I am drawing a diagram of use-case using ArgoUML, I have a scenario in which user can update status but after sign in to the application , in that sense i need to extends update status after sign in or make it a new separate usecase or generalize it.
Thank you
Login is not a use case simply because it does not bring any value to the actor. It is a constraint. Just draw the association from user to update status (use verb substantive, not a concatenated identifier). You can put the login association inside the use case.
Ask yourself for a use case: what value does it add to the user? The login does not add any value. My value on SO for example is that I can ask question or that I can earn points be answering questions. So they are use cases "ask question" and "answer question".
Related
I am trying to use django-river to track and control the flow of objects in my application.
In particular, I have objects representing document that will pass from the author to a reviewer and then on to a production team, ideally based on a view controlled by a button press. I was intending to have an owner field that could be changed to indicate who currently 'has' the document.
Can someone please give me a short example of how this might work?
Thank you!
I am currently trying two methods of web service API (Moodle 2.6) to call with REST:
1 core_course_get_categories
2 core_course_create_courses
With both I have the following problems:
1
The function returns me categories back but unfortunately no subcategories. Even if I add like the documentation says the parameter "addsubcategories = 1", only the top-level Categories are sent back. An idea what the issue could be?
2
The course creation works so far, but I would like to assign the instructor to a specific user. Now when I create a course, it is indeed created under the users with the WS-rights. Is there a possibility to change the instructor?
Short background:
We have a central system where teachers can save new course information. Here should you have the opportunity to create a Moodle course immediately. We have in both systems a unique identifier of the user that should become the instructor. Of course, must be prior to the course, the Category / Subcategory be selected.
I would be happy about feedback!
This is a very late answer however I think it might be a valid solution to the first issue above and hopefully will help someone with similar issues.
A webservice user with the permission moodle/category:manage will be able to see all categories, hidden or visible as well as all levels of categories.
However there is no mention of this restriction in the Moodle API docs (that I could find at least).
Hope that helps anyone with this issue in the future.
Regards
I have a question regarding some action accessing, i'm not talking here about authorization etc, but more about the direct access to actions.
Basically i have 2 question, 1 general and 1 more contextual:
Situation imaging i have an action : MyArticles/DeleteArticle/id
1) How can i prevent that if someone will just put this url with a proper id remove article? How can i say that it can only be used with a button on my website? And should this action be a get or post?
At this moment i use $.ajax and GET method ....
2) Now imagine i have many people, and if all th ppl are registered, they can delete each others article, what if i want to avoid that and let users only delete their own articles, because at this moment for example if they can guess the id they can directly access the action with id and delete it.
Can anyone provide explanation and some tips about that?
i'm not talking here about authorization etc
Yes, you are. The authorization to delete the article should take place within the action itself, it's not the responsibility of the calling code or of any UI which displays a link to the action.
How can i say that it can only be used with a button on my website?
I imagine any approach to that is going to complicate the issue tremendously. Understand how HTTP requests work... Your application isn't making the request to the action, the user is. They're doing so (in the general case) by clicking a link on an interface provided by your application, but the request itself is coming from the user. (Well, from the user's web browser, which is in their control and not yours.)
The most straightforward approach to this is to encapsulate authorization in the action itself (or, better still, in the model functionality being invoked by the action... but logically that's still part of the "request" being performed).
When you expose a piece of functionality which not everybody should be able to invoke, put the authorization on the functionality itself instead of on the UI which invokes it. That way no matter how it's invoked it always maintains the authorization, instead of just assuming that some other component maintained it.
You have a lot of control in MVC with respect to the USER. To allow a user to delete only his own work, you must remember in the database who wrote what. If this is the case - and you know it, a simple if statement in the beginning of the action will do the trick.
Suppose you created a class class Story, and you also created an Admin panel for this, StoryAdmin. This is referring to a common scenario in making a Django Application.
Now, in story admin, you want to assign certain fields to be displayed. There is currently no auto-complete for this, but there is hippie complete. ALT + /.
But this only goes so far as suggestions within the current page one is working in. How does one extend hippie complete to extend to other files that one has created?
This feature is available in Sublime Text 2. If a more elaborate example of what I am talking about needs to be demonstrated, please say so in the comments.
If this question is not appropriate for SO, vote to close it.
