I am writing an application where, after successfull login and based on the user profile, the user can only see certain activities. For instance, if user has profilA, he can only see Activities A, B, C. If he has profilB, he can only sees Activities D,F,G.
Note that I could write 2 applications and my problem is solved easily but the requirements are the app should manage profileA and profileB.
I was thinking about custom permissions to implement this. Where each activity will be restricted with a custom permissions. For instance, Activities A,B and C would be restricted with com.myapp.permissions.profilA. And Activities D,F and G would be restricted with com.myapp.permissions.profilB.
While searching again, I have found the permission-tree element and the PackageManager.addPermission(PermissionInfo info).
The javadoc of addPermissionsays :
Add a new dynamic permission to the system. For this to work, your package must have defined a permission tree through the tag in its manifest. A package can only add permissions to trees that were defined by either its own package or another with the same user id; a permission is in a tree if it matches the name of the permission tree + ".": for example, "com.foo.bar" is a member of the permission tree "com.foo".
The idea that I have is, define a permission-tree, after successfull login, based on the user profile, "sets the custom permissions" of the application. I don't know if it's possible.
It's a similar feature when certain apps hide some admins features to their users. I am thinking of similar functionality.
Is it possible to achieve this functionality? Or do I need to think for another solution?
I am open to all propositions.
There is an easier way to go about about. In your API, create a user_code for each user so that after a successful login, you can get the user_code for the currently logged in user. Once you get the code say in the Home/Dashboard Activity, you can check if the user is allowed to access a certain activity and if they are not allowed, you can probably return an alert dialog telling them that they don't have the rights.
It seems that defining custom permissions to restrict access to certain activities is not exactly what you need. Seems to me that you're going on the wrong direction...as the documentation states...creating custom permissions is relatively uncommon...I mean permissions were designed to reduce security issues and sandbox applications from each other....the latter doesn't seem to be your case.
Anyway, it is extremely uncommon...IMHO, to create custom permissions for the mere purpose to restrict access to certain activities. Especially, because the same way you login a user and the same way you determine what a specific user is allowed to do...it's exactly the same way you can determine when to restrict access to a specific part of your app
Not really sure why you would need to rely on the permission system to do this. What I'm thinking is that you can just create logic to disable whatever features that would lead to those Activities from being launched based on the logged in profile.
If your activities don't have any filters that would allow them to be launched implicitly by another intent, then that means your app complete control over when they're launched.
Use the login result to control what you display to the user. If you wanted to, you could create two separate XML layout files. One that has buttons for A, B, and C, and the other that has buttons for D, E, and F.
Just because an Activity exists doesn't mean it's automatically displayed to the user as an "entry point". You're doing that through what you display in other activities.
Related
I wish to show my other apps under "More Apps" section of while exiting.
What is the the best way to do it ?
Is there is any common library to add my app icon and link of my app. so that It can be shown at the time of interest. It would be great if it is scrollable
Thanks is Advance !
Well since these are your apps you can simply hard-code the icons into a RecyclerView or ListView along with a link leading to Google Play. This really doesn't require a third-party liubrary as it can easily be done by yourself.
If you really want to allow for future expansiveness, you could use a cloud platform like parse where you store the names of different apps as parse objects along with a link and an image (logo). Then you could write a custom adapter for your list which takes the parse objects from your cloud, and populates itself with the logo,link,title,etc.
This is really a matter of comfort and preference rather than finding a library to do this for you. If you need help, feel free to ask, and good luck!
You can show a 'Dialog' asking if the user cares to check some of your other apps with two available options: 'yes' and 'no'. If the user chooses
'no', close the dialog, if he chooses 'yes' - redirect him/her to the following url:
https://play.google.com/store/apps/developer?id={Your-Google-Account-Name}
This link will be opened either in the browser or in the Google Play app, whichever your user prefers, and it'll show him/her the list of all your apps.
You can try overriding finish() (Documentation) method inside your Activity. If you're using multiple Activities, consider creating a base Activity so that you don't have to implement this in each Activity.
That said, please consider not doing this. As a user, I'd be super annoyed if I'm trying to close your app and you're not letting me do it. That'd be instant uninstallation from my side. Never annoy your users. Respect their experience.
