Is there any way to allow user to get access of stream URLs and embed code of only one application and restrict access to other applications?
Yes, you can restrict your specific user. You just need to create a user according to below CURL command or Ant Media Server Dashboard Users section in Settings tab.
curl -X POST -H "Content-Type: application/json" -d '{"email": "test", "password": "testtest", "scope": "system", "userType": "ADMIN"}' "https://{YOUR_SERVER_ADDRESS}:5443/rest/v2/users"
Note: scope parameter can be system or specific application name such as LiveApp. If you use LiveApp, user will have permission only for LiveApp. system can access each application scope.
userType parameter can be ADMIN, USER or READ-ONLY.
Check this guide for more detail.
Related
I am new to CouchDB, as I am learning it for the first time which is required in our upcoming project so while learning CouchDB I want to create a non-admin user who will have limited access to a database
Check the doc here where the Authentication Database is described.
It is required to create a doc in the _users database
curl -X PUT http://<host>:5984/_users/org.couchdb.user:new-user \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"name": "new-user", "password": "apple", "roles": [], "type": "user"}'
Here it is described the authorization mechanism. Each DB allows to roles, admin or member. A member can read and write content in a DB whereas an admin has the privileges of members plus the privileges: write (and edit) design documents, add/remove database admins and members and set the database revisions limit. They can not create a database nor delete a database.
I am having problems with CouchDB 3.1.0 on Windows. I have installed it, during the installation created a admin user (admin:admin) and then created a user as the documentation states:
$ curl -X PUT http://admin:admin#localhost:5984/_users/org.couchdb.user:jan \
> -H "Accept: application/json" \
> -H "Content-Type: application/json" \
> -d '{"name": "jan", "password": "apple", "roles": [], "type": "user"}'
{"ok":true,"id":"org.couchdb.user:jan","rev":"1-fd5a90118f51fb895d594f2fdfa9b12f"}
Fine. Now let me get the user doc:
$ curl -X GET http://jan:apple#localhost:5984/_users/org.couchdb.user:jan
{"error":"forbidden","reason":"You are not allowed to access this db."}
What am I doing wrong? What did I miss?
It did work in CouchDB 2.3, surely.
Thanks.
The documentation for CouchDB 3.x is unfortunately out of date. As of today, the Authentication Database section in the security documentation states:
Users may only access (GET /_users/org.couchdb.user:Jan) or modify
(PUT /_users/org.couchdb.user:Jan) documents that they own
However, it does not state that users by default do not have access to any documents in the _users database.
In order to allow access, one must first change the users_db_security_editable flag to true in the settings, and then clear the members -> roles list in the _users security object. This list has _admin in it by default. Alternatively, you could add a role to your users and add that role to the members -> roles instead.
Note that this will allow users read and write access to their user document.
There is an open Github issue to amend the documentation.
Other sources:
https://github.com/apache/couchdb/issues/2881
https://github.com/apache/couchdb/issues/2730
I'm trying to make a GitHub App that can view the private repositories and members of my organization that it's installed on. It has read access to "checks, members and metadata" on the installed apps page of the organization.
I can use the request curl -i -H "Authorization: token {token}" -H "Accept: application/vnd.github.machine-man-preview+json" https://api.github.com/installation/repositories to list the repositories and that seems to work, although I don't have private repositories on it right now to verify, but it does list the public ones.
However I can't seem to find an endpoint that lists the organization's private members for the installation, which is what I'm authenticated as. https://api.github.com/orgs/{org}/members shows just the public members of my organization, and if I try /members/{private member} I get a 302, which means my app is not a member of the organization. What am I doing wrong?
The access will be granted to user who is registered with the specific organization and similarly the application needs to have scope to access.
Refer scope in Organization Settings->Developer Settings-> Personal Access Tokens
Please find the reference below which are tested GITHUB APIs, please change the endpoint urls as per below suggestions.
Note: replace <> with your appropriate email, org details accordingly.
For accessing all the members(public & private):
curl -u "<user email address>" https://api.github.com/orgs/<organization name>/members
For accessing all the repos(public & private):
curl -u "<user email address>" https://api.github.com/orgs/<organization name>/repos?type=all
I'm working on a CouchDB backend that will exist as a central store for a React app using PouchDB. Reading the docs on the security section: http://docs.couchdb.org/en/2.1.1/intro/security.html, one does not need an admin account or a user account of any kind to create user records. Now, they wouldn't be able to create any documents, as I have admin party disabled. But I also don't want an open API end point to allow just anyone to write data. Is there a way for me to restrict this?
I've tried to see if I could setup a security document like so:
curl -X PUT http://admin:admin#localhost:5984/_users/_security -d '{"admins":{"names":[],"roles":[]},"members":{"names":[],"roles":[]}}'
But I'm still able to add users:
curl -X PUT http://localhost:5984/_users/org.couchdb.user:abc1 -d '{"name":"abc1", "password":"abc1", "roles":[], "type":"user"}'
Is there something I can change so I cannot do a put request to the couchdb.users namespace without admin credentials?
You are setting no admins or users in your security document and a database with no members allows any user to write regular documents, same as default behaviour.
Try to set your server's admin as _users database admin, i.e. change the security document to -d '{"admins": { "names": ["admin"], "roles": [] }, "members": { "names": [], "roles": [] }}' or even better create an admin role and assign it to a separate CouchDB user for more granular control.
I want to setup webhook to the server.
I am guided by this instruction (and several other): https://developer.autodesk.com/en/docs/webhooks/v1/tutorials/create-a-hook/
Every time I get the same error: Access denied for the scope urn:adsk.wipprod:fs.folder:co.cT9kz1IxRZy5rgSCupQ3vg that you are trying to create hook on
Please check the call:
curl -X 'POST' -v 'https://developer.api.autodesk.com/webhooks/v1/systems/data/events/dm.version.added/hooks' -H 'Content-Type: application/json' -H 'authorization: Bearer '$1 -d '{
"callbackUrl": "***",
"scope": {
"folder": "urn:adsk.wipprod:fs.folder:co.cT9kz1IxRZy5rgSCupQ3vg"
},
"hookAttribute": {
"projectId": "***"
}
}'
*** - was hidden.
Call structure is similar to example in documentation.
Folder exist. I will be glad receive any ideas.
From the description, I believe this can be one of 2 possible issues:
the 3-legged token you're using don't have access to this folder. Note the Webhook is created and stored per user per app, so the user (Autodesk Account that is logged in) need to have access to this folder.
the access token is missing the data:read data:write scopes required for webhooks.
Can you check this and share the results? Maybe add more details on your 3-legged and make sure the user can see the folder (e.g. list files on it with the access token).