newData.child('2').child('name').val().contains(auth.uid) ||
newData.child('3').child('name').val().contains(auth.uid)) ) )"
}
}
}
}
my json:
[
{
"durum": "davetYollayan",
"name": "PzbcSmKziaOcd4PdYNPnIWuG2iH2",
"score": 0
},
{
"durum": "davetYollayan",
"name": "efezefebcSmKziaOcd4PdYNPnIWuG2iH2",
"score": 0
}
]
Screenshot:
it works when i replace the write code with this. but both codes are the same, I don't understand why it gives an error?
".write": "auth != null && ((!data.exists() &&
(newData.child('0').child('name').val().contains(auth.uid) ||
newData.child('1').child('name').val().contains(auth.uid) ||
newData.child('2').child('name').val().contains(auth.uid) ||
newData.child('3').child('name').val().contains(auth.uid)) ) ||
(!data.exists() &&
(newData.child('players').child('0').child('userID').val().contains(auth.uid) ||
newData.child('players').child('1').child('userID').val().contains(auth.uid) ||
newData.child('players').child('2').child('userID').val().contains(auth.uid) ||
newData.child('players').child('3').child('userID').val().contains(auth.uid)) ))"
I'm using dev extreme data grid, I displayed blank if the date is not available.
I want to show "-" if date is empty.
I tried
// component.html
[customizeText]="customizeMyText"
// component.ts
customizeMyText(cellInfo: any) {
console.log(cellInfo);
if (cellInfo.value == '' || cellInfo.value == null || cellInfo.value == undefined) {
return 'NA';
} else {
return cellInfo.value;
}
}
But it gives an error, text.replace is not a function.
The return value on the customizeText function expects a string, change your function to use the valueText instead:
customizeMyText(cellInfo) {
if (
cellInfo.value === "" ||
cellInfo.value === null ||
cellInfo.value === undefined
) {
return "NA";
} else {
return cellInfo.valueText;
}
};
Source: https://js.devexpress.com/Documentation/ApiReference/UI_Widgets/dxDataGrid/Configuration/columns/#customizeText
I've a form which creates the following JSON structure.
{
"reviewed":false,
"title":"Just a title",
"user":"UYV9TRKXfNW1NeCyFyfjZfagJ8B",
"items":[
{
"age":"33",
"experience":"Newcomer",
"image":"https://image-url",
"job":"Nerd",
"name":"Testname",
"party":"AAA",
"type":"person"
},
{
"age":"33",
"experience":"Newcomer",
"image":"https://image-url",
"job":"Informatiker",
"name":"Testname",
"party":"AAA",
"type":"person"
}
]
}
How do I check the values of "items" with firestore's security rules? Is there a way to loop/iterate over the array?
For the sake of completeness: That's my solution so far. I did it the way described in the linked answer. The possible amount of items is limited to 10, so we can go without dynamic loops.
service cloud.firestore {
match /databases/{database}/documents {
match /events/{event} {
function isAuthed() {
return request.auth.uid != null
&& request.auth.uid == request.resource.data.user
&& request.auth.token.email_verified == true;
}
function isReviewed() {
return request.resource.data.reviewed == false
|| request.resource.data.reviewed == "false"
}
function isValidTitle() {
return isValidStringInput(request.resource.data.title, 200);
}
function items() {
return request.resource.data.items;
}
function isValidPerson(item) {
return items()[item].keys().hasAll(['image','type','name','job','age','party','experience'])
&& isValidStringInput(items()[item].image, 100)
&& isValidStringInput(items()[item].type, 10)
&& isValidStringInput(items()[item].name, 50)
&& isValidStringInput(items()[item].job, 50)
&& isValidStringInput(items()[item].party, 50)
&& isValidStringInput(items()[item].experience, 50)
&& isValidNumber(items()[item].age);
}
function isValidParty(item) {
return items()[item].keys().hasAll(['image','type','name','orientation','experience','promi'])
&& isValidStringInput(items()[item].image, 100)
&& isValidStringInput(items()[item].type, 10)
&& isValidStringInput(items()[item].name, 50)
&& isValidStringInput(items()[item].orientation, 50)
&& isValidStringInput(items()[item].experience, 50)
&& isValidStringInput(items()[item].promi, 50);
}
function isValidItem(item) {
return isValidPerson(item)
|| isValidParty(item);
}
function isValidStringInput(input, maxSize) {
return input is string
&& input.size() > 0
&& input.size() <= maxSize;
}
function isValidNumber(input) {
return input is int
|| input.matches('^[0-9]+$');
}
// One can READ
// always ...
allow read: if true;
// One can WRITE, when ...