I want to add a web page navigation Activity in my Android application, and I find that I need to use CATEGORY_BROWSABLE. The description says:
By supporting this category, you are promising that there is nothing damaging
(without user intervention) that can happen by invoking any matching Intent.
Can someone tell what risk is Android is trying to highlight here ? What could be damaging in handling web page navigation ?
Operations such as invasive edits to an account, deleting contacts and text messages, downloading files without user permission, etc. are considered damaging without user intervention.
As this category can be added to any activity (webview-based or not), the line you quoted is meant as a general rule of thumb for developers who decide to flag their activities (webview-based or not) as BROWSABLE.
I am researching how to autenticate and authorize user within Android application
For autentication there is the AccountManager but I am not sure how to check whether the user is signed in or not. I know how to set up AccountAuthenticatorActivity and AuthenticatorService but I am not sure how its connected with the application.
Am I supposed to call some check on every onCreate in every activity to ensure that the user is signed in or does the service does that for me somehow?
If I am supposed to do some regular checking, what is the best practice towards where such checking should be called?
It depends on your application, really. Unless you have a requirement for very strict security, like a financial application, government application, etc. I think you could get by with a simpler approach. For example, after a user logs in (however you choose to implement this) store a value in SharedPreferences to denote the user has authenticated. From here, you could do one of the following:
If your application requires you authenticate every activity/fragment you launch, simply check this SharedPreferences value. You could also create a base activity that all your other activities extend and do your authentication check there.
If you only need to authenticate once, modify your launcher activity in your manifest to check for this value. If the user has authenticated already, create a new Intent for your 'home' activity and redirect your user and finish() the launcher activity.
As always, it depends. Do you need to protect the whole app? or some particular activities or some fragment in some activities. Take a look at Mint app.
It asks the user to enter pass code to access app. For something like this, create a base activity and make all activities in your app inherit this and do the checking in the base activity.
If you need to secure just some activities, create a base activity
just for these activities and do your security check there.
If it is for some portion of an activity, You have to roll up something specific for your workflow.
Just a tip, Try to split your question into smaller problems, it makes easier for people to answer.
As I understand it, ContentProvider - is the data on the global level of the whole device?
The questions:
1) Is it possible to develop and distribute only ContentProvider (no Activity, ie not as a complete application, but only as data)? Does anybody do so? And when?
As for the user it will look like? What is the difference between build of ContentProvider and build of normal application?
2) If another developer wants to use my ContentProvider, then how he will be able to access the column names and other data necessary to work with my ContentProvider? I have to give the library?
Sorry for my English.
Thanks
1) Is it possible to develop and distribute only ContentProvider (no
Activity,...
You have to add at least one Activity to your App to be launched by user.In fact forsecurityreason all services,receivers,... that you declare in manifest,will not register unless your App run explicitly by user and this needs to a Main/Launcher Activity.So you have to add such Activity to your App.
2) If another developer wants to use my ContentProvider,...
You have to publish documentation in about your App.
1) Is it possible to develop and distribute only ContentProvider?
Ans:- You need to add at least one activity to your application and all the resource in the menifest will be registered once your app will be launched explicitly.
2) If another developer wants to use my ContentProvider..
Ans:- You need to provide the proper documentation for accessing the content. Other developer can use the content of your app b using the URI which is defined with your ContentProvider.
What would be the best strategy to define custom (application specific) permissions in Android?
I have an application of which part of it is accessible without requiring a login. But part of the application functionality is to be restricted to users who actually have logged in. I was trying to think of the best way to do this on Android and was thinking on the lines of defining a permission in the android manifest. But is this is the right tool for the job?
I come from a world where user permission are as easy as putting annotations on the class #admin, #manager. Nothing of that I suppose in the Android world.
Also my concern is I do not want the user to see my custom permissions while installing the app since it might just confuse/scare him for no reason.
Wanted to ask how people approach this issue? Do they just hardcode a utility method isLoggedIn() and call it before executing anything that requires permission?
I maintain a cookie when a user logs in. If that cookie is not set, I give them the un-authenticated experience. If the cookie is set, I use it to make service calls.