dokuwiki: how can I hide media manager link from non logged in users - dokuwiki

In dokuwiki how can I hide "media manager" link or any other link on the top, from non logged in users?

one way is changing the template like this:
in /lib/tpl/dokuwiki/tpl_header.php:
<?php
if ($INFO['isadmin']) {
tpl_action('recent', 1, 'li'); //recent changes
tpl_action('media', 1, 'li'); //media manager
tpl_action('index', 1, 'li'); //sitemap
}
?>

Not exactly what you're looking for (and maybe a bit late anyway), but here's a way to disable the Media Manager link for all (including logged-in) users:
go to admin panel, Configuration Settings;
search for Disable DokuWiki actions (option name: disableactions);
in Other actions, add keyword media (see reference here).
Note that this will hide the link for everyone, but users with writing access can still launch the media manager by clicking on corresponding button when editing pages.

If no user is logged, $INFO["userinfo"] is empty
in /lib/tpl/dokuwiki/tpl_header.php
replace
tpl_toolsevent('sitetools', array(
tpl_action('recent', true, 'li', true),
tpl_action('media', true, 'li', true),
tpl_action('index', true, 'li', true)
));
with
if(!empty($INFO["userinfo"])) {
tpl_toolsevent('sitetools', array(
tpl_action('recent', true, 'li', true),
tpl_action('media', true, 'li', true),
tpl_action('index', true, 'li', true)
));
}

My solution with "grebo"
find inc/Action/Media.php
edit method tplContent():
public function tplContent() {
global $INFO;
if ( empty($INFO['userinfo']) ) {
echo "<p>No way</p>";
return;
}
tpl_media();
}
So only users - but not anonymous - can see media manager.

Create a plugin. Let's assume the plugin name is nositetoolsanon, so you need to create a file under lib/plugins/nositetoolsanon/action.php.
<?php
if(!defined('DOKU_INC')) die();
class action_plugin_nositetoolsanon extends DokuWiki_Action_Plugin {
public function getInfo(){
return array('date'=>'2017-08-25', 'name'=>'No sitetools for anonymous users', 'author'=>'Phy25');
}
public function register(Doku_Event_Handler $controller) {
$controller->register_hook('TEMPLATE_SITETOOLS_DISPLAY', 'BEFORE', $this, 'action_link');
}
public function action_link(&$event, $param){
global $INFO;
if(empty($INFO["userinfo"])){
// more robust check by ACL: global $ID; if (auth_quickaclcheck($ID) < AUTH_READ)
$event->preventDefault();
}
}
}
This method applies to any template and won't be overwritten by updates.
HINT: If you want to hind namespaces for users who are unable to read, try to set $conf['sneaky_index'] = 1 in the config file, though it may cause issues if deeper namespaces have higher permissions than the ones above.

I had this question myself recently and found the selected answer to be insufficient for me. I'm pretty sure it didn't work because I'm using the Codowik template rather than the default. This is what I came up with using sivann's answer.
I edited /lib/tpl/codowik/tpl_header.php and added this at the top:
<?php
if (!$INFO['isadmin']) {
echo "<script>
var newStyle = document.createElement('Style');
newStyle.innerHTML = '#codowiki_search_ul a {display: none;}';
document.head.appendChild(newStyle);
</script>";
}
?>
It rather hackish, but I don't have time to dive deeper into how the template is implemented, and it works!

I wanted only the sitemap to be visible to visitors and registered users (I use the site as a blog), so only wanted recent changes and media links to be visible to me (administrator).
This is the code I changed in "Greebo", in inc/Menu/SiteMenu.php
protected $types = array(
//'Recent', // comment out stuff not required
//'Media',
'Index' // leave sitemap for spiders
);
// add this function
// remove the "&& $INFO['isadmin']" to allow all logged in users to see options
public function __construct(){
global $INPUT;
global $INFO;
if($INPUT->server->str('REMOTE_USER') && $INFO['isadmin']){
$this->types = array( 'Recent', 'Media', 'Index' );
}
}

