enter image description here After creating the non-admin user I have set permission for a specific database as well but when I log in with a non-admin user its shows a loading database and doesn't show anything and other nodes also don't get loaded.
I found the explanation here
In CouchDB 3.0.0, the /_all_dbs endpoint became admin-only. This has the side-effect of Fauxton, the “Browser GUI”, not loading properly for non-admin users, as it starts out by reading /_all_dbs.
The release notes have a section that go into the changes.
This is the code change: https://github.com/apache/couchdb/issues/2576
You can get the previous behaviour by setting the config variable [chttpd] admin_only_all_dbs to false, but that allows even unauthenticated users to get a full list of your databases.
Related
Can we disable exporting data from the user interface actions in Kentico Managing form data?
Regards,
SA
Try setting the ShowObjectMenu property of the UniGrid to false. Detailed documentation available here.
The UniGrid definition should be the one found in this file (can't verify it as I currently don't have access to a Kentico instance): CMSModules\BizForms\Controls\BizFormEditData.ascx
Not all objects, pages, etc have the permissions available/coded to allow this restriction that I'm aware of within the user interface. Take a look at the post I wrote on restricting download/export of anything out of Kentico.
Short story is you set the permissions at the IIS level on /CMS/CMSSiteUtils/Export directory to not allow the user running IIS app pool to access that directory. This directory is where all exports, no matter what, get sent to.
Afternoon all,
I've got an issue when trying to change the status of an order (from pending to complete etc...) in the admin section.
A warning appears saying
Warning: You do not have permission to access the API!
if i have add my IP to the API IP address section it's working fine
the fields are all in red and the continue button doesn't work.
A similar thing happens if I view an order instead and try to add a new status to the order history.
I've seen this problem mentioned a few times in other posts but, afaik, without any satisfactory answer.
I'm using Opencart 2.0.3.1 and I'm logged in as an administrator and the administrator user group has all Access and Modify permissions enabled.
There is the default API user set up in System > Users > API and I also added (and then removed) another one but I was not sure what to do once I had created a new API user with a username and generated password.
There are no other problems on the site but, despite trying just about all the suggestions in the other forum posts, I can't edit the existing orders from the admin section.
Check this page out with a list of fixes for this issue: http://www.randemsystems.com/support/opencart/api-problems-what-you-need-to-know/msg6218/#msg6218
As far as I know, this issue is resolved in OC v2.1x onwards
The problem is that you need an API user with a valid IP address.
Go to System > Users > API.
Either modify the Default API by adding your IP address in the second tab, or just create a new API.
After that you should make sure the API is selected in System > Settings > Edit > Option > API User.
Click save, refresh and try adding order history again.
I tried the same thing and didn’t have permission to access the API when attempting to add order history. Follow the steps and it should work for you, as it worked for me.
I know it's late, but after trying everything and not getting it working, I deleted everything here /system/storage/cache. It solved the problem.
It works perfect for me .
1- Open index.php file of root directory
2- add the following after define('version',x.x.x.x);
if ($_SERVER["HTTP_CF_CONNECTING_IP"])
{
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
I have a broken site ATM and the theme layout is stuffed, I need to get to the dashboard by entering the direct link, does anyone have a sample that I can use.
Forced an update of the engine to the lastest version, and found that I needed to make changes to the user roles and configuration, made the changes in the database and got it working. What I found is that the user now needs to be part of a role, in the database made the change to the user giving them role ID of 1, this allowed me to go to the \admin page to get to the dashboard, from there I could reset to a default theme and get the site back up and running again
Currently I develop a database for another employee at my company. I have Manager Rights at the database to access everything. The administrator of the database should only be able to create/edit/delete documents. He currently got Editor-Access with selected "delete documents"-option. When he wants to delete a document on the database (i tried it with Simple Actions or with Javascript Code-both don't work) he gets redirected to the same page and nothing happens or with Simple Actions the Server-Login page shows up with the message "You don't have the permission to perform this action".
When im testing the functions with my manager access everything works fine. But when i'm changing my rank to Editor like the normal administrator of the database i also can't delete any documents. Like i already said the option in the ACL is activated.
I hope you can understand my problem and there is a solution for it. Normally that access right works fine on every other database at our company.
Another point: There are no Reader or Editor fields in the Documents. So there is no restriction with fields. Could this be the problem?
Check to see if there is some code in the QueryDocumentDelete event for the database. Perhaps that is failing and / or preventing you from deleting.
Given that you mention redirecting and server login, I presume it's a web enabled database?
In which case have you tried looking at the ACL (Access Control List) for the problem database and clicking the Advanced tab.
In there is a field Maximum Internet name and password, this is the maximum access allowed for internet users. If it's not editor, this could be the problem?
Try deleting with ?DeleteDocument URL. That way it will for sure not try to do anything else.
Check the user's access level at server with Database.getCurrentAccessLevel() and Database.queryAccessPrivileges(String name)
After the great suggestions of you all the problem was the checkbox "Allow document locking" at the database properties was enabled. That caused the problems at deleting documents. As Manager is have enough rights to go over that but for the normal Administrator with Editor Access the deletion request got blocked by the little option.
Thanks to everyone!
I`v developed custom webpart. I can add it to page and site owners can view page with no problems.
However Site visitors/users get redirected to access denied error page. Sure, I must be doing some stuff normal users are not allowed to.
But the thing that bugs me is that when I place breakpoint in webpart constructor or even variable declaration it won't get hit! (If i try to view page with limited privileges). But in my browser, I get the access denied page. However, if I close that webpart, I instantly have access to that page and everything is OK.
What's the catch here? I was hoping I could catch exception with debugger to see which statement is guilty one, but it seems webpart doesn't execute any code and I get that exception.
Edit: Sorry, turns out debugger now hits those breakpoints. Don't know what changed, because symbols were loaded.
What is the trust level at your Sharepoint site ? You might want to give Fulltrust temporarily to see if you have any access problems.
If yes, then you might have a Code Access Security (CAS) problem on your hands. My first instinct is that your assembly does not have neccessary privilages to run correctly for normal users.
You can configure it using custom CAS entry in the manifest.xml for the webpart, e.g. if you are calling external resources then you might have to configure System.New.WebPermission and define which url you are allowed to access. You can find more info on this at the U2U site.
Also what does your webpart do ? If you are trying to access resources which normal users don't have access to (e.g. a list in some site) then you have to use the SPSecurity.RunWithElevatedPrivilages method, so that you have the neccessary privilages (be careful to create new Site instance within that method so that the Context populates correctly).
Found the solution.
Turns out that i wanned to determine if user belongs to a specific group by trying to access that group users. As this was impossible if a user doesn't have such a permissions, it was throwing some kind of internal exception with message
"Unable to evaluate expression because
the code is optimized or a native
frame is on top of the call stack."
Anyways, i now learned to loop through SPUser.Groups (SPGroupCollection) and check if we have a matching group rather than enumerating group principals and seeing if he's inside.
You need to give permission(update personal webpart) to the visitor group. However, it is not recommended. If you want you can create a separate permission level and associate it with the visitors group.
Cheers!!