The requested operation ("read" on "Journal Item" (account.move.line)) was rejected because of the following rules:
Purchase User Account Move Line
(Records: BNK1/2020/0089 (BILL/2020/0019) Vendor Payment: BILL/2020/0019 (id=795), User: Administrator (id=2))
That error occur when i click to the created journal entries odoo
Due to security restrictions, you are not allowed to access 'Journal Item' (account.move.line) records.
Related
Original question:
I want to limit the number of users from a particular domain that can register into my Gitlab instance. I noticed that I could set a "user cap", but it wasn't specific to a domain.
For example:
I want to limit the number of users registered from these domains. 20 users from testdomain1.com and 30 users from testdomain2.com are allowed to sign up. So, if there are already 20 users registered sucessfully from testdomain1.com, new user from testdomain1.com will not be allowed to sign up.
What should I do for it?
2021.11.18 Edited:
I added a validate to the User model:
# gitlab/app/models/user.rb
class User < ApplicationRecord
# ...
validate :email_domain, :ensure_user_email_count
# ...
def email_domain
email_domain = /\#.*?$/.match(email)[0]
email_domain
end
def ensure_user_email_count
# select count(*) from users where email like '%#test.com';
if User.where("email LIKE ?", "%#{email_domain}" ).count >= 30
errors.add(email_domain, _('already has 30 registered email.'))
end
end
end
This validate can set "user cap = 30" for each domain but it's still not able to set a "User cap" for a particular domain.
Since the related issue post did not get any response yet. I'm tring to implement it by myself. And it seems like that I need to extend the UI of the Admin Settings page and add some related tables to database to set different "user cap" for different email domain.
The GitLab user cap seems to be per GitLab instance.
So if both your domains are reference the same GitLab instance, you would have only one user cap possible.
But if each of your domain redirects to one autonomous GitLab instance (per domain), then you should be able to set user cap per domain.
The OP Ann Lin has created the issue 345557 to follow that feature request.
TRhe OP reports:
A particular table is needed to store the caps.
But I don’t have enough time now to modify the UI so I found a simple way to do this:
The Allowed domains for sign-ups which called domain_allowlist in database is a text:
gitlabhq_production=# \d application_settings
...
domain_allowlist | text | | |
...
gitlabhq_production=# select domain_allowlist from >application_settings;
domain_allowlist
-------------------
--- +
- testdomain1.com+
- testdomain2.com+
(1 row)
I can modify the testdomain1.com to testdomain1.com#30 to store the user cap and use Regex to get the number 30.
I will modify the UI and add the database table later. And I’ll create a pull request on Gitlab when I’m done.
Why do you have to prepending SU: to actor ID in a getstream-io feed update?
data = {'actor' : 'SU:ronald',
'message': 'hello',
'object' : 'object',
'verb' : 'post'
}
Without SU: I get the error: The policy "Don't impersonate other users" (900) blocked this request.
{'detail': 'The policy "Don\'t impersonate other users" (900) blocked this request, please consult the documentation https://getstream.io/docs/',
'status_code': 403,
'code': 17,
'exception': 'NotAllowedException',
'duration': '0.17ms'}
The answer I got from Stream.io support...
We are prefixing the userID within the Stream API with this.
SU: prefix means stream user reference such that when you call
enrich endpoints to read feeds, it will replace strings with referenced user object.
Actor colon rule is for prefixes, and simply ignore rule for regular exact string match.
