Provision product with strip and dj-stripe - django

I'm using stripe with DRF and on top of that, I've implemented the library dj-stripe.
Everything works so far but I'm not really sure how to provision my product now. I do have access to the subscription and customer object for every user but these objects are quite complicated / big. I can't really do something like if user.subscription -> do this since the subscription could be e. g. deleted, inactive. I also need a more granular solution since I need to apply limits like:
if subscription.plan.product === "Entry Plan":
# allow user to only create 5 instances
I can't really find information on how to do this elegantly and consistently for an entire app.

If you're looking at the Subscription object for a customer, then yes you will need to check the status of the Subscription to ensure it's still active. dj-stripe appears to have a helper for this.
The implementation of provisioning access to your application/products is up to you, because it depends heavily on your business needs. If you have specific questions about challenges beyond the subscription status, I suggesting asking those clearly so that they can be addressed, but there is no concise way to explain how to generally provision access.
As I side note, I recommended reaching out to the author of dj-stripe with a thank you and ask what you can do to help get the docs for checking subscriptions fleshed out.

Related

Positive/Negative Feedback from Amazon Lex/CloudFormation

Please forgive the completely noob question.
Background: I am not a developer - at best a hobby programmer who has enough knowledge to be dangerous/useful to my superiors. The AWS/Cloud expert at my company just left, gave me a 30 minutes whirlwind tour of AWS and said I'm now the expert...
AWS Cloudformation allows me to provide (basically) a "user" utterance that signifies Positive/Negative Feedback from the user of the bot: WebAppConfNegativeFeedback WebAppConfPositiveFeedback.
How do I process those utterances to provide useful information to improve the bot's responses?
It's stateless, so I'm not sure how to grab the context of the question and feedback to notify our company that some question provided a bad answer (good answer not so important.)
Any help you can provide, at least to point to me how to interpret this information is more than welcome. I hate feeling like a fish out of water...
Hi there and sorry to hear about your predicament.
AWS Cloudformation is a tool set that allows a developer to script the creation of resources; Cloudformation itself is not processing your user's requests.
As you've alluded to, AWS Lex is the service that is used to interact with users.
Here's a link to the Getting Started guide which I hope will help you get a better understanding of just how Lex works so that the rest of this answer makes more sense.
Essentially Lex uses a combination of intents with slots to complete a task. An intent uses utterances as an entry point to understanding what action a user wants to take while slots are used to collect the detail surrounding that action.
As an example, we could have an utterance "set my alarm clock" that activates an intent called SetAlarm. We then need to ask the user for the time that they'd like the alarm to be set for. This value is store in a slot of type date.
We then harness the power of AWS Lambda functions to 'fulfill' the intent. In this case, we will use the given information to set the alarm at the user's specified time.
With regards to your scenario, I am making an assumption that you have two fields called WebAppConfNegativeFeedback and WebAppConfPositiveFeedback somewhere in your Cloudformation script. These contain positive and negative utterances respectively. Again, making an assumption then that these fields are used to either build a Lex bot or it could be that these values are used in a supporting Lambda function to categorise the utterance as either positive or negative.
If it is a case that you have a Lambda function, you should be able to use that function to fire all another process should it be determined that the user's interaction was negative. That process could be an email to a support team etc. The Lambda function would have the conversation state passed in as an argument. You could interrogate this argument to get the context of the conversation.
Please provide more insight if you can so that a more specific answer can be provided.

I can't find some types of Admin Audit Activity Events

I checked this url below,
https://developers.google.com/admin-sdk/reports/v1/appendix/activity/admin-event-names
And created a script to check event for each activity type. After then, I found some activity types are Not listed on this table.
CUSTOM_USER_SCHEMA_SETTINGS
SAML2_SERVICE_PROVIDER_CONFIG_SETTINGS
Could you please tell me where I can get more information regarding them if you have.
Best regards,
For what its worth, I can't find it either
It seems that these activity types are not supported by the API, at least I could not find any way to get those events.
In which cased I would encourage you to make a feature request using this template:
Admin SDK Feature Request
That way Google at least know that there are people who would like to see this. Make sure to justify the request with your practical use case so that they understand why you need it.

Links within email that can edit data in database

I apologize if this is trivial but I thought this would be easy to find but I think the problem is that I'm not sure what I'm looking for.
Basically, I want to send out an email to a customer who had their pickup missed by the pickup truck to help reschedule a new date or cancel the pickup all together depending on which link in the email they clicked.
Using pk's and ID's seemed like a security flaw to link into any view as the URL could be easily altered. What protocols/libraries would I need to use to accomplish such a task? Do I just assign a UUID to each customer in my database and go off that?
Having a UUID to represent the user would be fine, but keep in mind it's just a speed bump. E-mails aren't safe and can be read by a 3rd party. Even with UUID's someone can impersonate another. It sounds like it's a rather low risk issue, though. What's the worst case here? Do you have ways to mitigate it through customer support?
If you wanted to make things more secure, you'd just have a link that would require authentication to make changes to their order. It's a balance between friction with your users and security.
It seems you have the right ideas already. I'd suggest not user pk's just because they are often incremental and it's easy to just iterate through all your customers. UUIDs just increases the number space significantly that it should deter people from doing it assuming there isn't anything to be gained.

