Create users dynamic names and assgin roles
You cannot use variables for object names. You can cheat
exec sp_addlogin @User_name, @password;
Either that or construct dynamic SQL, but make sure to use QUOTENAME to prevent SQL injection.
Create user with roles inside stored procedure
Personally, I would do this:
CREATE PROCEDURE dbo.CreateUser
AS
BEGIN
/*** Creating User ***/
DECLARE @SQL NVARCHAR(MAX)
SET @SQL = N'CREATE USER [PRODUCTION\user1] FOR LOGIN [PRODUCTION\user1] WITH DEFAULT_SCHEMA=[dbo];' + NCHAR(13) + NCHAR(10) +
N'CREATE USER [PRODUCTION\user2] FOR LOGIN [PRODUCTION\user2] WITH DEFAULT_SCHEMA=[dbo];';
--PRINT @SQL; --Your debugging best friend
EXEC sp_executesql @SQL;
SET @SQL = N'ALTER ROLE db_owner ADD MEMBER [PRODUCTION\user1];' + NCHAR(13) + NCHAR(10) +
N'ALTER ROLE db_owner ADD MEMBER [PRODUCTION\user2];';
--PRINT @SQL; --Your debugging best friend
EXEC sp_executesql @SQL;
END
This gets rid of the sp_addrolemember
procedure, which is deprecated. It also splits the creation and memberships into 2 separate batches, to ensure that the users have indeed been created.
Dynamically adding roles to a user
I think you would do better setting up a custom voter and attribute.
/**
* @Route("/whatever/")
* @Template
* @Secure("SUBSCRIPTION_X")
*/
public function viewAction()
{
// etc...
}
The SUBSCRIPTION_X
role (aka attribute) would need to be handled by a custom voter class.
class SubscriptionVoter implements VoterInterface
{
private $em;
public function __construct($em)
{
$this->em = $em;
}
public function supportsAttribute($attribute)
{
return 0 === strpos($attribute, 'SUBSCRIPTION_');
}
public function supportsClass($class)
{
return true;
}
public function vote(TokenInterface $token, $object, array $attributes)
{
// run your query and return either...
// * VoterInterface::ACCESS_GRANTED
// * VoterInterface::ACCESS_ABSTAIN
// * VoterInterface::ACCESS_DENIED
}
}
You would need to configure and tag your voter:
services:
subscription_voter:
class: SubscriptionVoter
public: false
arguments: [ @doctrine.orm.entity_manager ]
tags:
- { name: security.voter }
passing dynamic input to flask-user @roles_required decorator
I'd just do it in the view:
@route('/api/<userid>')
def my_homepage(userid):
if current_user.id != userid:
abort(403, "You can't access that")
Adding Dynamic roles to users discord.py
It should be typehinted to simply discord.Role
async def artole(self, ctx, role: discord.Role, user: discord.User):
Avoid hard-coded roles and use dynamic ones
If you want to have dynamic roles, then why not just create an entity with roles and add a ManyToMany relationship to the User entity. Using this approach, you will be able to dynamically assign the necessary roles in your admin panel and also more conveniently build your sql requests when necessary.
Role entity
/**
* @ORM\Entity()
* @ORM\Table(name="roles")
*/
class Role
{
/**
* @var int
*
* @ORM\Id
* @ORM\GeneratedValue(strategy="AUTO")
* @ORM\Column(name="id", type="integer", unique=true)
*/
private $id;
/**
* @var string
*
* @ORM\Column(name="name", type="string", length=225, unique=true)
* @Assert\NotBlank()
*/
private $name;
}
User entity
/**
* @ORM\Table(name="users")
* @ORM\Entity(repositoryClass=UserRepository::class)
*/
class User implements UserInterface
{
/**
* @ORM\Id
* @ORM\GeneratedValue
* @ORM\Column(type="integer")
*/
private $id;
/**
* @ORM\ManyToMany(targetEntity="Role",cascade={"persist"})
* @ORM\JoinTable(name="users_roles",
* joinColumns={@ORM\JoinColumn(name="user_id", referencedColumnName="id")},
* inverseJoinColumns={@ORM\JoinColumn(name="role_id", referencedColumnName="id")}
* )
*/
private $userRoles;
// other properties
}
Related Topics
Re-Use Aliased Field in SQL Select Statement
How to Call a User Defined Function to Use with Select, Group By, Order By
Ms SQL Server Last Inserted Id
What's the Asymptotic Complexity of Groupby Operation
How to Perform the Same Aggregation on Every Column, Without Listing the Columns
Does Ms Access Suppress Primary Key Violations on Inserts
Concat Group by in Vertica SQL
Join Two Different Tables and Remove Duplicated Entries
Grant Access to Just One Schema in Postgresql
How to Update with Inner Join in Oracle
MySQL - Concatenate Two Tables
Insert into Values with Where Clause
Phpmyadmin - Total Record Count Varies
Executing Ssis Package with SQL Authentication
Escaping Strings Containing Single Quotes in Powershell Ready for SQL Query
Is It Better to Do an Equi Join in the from Clause or Where Clause
How to Implement Logging and Error Reporting in SQL Stored Procedures