I am using Modx, and I try to give to a user permission to add/edit/delete new users.. So far so good, the user can do that, the thing is that I get an annoying error message. (even everything works).
The message appears when I access the user info.
Code: 200 OK {"success":false,"message":"Permission
denied!","total":0,"data":[],"object":[]}
Action for requests where I have this error:
action: workspace/namespace/getlist
action: security/user/setting/getList
It seems you don't have some other permission. Shortly here is how you should get some hint what permission: when user edition is in progress please open browser console and check all AJAX calls via Network tab...one should return JSON from above. If so please check what MODX processor was requested in action form parameter.. f.e. it can be /users/getlist.. so you should update your ACLs and add the permissions for the user list.
Related
Error shown When i try to update user password using Microsoft.Azure.ActiveDirectory.GraphClient
user.ChangePasswordAsync(currentPassword, newPassword);
It works correctly for me with following code.
await activeDirectoryClient.Users["userObjectId"].ChangePasswordAsync("oldPassword", "newPassword");
or
var user = activeDirectoryClient.Users.GetByObjectId("userObjectId")
await user.ChangePasswordAsync("oldPassword", "newPassword");
But I can this reproduce the error information with following code.
var user =(User)activeDirectoryClient.Users.GetByObjectId("userObjectId").ExecuteAsync().Result;
await user.ChangePasswordAsync("oldPassword", "newPassword");
I capture the request with fiddler then I find that 400 error. And the request url is
https://graph.windows.net/{tenantId}/directoryObjects/{userId}/changePassword?api-version=1.6
But the change password Graph API is
https://graph.windows.net/{tenantId}/users/<objectId>/changePassword or /users/userPrincipalName/changePassword
I assume that it is the reason why get that error information.
Note: Call the changePassword action for the signed-in user to change their own password.
We also could use the Microsoft graph SDK to do that. For more information, please refer to another SO thread.
I am trying to delete document,where conditions is...
Where the user is in Group and having the deletion rights & every users in group is able to delete the document.
But problem is when, If the name I specify is also listed explicitly in the ACL and does not have deletion rights.Then it does not check the group rights which is fair enough.
For that i am trying to give deletion rights to those users who are in group by code given below.
var acl:NotesACL=database.getACL();
var entry:NotesACLEntry=acl.getFirstEntry();
if(entry!=null)
{
var user:NotesACLEntry=acl.getEntry(#UserName());
if(user.isCanDeleteDocuments()==false)
{
user.setCanDeleteDocuments(true);
acl.save();
}
}
Where it shows error like,
Exception occurred calling method NotesACL.save() null.
Even explicitly added user is having user type=person & Access= Manager in ACL.
is there any other way to do this?
Any help would be appreciated.
Thanks in advance.
Using database as a starting point means you're getting the database as the user. Unless the user already has Manager access to the database, this will fail because the user doesn't have access to update the ACL.
You can use sessionAsSigner, but bear in mind you cannot use the getCurrentDatabase() method. Instead you must use the getDatabase(server,filePath) method in order to get the database with the signer authority. Obviously the signer also needs rights to modify the ACL.
When my app launches the map view, I request the iOS8 "When In Use" location permission. Assume user grants that.
I would like to request the Always permission only when user opts-in to my geofencing feature. But calling CLLocationManager.requestAlwaysAuthorization has no effect because the current authorization status is no longer kCLAuthorizationStatusNotDetermined.
How would one go about requesting the Always permission AFTER user has granted When In Use permission? I would think this is a common use case because apps should avoid asking for the Always permission unless needed.
You are right, calling requestAlwaysAuthorization will not do anything if the user already granted 'when in use' permission. A workaround I used was to link the user to the settings screen and let them turn on the 'Always' setting themselves. Here are the steps to do that:
Create a new key in your app-Info.plist called NSLocationAlwaysUsageDescription and enter some reasons as to why you need to request the always permission in the value field.
Link your user to your app's settings screen (more info here)
NSURL *settings = [NSURL URLWithString:UIApplicationOpenSettingsURLString];
if ([[UIApplication sharedApplication] canOpenURL:settings])
[[UIApplication sharedApplication] openURL:settings];
Once the user taps your link they will see this:
and when they click on Location, they will be able to see both While Using the App and Always settings to choose from:
Monitor authorization changes in your app by implementing the CLLocationManager delegate method locationManager:didChangeAuthorizationStatus:
I don't know about objective-c, but it works fine for me in swift and iOS 8.4. Make sure you provide both keys in your info.plist
NSLocationAlwaysUsageDescription
NSLocationWhenInUseUsageDescription
// iOS 11 and up will require this key instead of AlwaysUsageDescription
NSLocationAlwaysAndWhenInUsageDescription
Then just call
locationManager.requestAlwaysAuthorization()
And make sure locationManager is an instance variable! A local variable will be ignored for some strange reason.