// writer is logged in
// uid in event is same as uid of writer
// writer has email confirmed
// reviewed is initial set to false
// form/user input is ok
allow write, update:
if isAuthed()
&& isReviewed()
&& isValidTitle()
&& items().size() >= 1
&& items().size() <= 10
&& isValidItem(0)
&& (items().size() < 2 || isValidItem(1))
&& (items().size() < 3 || isValidItem(2))
&& (items().size() < 4 || isValidItem(3))
&& (items().size() < 5 || isValidItem(4))
&& (items().size() < 6 || isValidItem(5))
&& (items().size() < 7 || isValidItem(6))
&& (items().size() < 8 || isValidItem(7))
&& (items().size() < 9 || isValidItem(8))
&& (items().size() < 10 || isValidItem(9));
}
}
}
As far as I know. You still can't use loops in firestore security rules and the linked answer and the example is still valid and shows how you can do validations using functions. This could become unusable if the array grows and it might be better to choose another data structure like an own collection for your items.
Cheers,
Lars
It appears my security rules are failing because they're too long. The two rules that are commented out cause the whole rule set to fail, but when run together in isolation, they both run successfully. Is there a limit I'm hitting that I'm unaware about?
match /transactions/{transactionId} {
allow create, update: if
isSignedIn() &&
validateTransactionSchema() &&
// Succeeds when these rules are left out.
// These rules succeed on their own, but not when combined with others
// (incomingData().categoryId == null || categoryExists(incomingData().categoryId)) &&
// (incomingData().payeeId == null || payeeExists(incomingData().payeeId)) &&
accountExists(incomingData().accountId) &&
isBudgetOwner() &&
isPremium();
function validateTransactionSchema() {
return incomingData().keys().hasAll(['transactionDate', 'accountId', 'payeeId', 'categoryId', 'splits', 'memo', 'amount', 'cleared', 'locked']) &&
incomingData().size() == 9 &&
incomingData().transactionDate is timestamp &&
incomingData().accountId is string &&
(incomingData().payeeId == null || incomingData().payeeId is string) &&
(incomingData().categoryId == null || incomingData().categoryId is string) &&
incomingData().splits is list &&
(incomingData().memo == null || incomingData().memo is string) &&
incomingData().amount is number &&
incomingData().cleared is bool &&
incomingData().locked is bool;
}
}
function isSignedIn() {
return request.auth != null;
}
function isPremium() {
return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isPremium == true;
}
function isBudgetOwner() {
return get(/databases/$(database)/documents/budgets/$(budgetId)).data.userId == request.auth.uid;
}
function categoryExists(categoryId) {
return exists(/databases/$(database)/documents/budgets/$(budgetId)/categories/$(categoryId));
}
function accountExists(accountId) {
return exists(/databases/$(database)/documents/budgets/$(budgetId)/accounts/$(accountId));
}
function payeeExists(payeeId) {
return exists(/databases/$(database)/documents/budgets/$(budgetId)/payees/$(payeeId));
}
function incomingData() {
return request.resource.data;
}
The limit exposed by Bob Snyder has been raised to 10. This should help your situation.
As per: https://firebase.googleblog.com/2018/06/announcing-firestore-security-rules.html
This code is working nice... I dont have problem.
var urls = from lnks in document.DocumentNode.Descendants()
where (lnks.Name == "a" && lnks.Attributes["href"] != null &&
(lnks.Attributes["href"].Value.ToString().Contains("jpg")
|| lnks.Attributes["href"].Value.ToString().Contains("png")
|| lnks.Attributes["href"].Value.ToString().Contains("bmp")
|| lnks.Attributes["href"].Value.ToString().Contains("jpeg")
|| lnks.Attributes["href"].Value.ToString().Contains("gif"))
)
select new
{
Url = lnks.Attributes["href"].Value
};
But This one always return null:
var urls = from lnks in document.DocumentNode.Descendants()
where (lnks.Name == "a" || lnks.Name == "img") &&
(lnks.Attributes["href"] != null || lnks.Attributes["src"] != null) &&
(
lnks.Attributes["href"].Value.ToString().Contains("jpg")
|| lnks.Attributes["href"].Value.ToString().Contains("png")
|| lnks.Attributes["href"].Value.ToString().Contains("bmp")
|| lnks.Attributes["href"].Value.ToString().Contains("jpeg")
|| lnks.Attributes["href"].Value.ToString().Contains("gif")
|| lnks.Attributes["src"].Value.ToString().Contains("jpg")
|| lnks.Attributes["src"].Value.ToString().Contains("png")
|| lnks.Attributes["src"].Value.ToString().Contains("bmp")
|| lnks.Attributes["src"].Value.ToString().Contains("jpeg")
|| lnks.Attributes["src"].Value.ToString().Contains("gif")
)
select new
{
Url = lnks.Attributes["src"] != null ? lnks.Attributes["src"].Value : lnks.Attributes["href"].Value
};
What's my mistake ? and is this a correct way to take images ?
This is the code for image nodes. Make a function out of it and you can use it for any node:
GetLinksFromDocument(document, nodeName, linkAttributeName)
using HtmlAgilityPack;
var urls = new List<string>();
var prefixList = new[] { "jpg", "jpeg", "png", "bmp", "gif" };
var document = new HtmlWeb().Load("http://jwillmer.de");
var imageNodes = document.DocumentNode.Descendants("img");
var imageLinks = imageNodes.Where(node => node.Attributes.Contains("src"))
.Select(node => node.Attributes["src"].Value);
urls.AddRange(imageLinks.Where(link => prefixList.Any(link.EndsWith)));