I'm working with user properties in Sakai and I wish that through some Tool I'm developing a Teacher can alter some properties according to some criteria. I've selected the function user.upd.any in the Realm Role configuration but I keep getting the following error when I try to change the User:
org.sakaiproject.user.api.UserPermissionException user=d1dbdfee-d247-44e4-b5c2-d3d787c829ca function=user.upd.any resource=/user/115cf182-17b0-4f2c-a8fc-34fcbe98bac7
at org.sakaiproject.user.impl.BaseUserDirectoryService.unlock(BaseUserDirectoryService.java:270)
at org.sakaiproject.user.impl.BaseUserDirectoryService.editUser(BaseUserDirectoryService.java:1085)
This is the code that generates the stacktrace:
UserEdit ue = userDirectoryService.editUser(userId);
ue.getProperties().addProperty(name, value);
userDirectoryService.commitEdit(ue);
The code should have a if(userDirectoryService.allowUpdateUser(userId)){...}, but I will put this just when this permission issue have been troubleshooted (if I put this now, nothing happens: no permission)
Any advice?
Thanks
Related
Does anyone know the method / commands to send, to enable and use multi-config support so I can store application specific data?
The SDK 2.0 Developer Guide mentions the AT*CONFIG_IDS command, but I'm not able to make it work. I'm trying the sample commands below:
// set the application ID
AT*CONFIG=12,"CUSTOM:application_id","2902050D"
// clear config ack
AT*CTRL=13,5,0
// set application description, using new app id
AT*CONFIG_IDS=14,"00000000","00000000","2902050D"
AT*CONFIG=15,"CUSTOM:application_desc","My SDK Test"
// clear config ack
AT*CTRL=16,5,0
// re-read config data
AT*CTRL=17,4,0
AT*CTRL=18,5,0
But in the returned config, nothing has changed:
custom:application_id = 00000000
custom:application_desc = Default application configuration
I've also tried prefixing the first CUSTOM:application_id config command with an CONFIG_IDS command but with no avail:
// set the application ID
AT*CONFIG_IDS=11,"00000000","00000000","00000000"
AT*CONFIG=12,"CUSTOM:application_id","2902050D"
Any ideas as to what I'm doing wrong?
After some trial and error, it seems that all configuration names should be all lower case; despite the category being upper cased in the Developer Guide examples.
Therefore the following works fine:
AT*CONFIG=12,"custom:application_id","2902050D"
AT*CTRL=13,5,0
AT*CONFIG_IDS=14,"00000000","00000000","2902050D"
AT*CONFIG=15,"custom:application_desc","My SDK Test"
AT*CTRL=16,5,0
AT*CTRL=17,4,0
AT*CTRL=18,5,0
I found that in:
kamctl db show presentity
Is the presence information of the users, but how can I errase such entry? of a user?
And how can I define only one entry in that database by user?
I use this code, when I receive a publish but this adds a new entry every time.
if(is_method("PUBLISH"))
{
if($hdr(Sender)!= NULL)
handle_publish("$hdr(Sender)");
else
handle_publish();
t_release();
}
The idea is have the possibility of a user publish multiple times, but have just one entry.
You can use this: https://www.kamailio.org/docs/modules/stable/modules/presence.html#presence.p.xavp_cfg
To order by timestamp you just need this line modparam("presence", "xavp_cfg", "pres").
This way, I think that your problem is solved.
Let me know if it's result.
I'm trying to setup my own Zend_Session_SaveHandler based on this code
http://blog.digitalstruct.com/2010/10/24/zend-framework-cache-backend-libmemcached-session-cache/
This works great, except that my session_id behave mysteriously.
I'm using the Zend_Session_SaveHandler_Cache class as you can find it in the blog above (except that I parked it in my own library, so it's name now starts with My_).
In my bootstrap I have:
protected function _initSession()
{
$session = $this->getPluginResource('session');
$session->init();
Zend_Session::getSaveHandler()->setCache( $this->_manager->getCache( 'memcached' ) );
}
To get my session going based on this code in my .ini file
resources.cachemanager.memcached.frontend.name = Core
resources.cachemanager.memcached.frontend.options.automatic_serialization = On
resources.cachemanager.memcached.backend.name = Libmemcached
resources.cachemanager.memcached.backend.options.servers.one.host = localhost
resources.cachemanager.memcached.backend.options.servers.one.port = 11213
So far so good. Until somebody tries to login and Zend_Session::rememberMe() is called. In the comments of Zend_Session one can read
normally "rememberMe()" represents a security context change, so
should use new session id
This of course is very true, and a new session id is generated. The users Zend_Auth data, after a successful log in, is written into this new session. I can see this because I added some logging functionality to the original class from the blog.
And here is where things go wrong. This new id isn't passed on the Zend_Session apparently, because Zend_Session keeps on reading the old id's session data. In other words, the one without the Zend_Auth instance. Hence, the user can no longer log in.
So the question is, how to make my saveHandler work with the new id after the regeneration?
Cheers for any help.
Ok, I'm blushing here....
I was looking at the wrong place to find this error. My session saveHandler was working just fine (so I can recommend Mike Willbanks his work if you want libmemcached session management).
What did go wrong then? Well, besides switching from file to libmemcached, I also switched from setting up my session in bootstrap to setting it up in my application.ini. So, instead of putting lines like
session.cookie_domain = mydomain.com
in my application.ini (which were then used in bootstrap as options to setup my session), I now, properly, wrote
resources.session.cookie_domain = mydomain.com
And this is were things went wrong, because.... I only changed those lines for production, I forgot to change them further down the ini file. In other words, my development env. got the cookie_domain of my production env., which is wrong as I use an other domain name during devolepment. So, on every page load, my cookie was invalidaded and a new session started. Mysterie solved...
