Situation:
I have two documents: doc_parent (has access fields) and doc_file(public doc).
doc_file has field "parent_unid"( with unid of doc_parent ) and field "$file" with attachment "file_name.doc"
User get attachment by link looks like: http://server/base/view/doc_file_unid/$file/file_name.docx.
I it possible to check current user access to doc_parent, when he makes this request?
You can't do it while directly accessing the $file object. You would have to have the access to the file go through an agent via a URL that looks something like this:
http://server/base/checkAccessAndRetriveFile?OpenAgent&fileunid=doc_file_unid/&filename=file_name.docx
And then you would have to write the agent and check the access fiends in doc_parent.
There is nothing built-in that you can rely on.
On the other hand, you could just have those access fields exist in both doc_parent and doc_file, and then none of this would be necessary.
Related
I am creating a Workflow to send out some emails when a particular type of content is created. This type of content has a ContentPicker field that contains another piece of content. I use the "Content Created" event to initiate the Workflow and I attach a "Send Email" activity to it. In the body of the email I can get the values of the properties of the newly created content with wildcards like {Content.Fields.Registration.Name}.
Can I access the properties of the nested item doing something like this: {Content.Fields.Registration.Course.Fields.Course.Name}?
EDIT: It's not always possible to access these properties on content creation since saving an item without publishing it doesn't actually store all the necessary records. For my purposes I had to change the initiation of the Workflow to a Content Published event.
I figured it out, should have messed around more.
{Content.Fields.Registration.Course.Content.Fields.Course.*} allowed me to access the properties I wanted.
I followed this link enabling me to setup a hotspot in a richtext field - works like charm.
http://ozinisle.blogspot.de/2010/11/lotusscript-code-to-append-hotspot-to.html
Only problem is, as the user(s) usually do(es) not have deletion rights, the document created by the import stays stored in the database. In LotusScript e.g. I can create a new temporary document and work with it, and if I'm not saving it, it just disappears at the end of the function.
Is there a similar way or parameter for DXL import which allows me to just drop the document after I got my rtitem?
Alternatively, can someone point out to me if it is possible to create only the temporary richtext item in/on a document I created as tempdoc via LotusScript?
My search on the web did not get any results and my tries to reduce the linked function always resulted in the error 4518 (which is described in the help document of "DXLImporter"); if I read the help right, the DXLImporter only supports the db as valid output (thus expecting documents being created via DXL).
I don't see a way to import DXL without creating a document.
The easiest solution is to create the temporary document in users "cache.ndk". The user has definitely the right to delete documents there. So, you'd replace the line "Set db = session.CurrentDatabase" in code you linked to with
Set db = session.Getdatabase("", "cache.ndk", false)
The rest of the code would stay the same.
As an alternative, use the more classic approach running an agent on server to delete the temporary document. Create an agent which deletes the document, set property "Run on behalf of" to someone who is allowed to delete documents in database and call the agent from your script with
agent.RunOnServer(noteID)
I'd like to "hide" certain documents from certain users in all places where lists are displayed. That is, the list of documents will be different for different users. For example, for user1 I want to hide documents containing "abc" and for user2 I want to hide documents containing "def".
Is there a SharePoint web part (or something) that I can deploy which will execute some code that can filter the list for all of the sites? Ideally, this "solution" would take as input a list and a username, and would return a subset of the list. And SharePoint would only display the filtered list. Also, for performance reasons, the input should not be the entire set of documents in the list, but rather just those that are displayed.
Also, I understand that one possible way to accomplish this is via permissions on the documents. Unfortunately, permissions is not something I can take advantage of as the documents have to be, in essence, public.
Also, to be clear, I am not asking about what the code should like like that does the filtering (although examples might be helpful), but rather if there exists a mechanism to accomplish the type of filtering I need.
Thanks for your help,
Eric
the best solution is absolutely permissions but if you cant use it, you can use audience targeting. go to your document library settings and enable audience targeting. after enabling, you will have audience target field in your documents.
you can have more info about audience targetting here http://technet.microsoft.com/en-us/library/cc261958.aspx
if this is not what you are looking for, you can create custom views on your library and create filters by using [Me] parameter for current user. e.g. you can create a multiple user field and write the names of people you dont want to see that document. after that you can create a view with a filter [Me] is not on that field. But you can not deny users access to document if he has permission on the document and knows the url of document.