I successfully submit an equity order to E*Trade using https://etws.etrade.com/order/rest/placeequityorder:
<PlaceEquityOrder xmlns="http://order.etws.etrade.com">
<EquityOrderRequest>
<clientOrderId>1507910303000001</clientOrderId>
<accountId>xxx</accountId>
<quantity>1</quantity>
<orderAction>BUY</orderAction>
<priceType>LIMIT</priceType>
<marketSession>REGULAR</marketSession>
<orderTerm>GOOD_FOR_DAY</orderTerm>
<symbol>TEUM</symbol>
<limitPrice>0.6</limitPrice>
</EquityOrderRequest>
</PlaceEquityOrder>
The order is confirmed ok by E*Trade:
<PlaceEquityOrderResponse>
<equityOrderResponse>
<accountId>xxx</accountId>
<allOrNone>false</allOrNone>
<estimatedCommission>6.95</estimatedCommission>
<estimatedTotalAmount>7.55</estimatedTotalAmount>
<messageList>
<message>
<msgDesc>Your order was successfully entered during market hours.</msgDesc>
<msgCode>1026</msgCode>
</message>
</messageList>
<orderNum>10</orderNum>
<orderTime>1507924703308</orderTime>
<quantity>1</quantity>
<reserveOrder>false</reserveOrder>
<reserveQuantity>0</reserveQuantity>
<orderTerm>GOOD_FOR_DAY</orderTerm>
<limitPrice>0.6</limitPrice>
<stopPrice>0</stopPrice>
<symbolDesc>PARETEUM CORP COM NEW</symbolDesc>
<symbol>TEUM</symbol>
<orderAction>BUY</orderAction>
<priceType>LIMIT</priceType>
</equityOrderResponse>
</PlaceEquityOrderResponse>
Then I try to update the limit price with https://etws.etrade.com/order/rest/placechangeequityorder:
<placeChangeEquityOrder xmlns="http://order.etws.etrade.com">
<changeEquityOrderRequest>
<orderNum>10</orderNum>
<clientOrderId>1507910303000001</clientOrderId>
<accountId>xxx</accountId>
<quantity>1</quantity>
<orderAction>BUY</orderAction>
<priceType>LIMIT</priceType>
<marketSession>REGULAR</marketSession>
<orderTerm>GOOD_FOR_DAY</orderTerm>
<symbol>TEUM</symbol>
<limitPrice>0.61</limitPrice>
</changeEquityOrderRequest>
</placeChangeEquityOrder>
But the change is rejected with
> <Error><ErrorCode>1028</ErrorCode><ErrorMessage>You have an existing
> open order for this security on the same side of the market. If you
> did not intend to place a second order for this security, please click
> Cancel Order ; otherwise, click Trade to
> proceed.</ErrorMessage></Error> ---> System.Net.WebException: The
> remote server returned an error: (400) Bad Request.
I tried including and not including clientOrderId, it made no difference. I'm going nuts because the same code worked fine once earlier in the day, then it never worked again.
If you are able to submit changes to orders using the ETrade API, please let me know. ETrade API forum seems to have disappeared :(
One needs to submit a new clientOrderId with every change request. I had assumed that one was supposed to keep sending the original clientOrderId (the one used when first submitting the order).
I've been facing a problem related to multiline events lately, and I am needing a little bit of your help for this. My syslog server is sending multi-line events. One single event gathers several lines, and the indicator that proves a particular event line is part of a multi-line event is a random number that defines a user connection session. Here is a custom generated log file:
Feb 16 17:29:04 slot1/APM-LTM notice apd[5515]: 01490010:5: 1ec2b273:Username 'cjones'
Feb 16 17:29:04 slot1/APM-LTM warning apd[5515]: 01490106:4: 1ec2b273: AD module: authentication with 'cjones' failed: Preauthentication failed, principal name: cjones#GEEKO.COM. Invalid user credentials. (-1765328360)
Feb 16 17:10:04 slot1/APM-LTM notice apd[5515]: 01490010:5: d8b5a591: Username 'gbridget'
Feb 16 17:10:04 slot1/APM-LTM err apd[5515]: 01490107:3: d8b5a591: AD module: authentication with 'gbridget' failed: Clients credentials have been revoked, principal name: gbridget#GEEKO.COM. User account is locked (-1765328366)
Feb 16 17:29:04 slot1/APM-LTM notice apd[5515]: 01490005:5: 1ec2b273: Following rule 'fallback' from item 'AD Auth' to ending 'Deny'
Feb 16 17:29:04 slot1/APM-LTM notice apd[5515]: 01490102:5: 1ec2b273: Access policy result: Logon_Deny
Above are the lines related to two different connections defined by the following user sessions: d8b5a591(user gbridget) and 1ec2b273(user cjones). user sessions are the only indicators that connect those lines to two different events. not to mention that the line events are interwined.
The problem is that I am at loss as to how to explain the above to grok filter with a multiline plugin, knowing that the latter offers too few options. In fact , the notion of "previous" and "next" line cannot be applied here for instance, so the grok options "pattern" and "what" cannot be used, since the events are not necessarily consecutive.
I would really appreciate it if someone could shed some light on this and tell me if at least it is feasable or not.
I don't see those as multi-line events, but as related events. I would load them into elasticsearch as 6 different documents and then query as needed. If you have specific queries that you're trying to perform against this data, you might ask questions about how to perform them against multiple documents.
One alternative would be to use the session_id as the document ids and then you could update the initial documents when new information came in. They don't recommend using your own document ids (for performance reasons, IIRC), and updating a document involves deleting the old one and inserting a new one, which is also not good for performance.
We just went live with our approved Docusign key and we are in the process of on boarding our first client. The client has about 52 templates set up in their account already. Around 8 of those templates throw an error when attempting to create an envelope with them like this:
{
"errorCode": "INVALID_USER_OFFSET",
"message": "The specified User Offset exceeds the page boundaries. XOffset " -432 " is invalid. Tab Label: Signature 73272."
}
The client has moved that Signature tab around the document several times and the value changes correspondingly but the error remains.
Any areas of the API I should check or general steps to resolve this issue?