Im new to express, before using express I spent a lot of time with laravel and PHP.
So this is my problems, I have a schema database like this :
Users table :
created_by
updated_by
I want auto fill it with authenticated user id, with laravel I can write something like this
$new_user->request('created_by') = \Auth::user()->id; \\ this code will show or get the information of user who already authenticated
this is the result that I want :
updated_by = 1,
created_by = 1
and how can I do that in express, how to get the authenticated user info???
this is my syntax :
User.update(
{
username: req.body.username,
name: req.body.name,
email: req.body.email,
status: req.body.status,
phone: req.body.phone,
keterangan: req.body.keterangan,
role: req.body.role,
password: bcrypt.hashSync(req.body.password, 8),
created_by : // what should i write ?,
updated_by : // what should i write ?,
},
{
where: { id: id },
}
)
thanks for reading this, and sorry for my bad english.
Solved by my friend help in front end code.
Related
I'm using the template graphcool/templates/auth/email-password with Graphcool and I'd like to add the ability to manage user roles.
This is my definition schema:
type User #model {
id: ID! #isUnique
createdAt: DateTime!
updatedAt: DateTime!
email: String! #isUnique
password: String!
role: UserRole!
}
enum UserRole {
EDITOR,
MODERATOR,
ADMIN
}
I'm already receiving the role in the query and saving it in local storage, but anyone would be able to change it affecting the frontend UI (if we add permissions, we shouldn't worry in the server side). What's the best/secure way to manage it?
Are you using the Graphcool framework?
If you need to setup permissions in the graphcool.yml. I would include the following:
graphcool.yml
- operation: User.create
authenticated: true
query: permissions/User.graphql:adminRole
- operation: User.read
authenticated: true
query: permissions/User.graphql:adminRole
- operation: User.update
authenticated: true
query: permissions/User.graphql:adminRole
- operation: User.delete
authenticated: true
query: permissions/User.graphql:adminRole
- operation: User.read
authenticated: true
query: permissions/User.graphql:user
fields:
- id
- name
- role
- createdAt
- updatedAt
- email
- company
- operation: User.update
authenticated: true
query: permissions/User.graphql:user
fields:
- name
- company
User.graphql
query user($node_id: ID, $user_id: ID!) {
SomeUserExists(filter: {AND: [{id: $user_id}, {id: $node_id}]})
}
query adminRole($user_id: ID!) {
SomeUserExists(filter: {id: $user_id, role: ADMIN})
}
This way the user can only update their name and company. Then the ADMIN user can do read and edit everyone. Only ADMIN users can create or update new users.
Then you're probably asking how do you create new users?
I would use the FaaS code from Graphcool templates for email-password authentication found here:
https://github.com/graphcool/templates/tree/master/auth/email-password
The signup.ts file should you how a new user can signup and then the admin creates a new user for you. Inside the signup function you can default the UserRole to what ever you want.
https://github.com/graphcool/templates/blob/master/auth/email-password/src/signup.ts
I am following the "To-do list" tutorial for meteor and trying to make a few changes to it. I am trying to add a few fields by default to a collection called records(same as the collection tasks until now) when she signs up.
I came across this and wrote the following piece of code in startup/accounts-config.js
import { Accounts } from 'meteor/accounts-base';
import { Meteor } from 'meteor/meteor';
import { Rec } from '../api/records.js';
Accounts.ui.config({
passwordSignupFields: 'USERNAME_ONLY',
});
Accounts.onCreateUser(function(options, user) {
Rec.insert({
"text",
createdAt: new Date(),
owner: this.userId,
username: Meteor.users.findOne(this.userId).username,
});
return user;
});
But my application wouldn't compile and throw this error
imports/startup/accounts-config.js:12:12: Unexpected token (12:12)
Could someone please help me with this? I am new to front end development.
"text" is sitting on it's own without a value, you probably mean this:
text: "something goes here...",
Its probably because you have this.userId. You should use user._id there which is the created user object and user.username for the username.
Rec.insert({
"text",
createdAt: new Date(),
owner: user._id,
username: user.username,
});
As Mikkel said,
There should always be a field and value pair in a query ,
You are passing only value here , This should be like
Accounts.onCreateUser(function(options, user) {
Rec.insert({
field:"text",
createdAt: new Date(),
owner: this.userId,
username: Meteor.users.findOne(this.userId).username,
});
I'd like use this schema as user and login or extend form users.I read documentation and I don't understand how extends from users. how I can make it?