I want to customize Surf Platform Root-Scoped API specifically user object. That means add new property or method to user object to check the user is in certain group in header.inc.ftl [in share] like `<#if user.isAdmin>
How can I implement this?
Is Alfresco Root Scoped Objects can be used as Surf Platform Root-Scoped object?
I have no idea of customizing surf platform root object. Can anyone help me???
Not quite sure what you are trying to accomplish, but the role security model is hardcoded in spring-surf/spring webscripts. There is guest, user and admin. If what you want is another analogous role you'll have to hack the spring-surf libaries, namely:
org/springframework/extensions/surf/mvc/PageView.java
org/springframework/extensions/webscripts/ScriptUser.java
org/springframework/extensions/webscripts/Description.java
org/springframework/extensions/webscripts/connector/User.java
This is what I had to do to implement user.isEmployee. This approach allows you to literally treat your new role just as the others.
you can use
<authentication>employee</authentication>
in page descriptors or
<item type="link" permission="employee" id="people">/people-finder</item>
on the navigation.
Just checking whether the user is in a certain group in a certain webscript is a whole diffrent story and does not provide the same functionality.
If what you want is the latter, you should make a call to
/alfresco/service/api/groups/{shortName}
miss
and works through the response.
Update: The item permission attribute requires a little more tweaking.
In header.get.js, propagate the new role to it gets processed properly in header.inc.ftl:
model.permissions =
{
guest: user.isGuest,
admin: user.isAdmin,
employee : user.isEmployee
};
you could try (in JavaScript I managed something like) this:
user = Application.getCurrentUser(context);
String userName = user.getUserName();
user.isAdmin() >>> result return true if user logining is admin
or in JSP:
#{NavigationBean.currentUser.admin == true}
Sorry, i noticed now you was talking about Surf Platform root objects, but the link you put there, is deprecated for Alfresco versions above 3.3. You still use something so old?
If you manage to use JavaScript API's you could use "person" root object, with boolean isAdmin().
Previously I used a database initializer to seed or pre-populate my tables when creating them using Code First. This all worked great but I wanted to move on to using the EF 4.3 migrations.
I updated to EF 4.3 in my project and removed the database initializer code and put it within the Seed method on the migrations Configuration.cs file. This is all working ok for me for prepopulating my tables except for when I want to seed a default user into my user table.
I use the following code within my Seed method: (currently this doesn't use the AddOrUpdate code as I'm not sure how to use that for this situation - hence the username check)
// create default User
MembershipCreateStatus status = new MembershipCreateStatus();
User admin = context.Users.Find("TestGuy");
if (admin == null)
{
Membership.CreateUser("TestGuy", "TestGuy123", "testguy#test.com");
if (status == MembershipCreateStatus.Success)
{
admin.Firstname = "Test";
admin.Surname = "Guy";
admin.DateLastActivity = DateTime.Now;
admin.LastActivityRoute = "/Home/Index";
Role adminRole = context.Roles.Find("Administrator");
admin.Roles = new List<Role>();
admin.Roles.Add(adminRole);
}
}
When I try and run Update-Database I get this error:
The password-answer supplied is invalid.
I think this is just down to how I call the CreateUser but I can't seem to work out how to get around this bug. I've tried putting in just nulls for the security question and answer but that doesn't seem to work.
Has anyone an example of seeding a user using the 'AddOrUpdate' option?
EDIT 1:
As per one of the comments below, I am using Altairis Security Toolkit to manage my membership. My web.config is setup as follows:
<membership defaultProvider="TableMembershipProvider">
<providers>
<clear />
<add name="TableMembershipProvider" type="Altairis.Web.Security.TableMembershipProvider, Altairis.Web.Security" connectionStringName="DataContext" minRequiredPasswordLength="8" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" minRequiredNonAlphanumericCharacters="0" passwordStrengthRegularExpression="" />
</providers>
</membership>
EDIT 2:
I have also put this as an open ticket on the Altairis forum.
http://altairiswebsecurity.codeplex.com/workitem/32273
EDIT 3:
To get this working without any error I had to setup my code as follows:
// create default User
MembershipCreateStatus status = new MembershipCreateStatus();
User admin = context.Users.Find("TestGuy");
if (admin == null)
{
Membership.CreateUser("TestGuy", "TestGuy123", "testguy#test.com", null, null, true, out status);
if (status == MembershipCreateStatus.Success)
{
admin = context.Users.Find("TestGuy");
admin.Firstname = "Test";
admin.Surname = "Guy";
admin.DateLastActivity = DateTime.Now;
admin.LastActivityRoute = "/Home/Index";
Role adminRole = context.Roles.Find("Administrator");
admin.Roles = new List<Role>();
admin.Roles.Add(adminRole);
}
}
The above will compile now when running Update-Database but no new user is generated. If anyone has suggestions to try that would be great!
Thanks,
Rich
I think your Membership is set to require question and answer. Have you tried putting a check in using "if (Membership.RequiresQuestionAndAnswer)" and see which way it branches.
To Admin: By the way I wanted to post this first as a comment as I was flagged last time when using an answer, but I don't see any option here for adding comments, only answers.
From doing some research on this issue it's become apparent that the user seeding should be created outside the migrations seed logic - at least for now until they make it easier to do!
As a work around I followed the example from this Stackoverflow question (Best way to incrementally seed data in Entity Framework 4.3) to manually make my new user on start up outside of the migrations configuration file.
It's not ideal, at least to me, as all 'startup' data is not in one area but it gets the job done and isn't that difficult to follow.