On a Plone 4.3.18 install, how can I restrict access to some published content to only authenticated users?
I need to create a section in the my site which content is visible only to authenticated users, or a specific group of users, but I'm not finding the way to do it in the site configurations.
If you want to do this to some content only, use the Sharing feature
https://docs.plone.org/working-with-content/collaboration-and-workflow/collaboration-through-sharing.html
Usually it's best to post questions to our forum https://community.plone.org/ where more people will see them
Related
I have a question about Graph Api from Facebook. We want to create tool to management accounts in facebook and groups releated with them.
Basic functionality of tool is possibility to add acounts to the system, and then add you can add multiple facebook accounts to each of them. Then, system get all posts from groups releated with facebook accounts.
I did research, and I know quite what is possible and what no, but many endpoints of API requires app review. My question is about this review - wheater app like that, when one user can add multiple facebook accouns and use data (like posts, comments) from them is allowed by facebook and will pass the review?
That depends on what exactly you mean by “accounts” …
Facebook pages? Sure, you can let your app user add as many of those as they like, for the purpose of managing them, reading feed data, etc.
User profiles? That would not really make sense, because every person is only allowed to have one personal profile on the platform to begin with. And adding other people’s profiles (by having them authorize your app, using their access tokens on behalf of someone else) is likely not going to fly in review either.
when one user can add multiple facebook accouns and use data (like posts, comments) from them is allowed by facebook
“Using data” is rather vague as well; what you can and can’t do with user data is outlined in the Platform Policy: https://developers.facebook.com/policy
I have following problem:
I have number of facebook pages, for different websites( some mine, sime belongs to clients, but i manage them)
Now, both my own websites and client's websites should use applications, that will manage apropriate pages.
The only scope for application that I see is manage_pages, but when I grant it application has access to all pages.
How I can grant application access only to one page, so it won't be able to add/remove posts from other pages?
Thanks
i do not think you can do that. Everywhere in Facebook docs it talks about "PageS and Applications that the user administrates": https://developers.facebook.com/docs/authentication/permissions/#page_perms
We have created a Facebook application that is restricted to US only, using the Graph API location restriction method (https://developers.facebook.com/blog/post/574/).
This application has then been added to a Facebook page. However, it appears that admins of the page are still able to see the application, regardless of their location.
So our question is: would it be possible to disallow access to admins of the page if they are outside of the US?
Just to make sure, is it admins, or just because you are the owner of the app.
I have no experience with the restriction functionality but if the above still proves that page admins can view it, then it looks like page admin's can still view it. But there are some other steps you can apply considering people can easily fake location on Facebook anyway.
IP Location
Download GeoIP (free IP address database) and you can lock people out of your app that way as well.
Graph API
Connect to the graph API with their user Id, manually get their location and block based on that.
Or you can use a combination of all of the above.
This is completely intentional - page admins will always see the tabs on their page - there's no way to hide content on a page from the admins of that page.
Broadly, there should be no way to hide content from users who are responsible for that content
I am currently trying to get the posts for a specific user from Facebook's Graph API. I have done this numerous times before using a php script I have developed; but the problem this time seems to be on Facebook's end, not mine.
I am trying to get the posts from (replacing TOKEN with an access token):
https://graph.facebook.com/100001558773450/feed?access_token=TOKEN
The graph won't show any posts by the owner of that page but will show everyone else's posts, and as far as I can see the posts are marked as public, and there are no privacy settings set on the account that would stop it from adding the posts to the graph.
Any ideas?
Thanks,
Nick
Check that you have requested the manage_pages permission to give you full access to the page (if you need access as the "page owner").
Using the access_token you've got, according to this documentation there are three different things that you can select feed, statuses and posts.
I'd give those three a go from https://graph.facebook.com and if what you get back is what you require.
https://graph.facebook.com/100001558773450/feed?access_token=...
https://graph.facebook.com/100001558773450/statuses?access_token=...
https://graph.facebook.com/100001558773450/posts?access_token=...
You need to check the "profile" privacy settings (what to share with apps). But most importantly, this is against Facebook ToS!
You can't use a user profile to represent your business, you need to use Facebook pages instead!
More can found here:
Why should I convert my profile (timeline) to a Page?
Since profiles
(timelines) are for meant individual people, they aren't suited to
meet your business needs. Pages offer more robust features for
organizations, businesses, brands, and public figures, which you can
learn more about here.
Further, maintaining a profile (timeline) for anything other than an
individual person is a violation of Facebook's Statement of Rights and
Responsibilities. If you don’t convert your profile (timeline) to a
Page, you risk permanently losing access to the profile (timeline) and
all of your content.
the question is in the title.
I have been assigned to find out if the following is possible:
I create a group on Facebook. Selected people become members.
On a external website, I want to display all group members with their basic info - picture, name, link to public profile.
I have skimmed the Facebook Dev pages, and so far it seems to me that this is not possible simply with Social Plugins. Do I have to write some sort of App for Facebook? It came to my mind, that there should probably some permission from the group members to display them, is that right? But this probably does only work with an App, not a group. So do I have to create an App and use the Graph API to include the data on the website?
Yes, you will have to create an app. The facepile plugin will show faces, but I do not believe you can target a group with it.
It should be a reasonably straightforward app to create: you will need the user_group permission and I believe that would be it.
If the group is public, just access it by going to https://graph.facebook.com/groupid and to get the members, access https://graph.facebook.com/groupid/members
If the group is private or closed, you will need to create an app so that you can get an access token. Look at their authorization documentation on that (you will probably need to create a temporary dummy website to do the redirects to Facebook and record the token then grant you). You will probably need offline_access to run the call over and over.
With that access token, access the groups api using the url format posted above and with the access_token appended as a query string parameter.