Dipendenti = new Mongo.Collection('dipendenti');
DipendentiSchema = new SimpleSchema({
nome: {
type: String
},
cognome:{
type: String
},
codiceFiscale:{
type: String
},
telefono:{
type: String
},
indirizzo:{
type: String
}
});
I believe you are trying to extend/merge the schema listed above to the users collection. If so, you just need to attach the schema to the collection.
Meteor.users.attachSchema(DipendentiSchema);
UPDATE:
To use this new merged schema, you should be able to do something like:
Accounts.createUser({
username: 'test',
email: 'test#example.com',
password: 'password',
nome: 'Richard',
cognome: 'Ortiz',
codiceFiscale: 'EUR',
telefono: '+39 06 49911',
indirizzo: 'Piazzale Aldo Moro, 5, 00185 Roma, Italy'
});
If you want to make email address optional in your schema, you can add the following to it.
emails: {
optional: true,
type: [Object]
},
"emails.$.address": {
optional: true,
type: String
},
"emails.$.verified": {
optional: true,
type: Boolean
}
UPDATE 2:
Ensure that you are defining and attaching the schema wherever you are trying to make changes to the users collection. It is generally considered a best practice to do your database changes only on the server for security. You could write a method on the server using Meteor.methods({}); and then call it on the client with Meteor.call({}); and pass it your user data. You can read more about this approach the Meteor documentation.
I have a Classroom model that looks like this:
/**
* Classroom Schema
*/
var ClassroomSchema = new Schema({
created: {
type: Date,
default: Date.now
},
participants: [{
type: Schema.ObjectId,
ref: 'User'
}],
lesson: {
type: Schema.ObjectId,
ref: 'Lesson',
required: 'Define a lesson for this classroom',
},
user: {
type: Schema.ObjectId,
ref: 'User'
},
currentTaskIndex: {
type: Number,
default: 0
},
});
As you can see, the model keeps a reference to the user that have created the Classroom (User) and it also has many participants (more Users).
I'm trying to add the functionality to allow other Users (not the creator of the Classroom) to join the Classroom by sending a PUT request to the classroom API with a new User in the participants field. However, since the User sending the request is not the one who created the object, Express is returning a 403 (Forbidden):
exports.hasAuthorization = function(req, res, next) {
if (req.classroom.user.id !== req.user.id) {
return res.status(403).send('User is not authorized');
}
next();
};
What's the best approach/pattern to solve this allowing Users to join Classrooms created by another User but not to do other actions like deleting the object. Other fields might be updated by another participants, like the currentTaskIndex.
Thanks for your help!
You could add a 'master' or 'admin' field to your classroom, and store the Creator's userId in it.
Then you can allow the delete/modify, etc actions only for the user who is master of this particular classroom, while letting everyone in.
I am building an app using Meteor and need to access the stored email address of a logged-in user.
I am currently using:
var userObj = Meteor.user();
console.log(userObj);
to access the user. However, I am only able to access the id. The email address is stored in a nested object that looks like this:
[Object {address="address#gmail.com", verified=false}]
I have tried various ways to traverse the JSON object but can't figure out how to access the value I need.
Meteor.user().emails[0].address works for me.
Here's what the doc says:
By default the server publishes username, emails, and profile. See
Meteor.users for more on the fields used in user documents.
Example user document:
{
_id: "bbca5d6a-2156-41c4-89da-0329e8c99a4f", // Meteor.userId()
username: "cool_kid_13", // unique name
emails: [
// each email address can only belong to one user.
{ address: "cool#example.com", verified: true },
{ address: "another#different.com", verified: false }
],
createdAt: 1349761684042,
profile: {
// The profile is writable by the user by default.
name: "Joe Schmoe"
},
services: {
facebook: {
id: "709050", // facebook id
accessToken: "AAACCgdX7G2...AbV9AZDZD"
},
resume: {
loginTokens: [
{ token: "97e8c205-c7e4-47c9-9bea-8e2ccc0694cd",
when: 1349761684048 }
]
}
}
}
You don't specify how you are authenticating users. For example, if you were using Google authentication only, the email address would be found only in
Meteor.user().services.google.email
So, it depends.
Try this:
Meteor.user().emails[0].address
Regards,