MoinMoin acl on a page doesnt work - moinmoin

In wikiconfig.py I have
acl_rights_before = u"Adminuser:read,write,delete,revert,admin +ReaderGroup:read +EditorGroup:read,write,delete,revert"
acl_rights_default = u"All:"
But I have some pages, that I want to make unreadable to anyone expect EditorGroup.
I was trying to make that with on page acl line :
#acl EditorGroup:read,write,revert,delete ReaderGroup:
but users, who are members of ReaderGroup still can access that page....
Can anyone tell me, where I am doing a mistake?
Thanks.

The rights defined in acl_rights_before cannot be overwritten, thus whoever has rights defined in acl_rights_before will have it regardless of what is defined later.
If you want to be able to overwrite the rights for some group or user in the #acl-directive of the page, the right has to be defined in acl_rights_default.
Moving the rights to acl_rights_default in wikiconfig.py
acl_rights_default = u"Adminuser:read,write,delete,revert,admin ReaderGroup:read EditorGroup:read,write,delete,revert All:"
and on the page remove all rights for the ReaderGroup and keep the rest "Default":
#acl ReaderGroup: Default
if you have other groups it seems easier to me to just define the rights for the EditorGroup explicitly on the page (all others, except acl_rights_before will be overwritten)
#acl EditorGroup:read,write,delete,revert

Related

Renaming Github account name while already a team member

I have two accounts: account_1 and account_2 with two different e-mails, mail_1 and mail_2, respectively (both the accounts are backed-up, there is no concern of work loss).
I am a part of Team_X with account_1 and mail_1, but I am told to be a part of Team_X with account_2 & mail_2.
Does, renaming account_1 to account_old and renaming account_2 to account_1 suffice the requirement?
Or, do I have to additionally change my primary mail address from mail_1 to mail_2 too?
Or, are there any other steps that you can perform?
The best way would be ask the Team manager or concerned person to remove your old account from Team_X and add new new one. This will impact your work and commit history, You new user id will be shown for new commits.
another better way would be just remove your mail_1 from account_1 and mail_2 from account_2 and attach the mail_2 to account_1. Now you can change your username from account_1 to account_2.
There are repercussion of doing these things.
Like After changing your username, your old username becomes available
for anyone else to claim. If the new owner of your old username creates a repository
with the same name as your repository, that will override the redirect
entry and your redirect will stop working.
So deal it with precautions.

Remove-AzureAdUserExtension actual result

In Azure AAD, I want to use Powershell to clear the value for a user's extension attribute named "employeeId". When I try to Set-AzureAdUserExtension to $null or "", it gives a binding error. Will Remove-AzureAdUserExtension do this? All the help files, docs and internet searches about this command say that it "Removes a user extension from Azure Active Directory". I'm pretty sure that means it will clear the attribute value for one user, as I want. But I'm afraid it might try to remove the user extension attribute from the schema, which is absolutely what I don't want.
Please help me confirm this command's effect before I blow up my customer's directory.
It will just remove the attribute value for one user, rather than remove the user extension attribute from the schema, feel free to use it.
Test sample:
Get-AzureADUserExtension -ObjectId <user-object-id>
Remove-AzureADUserExtension -ObjectId <user-object-id> -ExtensionName employeeId

Understanding Moodle $context

From Moodle doc:
A context is a space in Moodle where roles can be assigned.
I understand that a context is a logical space used to manage Moodle objects.
I developed a custom block plugin with a file upload where I use file_prepare_draft_area andfile_save_draft_area_files functions.There is a $context parameter that must be passed and I am don't really know what context should I pass ?
This mean, I guess, in which logical space should I put my block plugin uploaded files ?
In my opinion, the most logical would be store the uploaded files in a context related to my block plugin.
I tried to use context_block::instance($instanceid) but I don't know how to get $instanceid param.
Which context should I use in this case?
How to get it?
The types of context are as follows:
System
Course category
Course
Activity module
Block
User
The hierarchy of contexts are:
System => Course category => Course => Activity module
Block contexts can appear within courses or within the 'site' course.
User contexts are outside of courses.
If you want the files tied to a specific instance of the block (e.g. so they are deleted automatically when the block is deleted and you can keep the files from different instances of the block separate), then you should use the block context (but you'll have to pass the instanceid of the block to the sub-pages in order to use this to get the context:
$context = context_block::instance($blockinstanceid);
If you want the files tied to the course - so all instances of the block in the course share the same file space and the files are only deleted when the whole course is deleted, then use the course context (pass the courseid into the subpages, as a param, then use:
$context = context_course::instance($courseid);
If, however, you want to share that file area across all blocks on the site, then the system context is what you want:
$context = context_system();
There is also a piece of (old?) documentation for reference - see par. "13.2. Moodle's Roles and Permissions System".
(I also found Russian translation of that paragraph, maybe useful for someone.)

Get security for folder (s) in iManage with c#

I know how to get security attributes for items in a folder for Imanage. I am looking for some code snippet that gives me security attributes only at the folder level.
The IManFolder type has a Security property that contains both UserACLs and GroupACLs properties for a folder. You can find out existing user and group rights by going through these collections.
As an example, the code snippet below adds the existing user rights from myfolder onto the IManDocument newDoc.
foreach (IManUserACL acl in myfolder.Security.UserACLs)
{
newDoc.Security.UserACLs.Add(acl.User.Name,acl.Right);
}

Create event log entry with powershell and fill in user

I need to create entry to Windows Event Log (e.g. application log). I know how to do all the stuff beside filling in the user who performed the action.
Example:
I need to create a script, that writes some message into application log. I used this tutorial, which worked fine: http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/20/how-to-use-powershell-to-write-to-event-logs.aspx
But I am not able to influence the "user". When adding entry in windows log, it always fills "User: N/A".
Any idea how to pass "user" argument to the "write-eventlog" cmdlet?
Thank you for your help.
Even though (as far as I'm aware) Write-EventLog does not provide an option to write directly to the "User" field, you have two workarounds:
Use built-in standalone exec "EventCreate.exe" (type in eventcreate /? to see the manual)
This one does support providing the username field. I'm not sure, but it may require a password for that user too.
Second workaround would be to pass $env:USERNAME to the "message" field of Write-EventLog. This way you will still obtain the environment's current user.
I hope that helped.