How can I get author name and last updated date of the documents uploaded in Marklogic Server ?
Unless you've turned off the maintenance of the last-modified property, you can find it on the document's property fragment (you can browse these via Explore mode in query console).
In the future, last-modified maintenance may be off by default, fyi.
I'm not aware of any notion of user account associated with the last modification that is maintained. You'd need to add and maintain that metadata yourself via a trigger or CPF or some other mechanism.
Related
Is it possible in some way to have multiple access conditions that prevent the document to be saved to cosmos if they isn't met.
Today I have an accesscondition on the ETag, to prevent an old version of the document to be saved. But I want to have another condition based on the status of the document. So if the document in my store is in a 'closed' status, it will prevent any from modifying it.
I can always do a load -> check -> save routine, but the accesscondition works like a charm for the ETag so I wonder if there is a way to have multiple access condition specified when saving the document.
Best Regards
Magnus
Based on the detailed statements in below blogs,
1.https://codeopinion.com/documentdb-optimistic-concurrency/
2.https://chapsas.com/understanding-optimistic-concurrency-in-cosmos-db/
ETAG in cosmos db only provides optimistic concurrency and can be used with an AccessCondition in order to ensure that if the document changed between the retrieval and the manipulation attempt of the document.
AccessConditionType only has IfMatch or IfNoneMatch,no more other status.
So,back to your requirements,it seems that you have to add ifClosed item in your document and check it when you do modification to implement your needs.
Suppose that I have a table called persons and that a request to change any information about a person also updates that record's last_modified column. Would such a request still be considered idempotent? What I'm trying to find out is if auxiliary fields can be exempted from the criteria of idempotence.
If any information is changed on the database after a request (a POST request obviously, you would not alter a person record on a GET request) then it's not indempotent. By definition. Unless you only store stats (like logs).
Here it's not the last_modified column which is important, it's the change any information about a person.
A GET request is indempotent, you can take any uri and put it in an <IMG> in a web page, browsers will load it without asking, it must not alter anything in the database, or in the session (like destroying a session is not indempotent). An indempotent request can be prefetched, can run in any prioity (no need to care about the order of several indempotent queries,none of them can impact the other), etc.
I am building a website users have to pay for different functions. For example the user have payed for "packet 1" for the current month and it includes "short messages". How can I check, if a user is allowed to send sms? Updating the user/role relations every night or is there anything more dynamic?
You could add custom voter, where you can check if a user is allowed to use certain service. See example here:
http://symfony.com/doc/current/cookbook/security/voters.html
You can create a table in a database which has a foreign key to a table of which contains different packages, a foreign key to your user table and finally a column which indicates the expire date of the package.
If the package is not found for that user and for that expire date then the user is not allowed to send sms.
You can use some other storage procedures but using a database makes most sense.
Basically: You don't want to update anything, you simply want to store certain information like the expire date (and maybe the starting date if you want to change the expire duration) and compare to that selected value.
I am uploading some documents in Marklogic Server (doc, docx, pdf, txt etc). Now I am building an interface in HTML & XQuery that allows a user to enter a search term and if that matches the contents of any documents, then that document name is displayed in the grid. I am using search:search API for searching. Now I also want to show last modified date and author of the document in the grid. Every windows document have last modified date and author property. But how can I get this information from search:search API so that I can show these information in the grid ?
If you have enabled the settings "maintain last modified," Marklogic keeps the last modified information in document property fragments. However, this is unrelated to the properties information kept in Windows, which are lost by default when you load them in Marklogic.
If you want to retain the Windows properties data, set up a filter in Information Studio to populate the Marklogic property fragments with the data. Alternately, you could write your own XSLT and use xdmp:document-filter() to store the data directly in the document.
Once you have loaded your documents and populated them with the properties you need, you can access the data directly if stored in the document, or using xdmp:document-properties() if stored in document properties.
I'm making a security permission system for a Dynamic Data site based on the article Securing Dynamic Data Preview 4 Refresh. The system contains an additional permission kind: "deny an operation for a record/field if a record is not owned by an user".
If an user can read only own objects, we need to have an always enabled filter in List and check permissions in Details. If an user can write only own objects, we need to check permissions in Edit and Delete, remove "Edit/Delete" links from some rows in List, make "User" field readonly and provide its value in Insert. I didn't think about column-level permissions of this kind yet.
So, the main problem, as I see at this moment: too many places to place the same checks (I didn't even think of malicious user crafting POST data). Also I couldn't make make a field in Insert at the same readonly and having a value which is displayed and saved to DB (I don't want to place that in the model partial classes because I think that there are already too many places that need to be edited to implement this functionality).
Is there a single place to deny a read or write operation with an object depending on the object value?
How can I provide a default value to the field, so that it will be shown on the Insert page, inserted to the DB and couldn't be changed by the user before inserting?
The following assumes you're using LINQ to SQL.
Is there a single place to deny a read
or write operation with an object
depending on the object value?
Reads
I know of no simpler way to restrict reads than to add a filter to all the relevant LinqDataSource controls. If you are able to implement your filter generally, you can write one QueryCreated handler, then add a single line registering your custom handler to all the page templates.
Writes
In the Dynamic Data metadata, add an OnValidate partial method to all the relevant tables. If the current user is not allowed to ChangeAction the given record, throw an exception. You will still have to update all the page templates to hide UI elements that the user does not have access to, but at least you can rest assured that the worst that could happen in some unexpected case is that the user sees an error page.
How can I provide a default value to
the field, so that it will be shown on
the Insert page, inserted to the DB
and couldn't be changed by the user
before inserting?
Perhaps look at some combination of adding an OnCreated and OnValidate partial methods. See also: this answer.