My solution will may be hide too much information, but here we go:
Login as admin
Go the management section
Scroll to ACL (Access Control List) Management
Set User/Group „#all“ Permissions to „None“

Related

Drupal Node comment redirection when validation fail

I've been banging my head on this trying to find a solution, searching all around for something that would work, but I got no chance.
I have a "dashboard" where users have a list of event they took part in where they can rate/comment the event. I'ts basically a custom comment form for a node that is not displaying on the node page itself. The user click on an icon in their dashboard next to the event they want to comment, they get to the form, fill it and it returns them back to the dashboard. The return is adding parameters with a custom submit function and using the redirect function to make sure the user return to the proper tab in their dashboard.
function custom_form_alter(&$form, &$form_state, $form_id) {
if ($form_id == 'comment_node_event_form') {
$form['#submit'][] = 'customcomment_form_submit';
}
}
function customcomment_form_submit($form, &$form_state) {
if($form['#form_id']=='comment_node_event_form'){
$pos = strpos($_SERVER['HTTP_REFERER'], 'qt-dashboard');
if ($pos !== FALSE) {
$form_state['redirect'] = array(
'dashboard',
array(
'query' => array(
'qt-dashboard' => '2',
'qt-dashboard_event' => '2',
),));
}else{
$form_state['redirect'] = array(
'dashboard',
array(
'query' => array(
'qt-dashboard' => '2',
'qt-dashboard_event' => '1',
),));
}
}
}
This portion is working as it should and expected. The problem is when form validation fails, it send the comment form error message and form to refill to the node page instead of staying where it is.
I found that if I set the #action with the link where my comment form is, it does send the fail to the proper page
$form['#action']='/rating_comment/'.$form['#node']->vid.'?destination=dashboard&qt-dashboard=2&qt-dashboard_event=2';
But, doing so break the redirect when successfully submitting the form and it doesn't take the parameter in the redirect..it basically send the user directly to dashboard and scrapes the parameter. Now there might be a better solution for form validation fail to stay on the same page and that is pretty much what I am looking for.
Thanks
Looks like this form isn’t in your module - and you’re altering the other module.
Now, when the validate function gets invoked at the end you can check for failure and if there is failure cancel processing/redirect etc.
$form_state['no_redirect'] = FALSE:
Also, you can use the error function to check for errors and if so cancel the rest. This goes inside validate method.
if (form_get_errors()) { return FALSE ; }
// .. Otherwise, process validation
Check out the following
https://drupal.stackexchange.com/questions/170815/is-it-possible-to-stop-a-webform-form-during-submission
https://drupal.stackexchange.com/questions/5861/how-to-redirect-to-a-page-after-submitting-a-form

YII : How to redirect in afterAction under component controller class "CController"

I need your help to resolve my issue. I'm stuck here from approx 3-4 hours.
I made custom roles and permissions to every user. I have executed the code under component controller class's function afterAction. But if user don't have the access of the clicked action then it should be redirect to error page. When i use redirect function it says Cannot modify header information - headers already sent. I will be highly thankful if anyone can help me out. Here is my code
if (isset(yii::app()->user->id)) {
$controller = yii::app()->controller->id;
$action = yii::app()->controller->action->id;
$noAuthControllerAction = array();
$noAuthControllerAction[] = 'site/index';
$controllerAction = $controller . '/' . $action;
if (!in_array($controllerAction, $noAuthControllerAction)) {
$isAllowed = $this->isAllowed($controller, $action);
if (!$isAllowed) {
$this->redirect(array('site/denied'));
}
}
}
parent::afterAction($action);
Always use accessRules() in your controller for roles and permissions for more information see Yii Documentation for authentication and authorization
In your controller
A basic role-based access control looks like this :
array('allow', // allow authenticated owner users to perform the following actions.
'actions' => array('sales', 'export', 'invoice', 'payment'),
'users' => array('#'),
'roles' => array('owner'),
),
A custom expression role-based access control looks like this : (This is what you need)
array('deny', // deny authenticated owner users to perform the following actions if store is not yet selected.
'actions' => array('sales', 'export', 'invoice', 'payment'),
'users' => array('#'),
'roles' => array('owner'),
'deniedCallback' => function() {
Yii::app()->controller->redirect(array('/store/location'));
},
'expression' => '!Yii::app()->user->isStoreSelected()',
),
'expression' is your rule, and if rule is not met then 'deniedCallback' will redirect you to desired 'controller/action' in this case '/store/location'.
Also don't use
$this->redirect(array('site/denied')) for error handling, instead use
throw new CHttpException(401,'Access denied.');
This is the right way to handle errors in Yii. If you want to customize your error page please refer to Error Handling
afterAction runs after action is rendered. This is the cause of your error.
Use beforeAction event for that. Do you know RBAC? RBAC can help you.
http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control
You could use accessControl for limit action uses to roles.

