I've a server that receives the real-time updates when the users changes their friendships status with other users (for example: userA).
In my database, I've a table named "friendships" where I sync all the user's facebook frienships. So for each request I need to perform a big cycle where:
I get all friends of userA from facebook
I have to verify if each of this friends is on my server "Users" table
Then, I need to check if already exists a friendship between users
Finally, I can insert a new friendship in database.
So, I'm wondering if there are different approaches to synchronize friendships through Real-time updates.
Related
I am working on a beta-stage writing tool SaaS that is built with NextJS, React, and Django REST. As I’m gaining some user base, I am starting to research on introducing a premium plan to the mix using Stripe.
As most other SaaSs, I will have a subscription-based premium plan which grants access to premium-only features. However, even after days of research, I am still lost how this is commonly implemented in Django/Backend. Here is what I’ve thought of so far, but again, I am not sure if it’s the best/common way to accomplish this.
User model has a ‘premium’ field which is either True or False
Whenever user clicks on a premium-only API call, Django will check if user is premium or not to decide whether to make the actual API call. I currently have a '/user/me/' route which returns basic user information as API GET call.
Upon successful stripe payment, stripe redirects user to the success_url. Then, somehow I will detect when user lands on success_url and then set that user’s premium field to True.
I know this is not the ideal way, because I already see lots of issues/hurdles:
How will I set ‘premium’ field back to False after user’s payment stops
How can I ‘detect’ stripe’s payment to set user’s premium field
Is this feature supposed to be implemented with Stripe customer objects instead? I would appreciate any guidance on where I should be looking for solutions.
If you use subscription on Checkout Session (low code solution), you can add additional key-value pair data such as premium: true in metadata and subscription_data.metadata fields when creating a subscription.
Once the payment is completed, those metadata will appear in checkout.session.completed and customer.subscription.updated webhook events, which you can then set the user as premium in your own database.
A customer object in Stripe can have multiple subscriptions, so this feature will be implemented on subscription object instead.
I am creating backend for a messaging application. I want it to be mostly a web app so would have to store the list of people with whom a user chats and all the messages in the server. However, I also wanted to have the ability to extend it and use the same backend for a mobile app. So I was thinking of having a separate database or table for every user and only open the connection to it when a user connects to the backend using WebSocket. However, according to this post, it seems that in most cases, it is better to have a single table and have many to one relation. So what would be the best choice in my usage? Also, how can I go about implementing that in Django?
I'm building a lightweight web interface to SSRS where web app users are mapped to web app roles, which in turn are mapped to SSRS users.
The reason for this convoluted scheme is not up for debate: In short, AD groups can't be used, the site uses Forms auth and there are a fixed number of roles.
Web Role | SSRS User
Admin | AdminUser
Supervisor | SuperUser
User | BasicUser
Guest | GuestUser
The goal is to enumerate all reports a user has permission to view, and allow the user to view the report with the ReportViewer control.
More importantly, it's to simplify the UX for users, both admins and the rest: preventing admins from having to use the Report Manager website (ie, selecting checkboxes rather than hand-typing which web-role-users have access to which reports), and providing a simple UI from which users can see and execute all their reports.
Everything works OK when the user is the AdminUser.
However, I'm having difficulty calling the web service when the user isn't included in a Policy on the Home/Root folder with at least the Browser SSRS role. (The permissions granted to user 'computer\username' are insufficient for performing this operation.)
This is problematic for a couple reasons:
If every user must be a Browser to connect to the web service and enumerate reports they have access to view/execute, then all users will have access to all new reports/folders by default. (Children automatically inherit new permissions)
If a report exists in a nested folder that does not inherit permissions and the user is not a browser of, but the user is a Browser on the nested report, ListChildren() will not return that report.
It seems this leaves me with 2 less than ideal options:
Don't call the web service with the different users. Instead, enumerate reports with ListChildren() using only the admin user. Then, for each report, call GetPolicies(), and from that collection of policies, determine what reports the user is able to view.
Make the call with different users. Live with the pitfalls of newly-published reports being accessible to everyone by default, until permissions are changed. Also live with the pitfalls of nested reports not showing unless the user has access to that path. If an admin wants a nested report within a folder with explicit permissions to be available to a user who can't see that folder, the policies on all ancestor folders and their children must be modified.
#1 is obviously very unwieldy and inefficient. But #2 has significant drawbacks and becomes just as onerous & inefficient when setting permissions in certain situations.
Is there a better way? Have I missed something obvious?
[edit]
A 3rd option is to query the ReportServer database directly using a query like this. This has the benefit of returning everything the user has access to, regardless of whether or not it exists in a subfolder the user cannot access (aka, cannot use the web service's ListChildren method to retrieve). However, if using AD groups, I would have to know which groups the user is a member of, whereas the web service would do this for me. This option feels like a bit of a hack to me, but it could work.
As it turns out, we ran an end-route around this issue by dropping the requirement to restrict report access by web role, and made the path we query in the web service a web.config setting that can change, thus allowing report authors to 'hide' reports in a parent folder if the need arises in the future.
The best solution would have been to query the ReportServer database directly.
However, the client changed their mind & didn't want to restrict reports based on web user role in the end, so problem solved!
One of the actions we encourage within our Facebook app is inviting your friends to try it. Is there a way to see how many friends each individual user invites? For instance, if we ran a contest that gives away free swag for anyone that invites 10 or more friends, how could we track which users that fit that criteria?
Such a contest would be explicitly against Facebook's policies, and forcing or incentivizing users to send out requests en-masse results in higher spam reports which may result in your app losing the ability to send requests, but:
You can use the callback of the Requests Dialog which contains the request ID and the list of recipients to track who the requests were sent to
And/Or
You can use the data attribute of the request to store tracking information, and extract that when processing the accepted request
I'm experiencing some inconsistent behaviour when trying to read achievements from my app. I have 3 tests accounts, 2 of which I can read achievements. However the 3rd account always returns an empty array. All 3 accounts have the publish_action permission and I've tried using both the user and app access_token. Here's the query:
https://graph.facebook.com/{uid}/achievements?access_token={app_access_token}
or
https://graph.facebook.com/{uid}/achievements?access_token={user_access_token}
Now I know the 3rd account has achievements as I get an error when I try to give it an achievement it already has and the game ticker correctly shows the achievements it has earned.
Make sure the third user has granted "user_activities" extended permissions so that the activities can be read, not just published. You can verify this by calling /me/permissions.
Have you checked the facebook layout regarding achievements in your app? since in my FB account I can roll over my own achievements and I get a full list of the achievements configured with each game and in other acocunt that info is not available. The other distinctive feature is I see my thumbnail picture over the main facebook bar (the blue one next to log in)