I'm new to the Zend Framework and I have a problem to create an edit form with the Zend_Form.
My problem is that I need to store the entry ID during editing, I've seen some examples that are using a hidden form field, but a hidden field can be manipulated by a user.
So: how can I set a form field which gets populated by $form->populate($data); and is available after submiting the request but is not editabel/visible to the user in any way?
Thanks for any help!
I'm not sure if there's really a point in trying to hide the value.
Consider the following:
To display the correct editor form, you need the ID of the object that is to be edited.
Before allowing the user to edit a certain ID, you would check if the user can edit it or not.
Thus, if you put the ID in the form, it shouldn't really matter:
When you POST the edit form, you should again check that the user can still edit the ID.
If the user changes the hidden ID, it doesn't really matter. They could still go and edit the other ID by finding it on the site. (This is assuming your check didn't tell you the user does not have access)
what kind of data you wanna hide?
data should be in post or get.if you dont put your data in your form,then you will have to use GET which is less secure than POST.
If you have some data and you dont want the user to see those data,then you should not put those data in a form.you can store and retrieve hidden data using forms submitted values.lets suppose your hidden field is users password.you dont need to send password back to the client when client is editing the form.you can manipulate password in your controller according to the user`s submitted first name and last name.
If you still insist, you may wanna try encrypting data using ZF and echo ing your value and setting encrypted data into a hidden form element.
Zend_Form generates an HTML form element with the form elements you specify. So its element capabilities are narrowed to a simple HTML form.
The hidden form element is used to pass those data that the user is not supposed to enter by hand. But as you yourself said it, there is no guaranty it could not be tampered. so no security is provided by using a hidden form value.
Most of times you'd better use server side values (like stored in sessions) to reference to values that are to be protected from user.
I suggest you keep the ID in a session value, and then you could use the session key in the hidden form field. this way the user can not change the target ID. However you are not able to use the $form->populate($values) on this in one step. you would have to set the target value with other steps:
fetch data from the session
set the form element value with the fetched data
I have created a custom User profile template and object in the core database in Sitecore (as per the Security API Cookbook).
I can select this programmatically (as per the Security API Cookbook) so that my extranet users have an extended profile, that covers all the usual suspects (Address, phone, email format etc.)
However, where is this data stored? And how do I access it if I want to query the database to return a subset of users based on this profile data.
A typical requirement for an extranet member system is to extract a list of users to contact either in an email or a phone type campaign. Can this be done with the Sitecore membership system?
UPDATE>
I'm going to take a guess and say the profile data is stored in aspnet_Profile.PropertyValuesBinary .. which would make it nigh on impossible to query and not suited to my purpose. That is unfortunate. So to extend my question, if that is the case, is it possible to get Sitecore to store those values in the text field so they are searchable?
The standard Microsoft implementation of the SqlProfileProvider (which is used in Sitecore by default) stores the user profile information in the aspnet_Profile table. All the properties are serialized into the PropertyNames / PropertyValuesString columns. The PropertyValuesBinary is used to store the binary data (images). You can find more details if you look at the code of System.Web.Profile.SqlProfileProvider, SetPropertyValues method.
Next, all the custom properties you define in the user profile, are serialized to the SerializedData property of the Profile class, and it is again serialized to the PropertyNames / PropertyValuesString columns like any other property.
Also, couple of properties are stored in aspnet_Membership table (for some reason) - Email and Comment.
So, if you are going to query the users by Email, you can use FindUsersByEmail method of MembershipProvider. Otherwise, if you plan to filter by another property value, I suppose, you'll have to get all users and filter the obtained collection.
Hope this helps.
I faced this exact problem last week, didn't come up with a permanent solution, but to solve my particular issue, I wrote a little helper page and added it as a Sitecore application to be accessed from the CMS interface. All it did was query all users, and determine if they had any of like 5-6 profile properties assigned.
var userList = Sitecore.Security.Accounts.UserManager.GetUsers();
That is the relevant line to grab the users, it returns Sitecore.Common.IFilterable
So if you need to do something where you're grabbing profile info from all users, you cn do something like this:
foreach (Sitecore.Security.Accounts.User user in userList)
{
Sitecore.Security.UserProfile profile = user.Profile;
string whatever = profile["Whatever"];
//add whatever to a list or something
}
This worked out very well for my purposes, but I don't know how feasible it will be in your situation.