CakePHP - Model validation does not work

again alot of similar questions out there but none of them really help me.
HTML5 form validation seems to be triggering with messages "Please fill in this field" instead of the model validation messages which should be "Please enter the model"
I have a form to add Computers to the database.
Here is my form:
echo $this->Form->create('Computer');
echo $this->Form->input('Computer.model', array('label' => 'Model'));
echo $this->Form->input('Computer.memory', array('label' => 'memory'));
echo $this->Form->input('Computer.hdd', array('label' => 'hdd'));
echo $this->Form->input('Computer.price', array('label' => 'price'));
echo $this->Form->end('Save Computer');
Here is the full controller code with index and add actions
<?php
class ComputersController extends AppController {
public $helpers = array('Html', 'Form', 'Session');
public $components = array('Session');
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add');
}
public function index() {
$this->set('computers', $this->Computer->find('all'));
}
public function add() {
if ($this->request->is('post')) {
if (!empty($this->request->data)) {
$this->Computer->save($this->request->data);
$this->Session->setFlash(__('Your Computer has been saved, or so it seems.....'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Not sure why we got here 1.'));
} else {
$this->Session->setFlash(__('By right, this should be the index page'));
}
}
}
?>
Here's the model
<?php
class Computer extends AppModel {
public $validate = array(
'model' => array(
'Please enter model name'=> array(
'rule'=>'notEmpty',
'message'=>'Please enter model'
)
)
);
}
?>
I read from other forms that triggering the model save function, which I do, will automatically trigger the model validation. How can i get the model validation to work?
Thanks
Kevin
As you were saying, if you have the notEmpty validation in the model, CakePHP adds required="required" on the input attributes. This is handled by the browser, so you see the default Please enter this field message when you try to submit an empty value. An advantage is that if you are using the browser in a different language, the message will be displayed in that language.
If you want to change that message, you can try a solution like the ones from this question. (this is probably not what you want)
If you want to remove that client-side message, you can disable it using novalidate
echo $this->Form->create('Computer', array('novalidate' => 'novalidate'));
This way, the HTML5 required property will be ignored, and you will get the message from the model.
I am not sure if there is a way to tell Cake to use the server-side value on the client.
$this->{Model}->save() returns false if the validation fails, but in your case you're redirecting with a flash message after save function. so first check the form is saving perfectly or not, if perfectly saving then redirect to listing page other wise render your view file with a flash message where you can view the validation messages.
if ($this->Computer->save($this->request->data)) {
$this->Session->setFlash(__('Your Computer has been saved, or so it seems.....'));
return $this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('Unable to save form'));
}
Note: To disable html validation just do
$this->Form->inputDefaults(array(
'required' => false
));
in your view file
Hope this helps you.
Set 'novalidate' => true in options for FormHelper::create()
echo $this->Form->create('Computer', array('novalidate' => true));
For more information, go to http://book.cakephp.org/2.0/en/core-libraries/helpers/form.html

How to add menù section to my WordPress template?

