I want to restrict access to assigned users in tasks. so, user can see only assigned tasks just now user can see all the tasks. I tried below thing but it's not working.
<record id="group_project_user_developer" model="res.groups">
<field name="name">Developer</field>
<field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
<field name="category_id" ref="base.module_category_project_management"/>
</record>
<record id="project.group_project_user" model="res.groups">
<field name="name">User</field>
<field name="implied_ids" eval="[(4, ref('project_custom.group_project_user_developer'))]"/>
<field name="category_id" ref="base.module_category_project_management"/>
</record>
<record model="ir.rule" id="own_task_view_rule">
<field name="name">See own tasks only</field>
<field name="model_id" ref="project.model_project_task"/>
<field name="groups" eval="[(4, ref('project_custom.group_project_user_developer'))]" />
<field name="domain_force">[('user_id','=',user.id)]</field>
</record>
Here user having Developer group can access all the tasks but in real it should allow to access only assigned tasks.
<delete model="ir.rule" id="project.task_visibility_rule"/>
in Odoo 13 may have the same id in Odoo 12. This rule allows to show all projects task to the user regardless of your rule so to make your rule work you have to delete this one
Delete the following rule or inactive it to check your code is working then add it via XML to delete with code also manager is allowed so your rights will only work if you set project task and fsm task = user in access rights
If you are having a problem finding this rule just search this in codes XML files to find this rule
follow required for follower-only projects
This is the rule allow the manager to see all tasks
In general, there must be another rule that is allowing things that you may not be allowing so keep that in mind when your rule is not working
That is due to of your Record Rule enforce,
<field name="domain_force">[('user_id','=',user.id)]</field>
On the model ['project.task'] that logged in user will have only access to his/her assign task.
Thanks
You can do it with action domain:
<record id="project.act_project_project_2_project_task_all" model="ir.actions.act_window">
<field name="domain">[('user_id', '=', uid)]</field>
</record>
Related
I want to disable hybris in-build soft login functionality.I have restarted the hybris server still able to see the customer as logged customer.
I tried with changging the some tomacat server properties like context.xml
<Manager pathname="" />
Still its not working.
Hybris in-build soft login functionality or remember-me tag functionality can be disabled using two ways, the first that I suggest :
First : Remove the remember-me configuration from spring security file spring-security.xml :
<security:remember-me key="myKey" token-validity-seconds="864000" />
Seconde : Remove the input checkbox from jsp (not recommended)
<input id="j_remember" name="_spring_security_remember_me" type="checkbox">
Hybris Soft login is a feature of spring security.A soft logged in user can browse the application, but pages like account page and checkout pages are secured by hard login. To access these pages, he has to provide password again.
Comment the security:remember-me tag in the spring-security.xml file
<!-- <security:remember-me key="hybrisshopstorefront" services-ref="rememberMeServices"/> -->
Thanks.
I'm trying to do something like this...
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<CreateAndSendEnvelope xmlns="http://www.docusign.net/API/3.0">
<Envelope>
[All the good envelope stuff]
</Envelope>
<Envelope>
[All the second good envelope stuff]
</Envelope>
[closing XML]
It may be that this is not possible, can someone confirm? Thanks!
Depends on what you mean "Is it possible to create and send multiple DocuSign envelopes with a single API call":
YES - Same Envelope template (server or inline) to many different recipients as "multiple envelopes"
NO - Bulk Send, Many different Templates many different Recipients
Bulk Send (REST ONLY)
https://docs.docusign.com/esign/restapi/BulkEnvelopes/BulkEnvelopes/
The only way to send multiple envelopes as a result of one API call is to use the BulkSend node of the Envelopes: create method. See docs.
BulkSend is only available for the REST version of the Envelopes: create method, it is not available for the SOAP version.
I am trying to restrict access to an xpage. In the acl of the application I have Manager access. When I try to decrease the access level for myself via the acl property of the xpage to "NOACCESS" I still gain access to the xpage as I would normally do. I would have expected to gain no access at all:
<xp:this.acl>
<xp:acl>
<xp:this.entries>
<xp:aclEntry type="ANONYMOUS" right="NOACCESS"></xp:aclEntry>
<xp:aclEntry type="DEFAULT" right="READER"></xp:aclEntry>
<xp:aclEntry name="Malin Andersson/O=banken"
right="NOACCESS" type="USER">
</xp:aclEntry>
</xp:this.entries>
</xp:acl>
</xp:this.acl>
Am I doing something wrong?
Write the entry with your name first.
Only the first entry that matches the user by name, group or role is used.
DEFAULT applies to everyone and "wins" in your case.
