I am using Drupal 7 with an AMFPHP service and want to list the contents of a custom field select list.
I have been trying to use field_info_field($field_name) but keep getting access denied for user admin.
I can't find the permissions anywhere that would allow me to access this. I can get nodes fine:
user_access("node content") and have tried all other permissions listed in the role_permission table. All permissions have been granted for the user admin...
Any ideas?
Related
I want to automatize creating users and adding permissisons. Is it possible in grafana, to dynamicaly adds permission to user based on AD group?
Lets say user inputs his data including AD group he is in, and the app will create folder, and sets read/edit permissions only to users that are in AD group (that can be any group )?
I know you can set viewer/editor/admin roles to people based on AD group in config file, but is it possible to do so dynamicaly, with their http api?
You can set permissions for folders and permissions for dashboards using the Grafana HTTP API:
Folder Permissions API
Dashboard Permissions API
The logic, what permission should be set for which user, needs to be determined in your code (e.g. based on the user input you mentioned) before making the request.
I'm working with Shopware.
I've added a new attribute "proxy" to the s_core_auth table for each user in order to show the ability to get access to the Customer Module in the backend, so that if a user is not selected as "proxy" he/she won't be able to make changes in that module.
I need help to understand what I need to write in my plugin's code (maybe having only a Subscriber file.)
I'll be very grateful!
Adding a custom column to the s_core_auth table is not a good idea. What you're trying to achieve can be done with user groups and group rights. From the Shopware Documentation:
With User administration you are able to create new users in the backend and control access rights to areas, modules and plugins in accordance with certain group policies that you define per ACL (Access Control List). Within the ACL you have the possibility to control precisely which user is able to perform which activity. Thus, it is possible to assign certain reader rights to an administration group without granting them authorization to edit or delete.
You can find instructions for User administration inside the Documentation.
I have a small question related to granting access to multiple sites in Sitecore 7.5.
Let's say I have a website named as website_1 and another website named as website_2 in my Sitecore environment. Now I have created two roles. One role named as r_website_1 gives access to website_1 and another role r_website_2 gives access to website_2.
In r_website_1, only access to website_1 is granted and access to website_2 is denied. The same goes for r_website_2 but for
website_2.
Now I want to give read and write access to user_1 for both websites. What I did was went to User Manager>user_1>Edit>Member Of and then assigned both roles.
What I noticed that the user_1 only gets access to one website. it seems that both roles are countering each another. For example, the denied permission for website_2 in r_website_1 is conflicting with allowed permission for website_2 in r_website_2.
May I know what's the fix for this problem?
Thanks in advance,
Vaibhav
Deny permission always has priority. You cannot remove by simply adding another role with allow access rights.
Instead of using deny you should break the inheritance of chosen access right for the role1 for site2 and similarly for the role2 for site1.
Here is a quote from Sitecore Administrator Security Cookbook:
We recommend that you use inheritance whenever possible to limit the access that roles have to the items in Sitecore. Using inheritance instead of directly denying access rights to items makes it easier to manage the security system.
And you can read about breaking inheritance of access rights in Assign access rights to a security account document.
I'm using Typo3 6.2 and I have added a user account (backend user). When I now login with this new user I get the error message "no module found". When I login again with my admin account everything is fine. How can I fix this?
You have probably created an unprivileged user (editor). You need to explicitely give users access to
Backend modules
Subtrees of the page tree
Folders
Tables
and so on.
To do that, you usually create a backend user group, set the permissions for this group, and assign it to the user.
You can create the group either on the root page (id 0) as record or in the user management module, where you assign the groups to users.
There are two functionalities two make pages visible for users/groups:
You need to add the root of the subtree a groups should be able to use to the group as a mount point.
You need to give the group the right to view/edit/delete/update the pages. You can do that as admin in the "Access"-module. It's similar to the Unix owner/group concept.
I'm trying to specify permissions on documents in a MarkLogic 6 database using the rest api.
This is the permissions metadata I'm sending in (permissions.xml):
<rapi:metadata xmlns:rapi="http://marklogic.com/rest-api"
xmlns:prop="http://marklogic.com/xdmp/property">
<rapi:permissions>
<rapi:permission>
<rapi:role-name>arole</rapi:role-name>
<rapi:capability>update</rapi:capability>
</rapi:permission>
<rapi:permission>
<rapi:role-name>brole</rapi:role-name>
<rapi:capability>read</rapi:capability>
</rapi:permission>
</rapi:permissions>
</rapi:metadata>
using this command:
curl --anyauth --user user:pass -X PUT -T permissions.xml \
-H "Content-type: application/xml" \
"http://localhost:8003/v1/documents?uri=/test/test.xml&category=permissions"
When I look at the permissions afterwards, I see:
arole (update)
brole (read)
rest-reader (read)
rest-writer (update)
I expect it to only have the permissions for arole and brole.
The documentation says, "If no permissions are explicitly set, documents you create with the MarkLogic REST API have a read permission for the rest-reader role and an update permission for the rest-writer role." (And yes, I know, this example doesn't create a new document. But it does the same thing if I add a new document and set permissions at the same time using a multipart content+metadata message through the rest api).
Setting permissions via the direct xquery calls (ex. xdmp:document-insert with permissions) using the same user and database works as expected.
How can I keep the rest api from adding these extra permissions?
EDIT:
There's a ticket in with MarkLogic, no target date or version that I know of yet.
In case someone else runs into this, they did give me a workaround: Create new roles (or change existing ones), and give them rest-reader and/or rest-writer 'execute' privileges instead of having them inherit the rest-reader/rest-writer roles, or having a user directly assigned the rest-reader/rest-writer roles.
The internal function docmodupd:write-permissions always combines the input permissions with the output from xdmp:default-permissions. It does that to ensure that rest-reader can read the document, and rest-writer can update it. As far as I can tell there is no API to control this behavior.
If you have a strong use-case for omitting those extra permissions, contact support.
The easiest way to accomplish access via REST but NOT universal access to documents is to create custom roles that you can assign to users in place of the built-in roles. Add default read/write permissions to that role if desired (so that you don't have to specify the permissions on every document insert), along with the REST execute privilege(s) that you want the role to have (http://marklogic.com/xdmp/privileges/rest-writer, http://marklogic.com/xdmp/privileges/rest-reader). Don't assign the rest-reader or rest-writer built-in role to the custom role, just the execute privilege(s).
The custom roles will then be able to use all of the REST endpoints, but will NOT have universal access to all documents created via the REST interface. Searches and document GET requests will return only documents that the custom role has access to, and they won't be able to modify documents that their role does not have update permissions on.