I am pretty new in WordPress blog and I am developing a blog with this template:
http://scorejava.com/wordpress351
As you can see at the top of the page there is a "menù" that only show the page in the site (at this moment: "Home" and "Pagina di esempio").
This menù is showed by the following lines of code into the header.php file:
<?php wp_list_pages('title_li=&depth=1'); ?>
So I think that this is not a true menù but only a list of the statics pages present on my blog.
If, in the administrator dashboard I go to the menù section in the "Position of themes" square say me that: "This theme has no support for menus but it is possible use the personalized menu widget to add every created menu in the sidebar"
So I think that my template have no definied a true menù section on the top (but only a list for the static pages). Can I add a true section where add a true menu? How can I do?
Tnx
Andrea
function dasboard_menu() {
global $menu;
$menu[6] = array( __('Orders'), 'read', 'edit.php?post_type=shop_order', '', 'menu-top menu-top-first menu-icon-orders', 'menu-dashboard', 'none' );
$menu[7] = array( __('Catalogue'), 'read', 'edit.php?post_type=product', '', 'menu-top menu-top-first menu-icon-catalogue', 'menu-dashboard', 'none' );
$menu[8] = array( __('Coupons'), 'read', 'edit.php?post_type=shop_coupon', '', 'menu-top menu-top-first menu-icon-coupon', 'menu-dashboard', 'none' );
}
add_action( 'admin_menu', 'dasboard_sub_menu' );
Your starting point is to register your menus in functions.php. Like this:
register_nav_menus(array(
'main_nav'=>__('Main','mythmeme'),
'footer_nav'=>__('Footer','mythmeme'),)
);
It's all in the codex.
You then just need to call the menu in your header.php (or footer.php):
<nav>
<?php wp_nav_menu(
array('theme_location' => 'main_nav')
); ?>
</nav>
Once registered and called you can you use dashboard > appearance > menu to create and add menus to your theme locations.

Functional testing form with CSRF enabled in Symfony

What is the best way of creating functional tests to test forms with CSRF protection enabled in Symfony?
Currently I have to add the following code before each form submittion:
$form = new sfGuardFormSignin();
$token = $form->getCSRFToken();
$token_name = $form->getCSRFFieldName();
Then I add the $token and $token_name to form parameters like this:
call('/login', 'POST', array (
'signin' =>
array (
'username' => $username,
'password' => $password,
$token_name => $token,
)))
The option suggested in the documentation:
'_with_csrf' => true,
Doesn't work at all.
Is there more simple way to avoid adding token to each form tested manually? Or is there a way to turn off csrf checking when running tests?
The way I've described above is ok when you have to test 1-2 forms but if project contains tens unique forms it becomes a pain.
Of course, you can't use _with_csrf option if you call directly the url.
You must pass from the form page, clicking on the submit button.
Like so:
click('signin', array('signin' => array('username' => $username, 'password' => $password), array('_with_csrf' => true)))
The string 'signin' must be adapted to your form. You can also use a more label-independent string, like 'form#myform input[type="submit"]' instead of 'signin', adapting the id of your form.
As already suggested, you can disapble CSRF for login, it's really useful for forms that modifies data.
I personally don't use functional tests that extensively (probably to my own detriment), but you could always switch the CSRF protection off in your form class for testing purposes.
public function configure ()
$this->disableLocalCSRFProtection();
You can disable csrf protection for all forms just by adding additional compiler pass:
class CsrfProtectionCompilerPass implements CompilerPassInterface
{
/**
* {#inheritdoc}
*/
public function process(ContainerBuilder $container)
{
$env = $container->getParameter('kernel.environment');
if ($env == 'test') {
$container->setParameter('form.type_extension.csrf.enabled', false);
}
}
}
Or You can disable form extension completely by adding to config:
framework:
csrf_protection: false
btw, last solutions works only if You don't have explicitly set form option csrf_protection
I would turn off CSRF for testing environment.
You should get a CSRF token by showing the page including the form.
$browser->get('/login');
$dom = new DOMDocument('1.0', $browser->getResponse()->getCharset());
$dom->loadHTML($browser->getResponse()->getContent());
$domCssSelector = new sfDomCssSelector($dom);
$token = $domCssSelector->matchSingle('input[name="_csrf_token"]')->getNode()->getAttribute('value');