Apple Documentation
I found this library for creating an ACL (access control list) for mongoose:
https://github.com/scttnlsn/mongoose-acl
It looks like a good module, but I'm a little confused on how to use it for my purpose.
I have a site where anybody (logged in or not) can visit a profile page, like example.com/users/chovy
However if the user 'chovy' is logged into this page, I want to give them admin privileges for editing the details of the account.
If the user is not 'chovy' or is not logged in, they would just see the read-only profile page for 'chovy'.
Can someone give me a concrete example of how I would do this?
That sounds so common, that I don't think you need an ACL. You will need to have sessions, and then you can change how the view looks based upon the current logged in user. An incomplete example would like like this:
// Assumes:
// - You set req.session.user when user logs in
// - The url route has a :name so you can do req.param() to get the name of the page being viewed
db.users.getCurrentUser(req.session.user, gotLoggedInUser)
db.users.getUserByName({name: req.param('name')}, gotUser)
And then pass this to the view, when you do a res.render():
var is_viewing_own_page = currentUser._id.toString() === loggedInUser._id.toString()
And then the view can do something like this (assuming jade):
- if (is_viewing_own_page)
div You are looking at your own page
- else
div You are viewing someone else's page
<?xml version="1.0" standalone="yes"?>
<tcm:Error ErrorCode="80040302" Category="16" Source="Kernel" Severity="2" xmlns:tcm="http://www.tridion.com/ContentManager/5.0"><tcm:Line ErrorCode="80040302" Cause="false" MessageID="4613"><![CDATA[Unable to get list of Publication items.]]><tcm:Token>RESID_4485</tcm:Token><tcm:Token>RESID_4452</tcm:Token></tcm:Line><tcm:Line ErrorCode="80040302" Cause="false" MessageID="4394"><![CDATA[Unable to Initialize TDSE object.]]><tcm:Token>RESID_4537</tcm:Token><tcm:Token>TDSE</tcm:Token></tcm:Line><tcm:Line ErrorCode="80040302" Cause="true" MessageID="16226"><![CDATA[Access is denied for the user IIS APPPOOL\publishedlist.]]><tcm:Token>IIS APPPOOL\publishedlist</tcm:Token></tcm:Line><tcm:Details><tcm:CallStack><tcm:Location>Tridion.ContentManager.Security.AuthorizationManager.LoadAccessToken(String,IEnumerable`1,IEnumerable`1)</tcm:Location><tcm:Location>Tridion.ContentManager.Security.AuthorizationManager.LoadAccessToken(String,String)</tcm:Location><tcm:Location>Tridion.ContentManager.Session..ctor(String,String,UserContext)</tcm:Location><tcm:Location>Tridion.ContentManager.BLFacade.SystemFacade.InitializeUserContext(UserContext,String,String)</tcm:Location><tcm:Location>UtilitiesTDS.GetUserContext</tcm:Location><tcm:Location>TDSE.Initialize</tcm:Location><tcm:Location>TDSE.GetListPublications</tcm:Location></tcm:CallStack></tcm:Details></tcm:Error>
this error occurs while executing this line :
TridionCollection<Component> components = new TridionCollection<Component>(folder.GetListItems(ListColumnFilter.XMLListExtended, rowFilter), "[contains(#IsShared,'false') and contains(#IsLocalized,'false') ]");
I think the error itself is quite clear: User IIS APPPOOL\publishedlist has no permission to access Tridion. Now you need to understand why this user is trying to connect. There are several ways to resolve it. Try to figure out who is trying to connect with this user. Apparently IIS, but why (is it expected to connect with this user?)
If you are logging in with user A and you see error like this, it means that you want to impersonate user A with IIS APPPOOL\publishedlist. Just add IIS APPPOOL\publishedlist to impersonation users of Tridion and it will be fine.
If this user is some kind of service user that you are want to use to perform maintenance tasks or so - just create user in CM
Next time, please post some more details of what you were trying to do and where exactly you have a problem, otherwise your question will be downvoted and you will hardly get any answer.