what i have to build is page that have some pages that are restricted and some are not on similar links. I`ll try to explain it on example:
Let's say that i have users in my system (based on FOSUserBundle), and each of them have own account that contains a Blog and Gallery (different controllers). Some of User want to give access to thier Blog and Gallery only for certain group of people (that are not stored in system), so they generate token (only one token, so whoever know token will be able to access area) and sends to Users. What i don`t want to do is to check it in each method of controllers.
So let`s say we have 2 users, steven and stan and first of them want to make his blog and gallery free to see, but second one want to be restricted based on token.
Link would be like this:
/steven/blog
/steven/gallery
/stan/blog
/stan/gallery
Could anybody recommend some solution or any idea how can i try to build it in Symfony2?
Why don't you want to check it into the controllers ? I don't see any others ways to do that, according you want it to be dynamic and possibly changing.
Related
I'm not sure how to phrase my title so I had done the best I could.
I am putting together a Laravel 5 application to which multiple sites can pay to use for their company. This is an application that stores site related content in my database. So all data will be attached to a specific company (site).
Lets say there are 3 sites that want to use my application.
www.site1.com
www.site2.com
www.site3.com
When a user goes to either of those sites and wants to access lets say the name of my project lets say:
www.site1.com/projectname
www.site2.com/projectname
www.site3.com/projectname
It would then be sent to my site where they would log into my system and it would be able to grab the url and match it verify that it is a company that uses my system and then it would be able to keep separate the users and data separated from the other companies who use it.
Is this something that could be worked and if so any thoughts or ideas upon this.
I watched a series on this type of thing from net.tutsplus.com https://code.tutsplus.com/courses/building-multitenant-apps-in-laravel and have the basic idea however the video doesn't cover the situation like mine would with the other sites url coming into play.
We have a site where we are intending to sell access to video tutorials. I have set up Joomla ACL to limit access to those pages only to those users who have been given the relevant access permissions and access is being sold through shopping cart called MijoShop.
This setup is working okay at the moment, but there is bit of an issue with user experience. At the moment it seems I can only stop people from viewing a page, but I can't see an easy way to show them alternative content with Joomla ACL. Ideally, if a logged-in user does not have access to a certain video tutorial page, when they click on the link to the page they will instead see a page giving them an opportunity to buy access to the tutorial. This means that I need a method for showing different content on the same page depending on which Joomla user groups a user is assigned to. Is this possible with vanilla Joomla ACL, or am I going to have to find a content management extension that can add the ability to do this?
You should be able to do that with the Vanilla ACL. IIRC you can setup various groups with access to different tutorials/pages/things - then you can make a member a part of multiple groups - thus giving them access to those things as needed.
If unable to do something like that - then I think George Wilsons comment would suffice for a while and you could implement some if/then/else type statements into the code of the article which would work.
Your best bet however is to try the ACL solution first and foremost as that allows you to keep things generally more easy to manage from a backend perspective.
I'm building an app, and I want to allow users to integrate it with various social platforms. One of the things users can do is post a link to something they created on our site to their Facebook wall. We want to let them specify who can see whatever they post. I think this can be done but using the Facebook dialog, yes? So they can check the names of people who should be allowed to see the link and then follow it to our site.
However, this is fine from the point of view of seeing it on their wall, but we don't necessarily want other people to stumble onto it by accident, or to share it with other people. For this reason, we want to make sure that the person looking at the stuff on our site is a friend of the person who created it.
My understanding is that we can't store friends IDs if they haven't authorised our app. Can we store the id of the post in a way that lets us figure out the friends IDs from that? E.g. user makes post 5678, and specifies that people A, B and C can see it; we store 5678 and then, as it's needed, we request that post from Facebook, check whether the user trying to view the content is either A, B or C and then act accordingly?
Will that work?
Or is there a better way of doing it?
Thanks!
Hello I am looking for a best way to ask/forward user so he/she adds my app to their page
one way is to make them follow the link
http://www.facebook.com/add.php?api_key=[your
application api key]&pages
(http://www.facebook.com/add.php?api_key=1fc2946c634702dfc75cce79c97c8cec&pages -real life example)
wrapping up the question: as facebook has made a lot of changes maybe the above method is the outdated one(though it is supported), and is there are any more ways to get same result?
This is still the best/official method. So long as the API key is valid and you pass the pages flag (blank value) it will prompt a user to add it to their pages, and will give them an option to select which page to post to (if they have more than one page with admin access)
I am building a website in PHP & mySQL. It has frontend and backend capabilities. Only admin can enter the backend by means of username and password. Now if the admin wants to add other sub-admins to the website, he could do so. By this method, a sub-admin will be able to login and perform all actions that the original admin is able to do.
WHAT I WANT TO DO:
I want to restrict the access of the sub-admins at my choice and assign them permissions so that they are able to access only certain portions of the admin panel.
EXAMPLE OF THE FEATURE THAT I AM TALKING ABOUT:
Consider that I have the following links accessible by original admin.
1. Add articles 2. Approve articles 3. Delete Articles 4. Add User 5. Edit user 6. Delete User 7. Change site settings 8. View Financial info 9. Mail center
If I do not set any permissions, then all sub-admins will be able to access all of above links. Say I create 2 sub-admins 'David' and 'Bob'.
Now I want David to access only the following desired sections of the backend:
Add articles, 4. Add User, 7. Change site settings
Now I want Bob to access only the following desired sections of the backend:
Add articles, 2. Approve articles, 3. Delete Articles, 4. Add User, 9. Mail center
I, being the original admin, should be able to access all sections whereas, David and Bob, should be able to see & access only the links and pages (or functionality) that have been assigned to them. I don't have a clue as to how to do this. Also, for example, if I want to restrict a sub-admin to access only 'Add articles' page, then I also want him to access the page that it posts to (considering that the input is on Add articles page) add_articles_next.php page. Also note that 'add_articles_next.php page' does not appear anywhere in the list of links. It is merely a page that is posted to from the page to which the sub-admin has access.
I understand that there is no way for the system to know that unless I explicitly specify it, but yes, that's my question. How to do it? I am not a object oriented person, so PHP code using functions will be great for me.
OTHER LIVE EXAMPLES OF THE FEATURE THAT I AM TALKING ABOUT:
I came across a feature while researching this topic. Click here to visit it. This looks like somewhat similar feature.
Thank you all in advance for any code that you can give me.
This has been asked a number of times before on SO. The keyword to search for is Access Control Lists (ACL). One of the most prominent PHP solutions for ACL is Zend_ACL. It's very generic and should enable you to customize it to your needs.
Edit regarding your comment about object oriented libraries:
Finding an ACL solution that is not object oriented is going to be very, very difficult as there are very few good ACLs for PHP on the market (Zend is about the only one I know, really) and most modern applications are taking a more or less object oriented approach. But don't worry, check out the tutorials. I think you will have no problem using Zend_Acl in a function oriented app. You will need to talk to the ACL via OOP, but that's easy. I don't think you'll have to change your app much. Give it a try, and on a general note, basic OOP isn't difficult to learn. Just give the "Classes and Objects" chapter in the PHP manual a good read.