Creating apps for facebook groups possible or not?

I'm a member of a facebook group that has contests with artists on a weekly basis. There are over 5000 members to this group, fortunately not all of them participate because at the end of each week there is a voting for the favorite/best artwork of that week. And the admins have to manually go through image by image and count votes. Voting is limited to those who participate in the contest, so the artist places their vote as their image description... or part of it anyway.
I wanted to create an app that would retrieve the photo info from the album to build a list of the submitted images and the artists to make counting votes much easier.
I have, in fact, created such an application but it seems it only works on personal profiles and pages... not groups due to the need to be on a "white list". It strikes me as strange when a group is "OPEN" and an app isn't even allowed to read data there, but OK.
My question is if it is possible to get an app on that white list or at least to build an app specifically for a group for this purpose? I have been unsuccessful in my attempts to find any information on this subject. So, I am asking you all here at stack overflow since you all seem to be in bed with facebook in someway. I am just hoping to get a reply from someone that knows something rather than guessing or assuming.
The last contest had 325 participants and it was entirely too many for a poll.
I do not know if this topic has already been addressed... I used the search but stack overflow uses Google for a site search and because these topics are paginated Google has indexed results to be on a certain page but when you go there the topic is nowhere to be found... not very helpful...
Anyway, thanks for your time and I would be most appreciative of getting a reply rather than the post just getting buried to the point nobody will see it...
I was wondering the same thing for a similar reason.
It appears not:
user_groups
Provides access to the list of groups the user is a member of as the groups connection.
This permission is reserved for apps that replicate the Facebook
client on platforms that don’t have a native client.
https://developers.facebook.com/docs/facebook-login/permissions/v2.0#reference-extended-profile
If anybody discovers otherwise I'd love to know.
I don't know the exact answer of whether apps can be built only for groups without short-listing, but here is an alternative solutions.
If the purpose of this exercise is to limit some functionality (or entries) only to those users who are a member of a group, then why not get the "user_groups" permissions from the user, access his groups through the Graph API and flag users as either being a member of the group or not and extend the functionality accordingly. Perhaps you could even limit registrations to only those who are currently members of the group.

Membership and event API? Or should I do it myself?

I've been tasked with setting up a society's website. I'm a full time Django (at al) web developer so I was happy to take on the task.
Going through the specs, they want to control memberships so that all applications need a "second" (read: sponsor, referee, etc) and then they need to pay a subscription fee to be part of the club.
This club has a number of events with variable ticket prices for lunches and talks to name two. Only members are allowed to see the price per ticket and therefore only members are allowed to buy the tickets.
I had originally planned on farming the event management off to EventBrite and pulling the upcoming events back to the website through EB's API but this members-only constraint looks like something EventBrite can't do.
Then there's processing members subscriptions. I had hoped to allow anybody to register a django.contrib.auth account but leave subscription payment offline but the client would be happier if they could mark accounts as "members", store the subscription data in the database and let the members pay online.
Like with EventBrite, I was hoping I could store rough membership data (whether or not they're allowed to subscribe, a unique token for the user on the API service, their level of membership and their membership's expiry) and there'd be something I could post users off to to process their subscription payment.
I basically don't want to touch any payment systems. Even something as simple as Paypal+IPN is something I'd rather not do (I can and have in the past on other projects) but it's the layer of management that I'd have to build around it (messaging members, creating recurring events, etc) that I'd like to farm out to a third party... Even if they do want an additional percent of the payments processed.
Do any of you know any suitable APIs that cover membership or events or both?
Or is this so complex that I should give up hoping for external help and just knuckle down and do it myself?
I think the google search you are looking for is online membership management. I don't know if any of them play particularly nicely with Django/python, but some of them do include APIs. Almost all of these are companies that charge, either for the system, or on a per-user basis.
If you don't mind installing something yourself, CiviCRM is a free, open source solution that I found with a bit of googling. It's integrates with either Joomla or Drupal (so probably PHP-based). You'd have to put the payment processing in yourself, but it does support payments using PayPal which would take handling payments mostly out of the equation. If you can, choose PayPal Express rather than PayPal Website Payments Pro since you may need to be PCI-DSS compliant to use the latter.