It's not supported yet in PyCharm, please vote for this feature request.
I would like to have a system where my users can invite their friends. We prefer not to use a URL shortener when sending the invite link but it is also important that the link be relatively short. I am thinking the best way to accomplish this is just give each user a "profile username" like "tonyamoyal12" and let them request a new unique one if they want.
When my users send out invites, it will send out a URL like http://mydomain/invite/profile_username and essentially if the invitee logs in at that URL, the inviter gets credit. Can anyone think of drawbacks to this approach? Most invite URL's have hashes to verify the integrity of the invite but I think my approach works fine.
UPDATE
The profile username is that of the INVITER not INVITEE. So a user signs up on the INVITER'S profile page and therefore the inviter gets a "point" for having someone sign up on his page.
Thanks!
In these types of systems, you don't usually assign any user data (i.e., user names) before the invitee has actually signed up, and it may be a bit of a pain to get that kind of URL working depending on the framework you're using.
The process is normally:
Invite a user, which sends them an e-mail.
Invitee clicks through a link in the e-mail to go to the site's main registration page.
Invitee registers with a valid user name of their choosing, and based on some unique random key (included in the clickthrough link), you can do your business logic with the two users involved (add to friends list, or whatever).
The drawback to generating your own user names is that they're more likely to be guessed than a random number, because you'll likely use English words in them. If you generate and assign random user names (i.e., "s243k2ldk8sdl"), the invitee is not going to be pleased since they have to do extra work to change the user name, or somehow remember that name.
EDIT, since I didn't understand the question very well.
I think the scheme is fine, except I would just use the invitor's user name in the URL and not allow them to change it (why allow it?). The only issue is if there is some kind of limit put on the number of invites (or maybe there is a reward for each invite), where you'd want to secure each clickthrough with some kind of unique hash value only valid for the invitor's URL.
EDIT 2
Since the users in the system do not have user names assigned, you could go either way. Allowing "user name" assignment on a first-come, first-served basis would be fine, as this would let everyone share their URL more easily with friends since it's memorable and can simply be typed in. However, that goes out the window if a unique key is required to sign up... in which case, it's going to be simpler to just not implement the user name thing and direct everyone to a single registration page of some kind.
Why not just create your own bespoke URL shortening?
If the reason you are avoiding URL-shortening is that you don't want to depend on external companies then that could be a good solution for you.
You can't independently track the invites. At some point you may want to know how many invites went out from a user vs. how many were accepted. With this single URL system you can't track that information.
Bots can easily be written to spam such a system. (Perhaps solved with captcha on resulting pages)
well if the website is large you will get name conflicts, and you will be dependent on the inviter putting in the invitees name which they could do poorly.
If you want to do it that way then you will have to deal with name clashes.
Also it is possible that someone could come along and decide to randomly type in names to see if they get it hit. Say I wanted to be nosey and spy on a friend to see if they are sending out invites to other friends.
EDIT: ahh ok. well if they are just clicking a link to go to the inviter then thats not a problem. That seems perfectly normal and there is no secret about exposed usernames.
You could create a unique hash for each invite and keep an association of hashes with user names. This would require a bit of storage overhead, but you could have expiration of invites to help combat that.
So http://mydomain/invite/RgetSqtu would be an example link, with a DB table that stores RgetSqtu/profile until it is used.
You would probably want to provide a helpful error page if the hash could not be found, like the following:
We are sorry but the invite you entered could not be found. This could be caused by the invite being typed incorrectly, being used already, or being too old (invites expire after 3 days).
I'd suggest passing the inviter's username in the querystring, and have that querystring fill either an editable or non-editable textbox on the new user registration page. That way you still have just one registration page, the URL is short, and users get credit for referring friends.
http://mydomain/invite/register.html?inviter=invitersUsername
leads to
First Name: _________
Last Name: _________
Referred By: invitersUsername
If I understand the setting correctly an existing user creates invites by giving emails of their friends to which your system will send a mail with in that the [inviteUrl]/[inveter'sUserName].
So in the case I send a mail to invite you, the url would be:
www.yourThang.com/invite/borisCallens
Every time somebody visits this I (the user borisCallens) gets a point.
What would stop me from visiting this url a gazillion times and thus win the invite-your-friend game?