(see Mastering XPages: A Step-by-Step Guide to XPages Application Development and the XSP Language (2nd Edition) page 1043)
I am writing code to synchronize data in a custom app with a Sharepoint 2010 document library via web services calls to lists.asmx. As part of this sync, I am looking up previously sync'd items in Sharepoint by their GUID, using this CAML query:
<query>
<Query xmlns="">
<Where>
<Eq>
<FieldRef Name="GUID"/>
<Value Type="Text">{C0BE0DBF-103B-4302-83C8-01BB0B0F6FDD}</Value>
</Eq>
</Where>
<QueryOptions>
<QueryThrottleMode>1</QueryThrottleMode>
<RowLimit>1</RowLimit>
</QueryOptions>
</Query>
</query>
The document library that this is querying exceeds the List View Threshold. In my test environment, this was not a problem. However, in production, this query gets limited by the List View Threshold enforcer:
The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.
This page: http://technet.microsoft.com/en-us/library/cc262813.aspx says:
Farm administrators and local computer administrators on the front-end Web server, where a query originates, are not blocked by the list view threshold.
but my user in the test environment is not a local computer administrator. Is there some other reason that the List View Threshold would apply in one case and not in another? Keeping in mind that I have to go over lists.asmx, are there some other ways of getting around this limit?
Thanks!
I am have extreme problems with adding security to the web dashboard. I am trying to set up security for a bunch of web app projects. Everything works with no security enabled.
The security i want is fairly simple. 2 roles "Releasers" and "Testers", releasers can do anything, testsers can force build the test deployment project and only view the rest of the projects which all upgrade the live installations. However I just can't get it to work. As a start i think i have just allowed everything for everyone and i get a few differnt problem depending on how i set up various things. In all cases the config file validates with the validator util.
Server Config
<internalSecurity>
<users>
<ldapUser name="ccnet" domain="localhost" />
<passwordUser name="ccnetadmin" password="NotTheRealPW" />
</users>
<permissions>
<rolePermission name="Releasers" defaultRight="Allow">
<users>
<userName name="ccnetadmin"/>
</users>
</rolePermission>
<rolePermission name="Testers" defaultRight="Allow">
<users>
<userName name="ccnet"/>
</users>
</rolePermission>
</permissions>
</internalSecurity>
Project Security
<security type="defaultProjectSecurity" defaultRight="Inherit">
<permissions>
<rolePermission name="Testers" ref="Testers"/>
<rolePermission name="Releasers" ref="Releasers"/>
</permissions>
</security>
Dashboard.config
There are 3 things that are not clear from the documentation.
What kind of authentication needs to be set up in IIS.
What kind of users do i need to set up in the ccnet.config server
security section.
In the dashboard config what do i need in the <securityPlugins> section.
I have tried forms and windows integrated in the web.config and in iis. With forms it essentially complains that there is no login.aspx, which there isn't so i suspect that this is correct. With windows integrated i can access the dashboard. Any projects that have no security element i can see in the list but any action result in a security exception saying i don't have the ViewProject permission. Any projects that have the security element simply don't show in the list. I get the same behaviour whichever user type i use simpleUser, passwordUser or ldapUser. I cannot find anywhere that mentions any other value that i can put in the securityPlugins section other than simpleSecurity, are there any other values and if so what are they.
I have searched this documentation and i cannot find any answers to any of these questions.
EDIT
Whoever can suggest a what i can achieve the below goal gets the bounty, even if it is a totally different way than i have described above.
I want a set of users who can view all CC.net projects and force build 1 specific project. I want another set of users who can view and force build all projects. I want it to be with one single cc.net dashboard, one config file, but with different user accounts.
EDIT 2
As the bounty is running out soon i will also give it so anyone that can offer some kind of compelling evidence that the security in cc.net does not work, so at least i know not to waste my time on it any longer. Also I have tried to log an issue or post to the cc.net forum about this but they seem to have transitioned to a new system and that doesn't work seem to work either, it simply won't let you sign up for a user account, it requires email verification but the email never comes through.
OK I finally worked it out. Everything was set up perfectly fine. However what the documentation doesn't mention at all is HOW TO LOG IN. What kind of security do you setup in iis/web.config. The answer to this is it is irrelevant as cc.net does not use any of these kinds of security. The documentation mentioned enabling log ins by adding a <securityPlugins> section to dashboard config with a element in it to "enable log in". But it did not mention how to log in. What i have JUST noticed is that if in the web dashboard you select a server from the list then it gives you a log in button. Thing is i rarely look at the server report, i only have 1 server so the "farm report" is the same list of projects as the "server report" and it just seemed pointless. But the login button only appears if are viewing a server report. I feel a bit silly but a simple - "you can't log in from the farm report; you need to select a server report to log in" - in the docs would have saved me literally days of frustration. I.E. it has taken me days to find the bloody log in button.
I'd be curious also and will try to figure this out again, but last time I tried I was also stumped.
My interim workaround was to configure the web.config to define who has access to CC.NET only for GET requests, and who has access altogether (includes POST requests which are necessary for any kickoff actions).
<configuration>
<system.web>
<authorization>
<allow verbs="GET" roles="DOMAIN\ccnetreadonly" />
<allow roles="DOMAIN\ccnetcanperformactions" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
Not the best, but it did work...