I need to change the status of a node programmatically.
I changed the status field in the database to 0.
The node is unpublished.
The problem is that anonymous user can view the content
of the node, despite it's unpublished status ?
Check user permissions to disallow anonymous user to see unpublished content
Related
enter image description here After creating the non-admin user I have set permission for a specific database as well but when I log in with a non-admin user its shows a loading database and doesn't show anything and other nodes also don't get loaded.
I found the explanation here
In CouchDB 3.0.0, the /_all_dbs endpoint became admin-only. This has the side-effect of Fauxton, the “Browser GUI”, not loading properly for non-admin users, as it starts out by reading /_all_dbs.
The release notes have a section that go into the changes.
This is the code change: https://github.com/apache/couchdb/issues/2576
You can get the previous behaviour by setting the config variable [chttpd] admin_only_all_dbs to false, but that allows even unauthenticated users to get a full list of your databases.
I just remove one user and it appears a ghost user, is it possible to remove ghost user?
I read that a ghost user represents all deleted users. Issues and comments created by any deleted user will be transferred to the ghost user.
But is it not possible to remove it?
I've had a similar problem when playing with gitlab+ldap installation and removing test users, so here is how I removed the Ghost User eventually.
First check whether everything is ok with GitLab (optional step):
sudo gitlab-rake gitlab:check
Execute GitLab console:
sudo gitlab-rails console
Using the console find the the id of the ghost user and delete it:
user = User.find_by(username: "ghost")
User.delete(user.id)
If the user is removed then output would be 1, if 0 then user is not removed.
(...) for future references: API of GitLab doc
User deletion
Deletes a user. Available only for administrators. This is an idempotent function, calling this function for a non-existent user id still returns a status code 200 OK. The JSON response differs if the user was actually deleted or not. In the former the user is returned and in the latter not.
DELETE /users/:id
Parameters:
id (required) - The ID of the user
hard_delete (optional) - If true, contributions that would usually be
moved to the ghost user will be deleted instead, as well as groups
owned solely by this user.
I have a broken site ATM and the theme layout is stuffed, I need to get to the dashboard by entering the direct link, does anyone have a sample that I can use.
Forced an update of the engine to the lastest version, and found that I needed to make changes to the user roles and configuration, made the changes in the database and got it working. What I found is that the user now needs to be part of a role, in the database made the change to the user giving them role ID of 1, this allowed me to go to the \admin page to get to the dashboard, from there I could reset to a default theme and get the site back up and running again
This is basically two question? First i was wonder how to change the page liferay redirects when a user tries to access a page that has Power User view permissions. Liferay by default points to localhost:web/guest/home where they have their login page. On my application i have a different login in page and i want to redirect to the following page. I was browsing the web and found out that by setting auth.login.site.url=/whereiwontittopoint should actualy redirect me there. However it does not. I'm using Liferay 6.0.6 Community Editions. Has anyone done this? Is this the right way or this need to be done with a hook?
My other question is the following. I want to have a custom role on some pages. And i want when a user does not have that specfic role to be redirect to a totaly different page not the default login. I'm fairly sure this can be done by using the hook on some service but for some reason i can not identify this service.
EDIT
Ok for the first question i solved the issues. For the second question the answers i got here were not what i was looking for probably because i didn't post the question correctly. This is a full scenario of what i have done and what i need to do:
First of all i changed the /web/guest path that's on every liferay page to web/somthing/ this might not play a crucial role but the problems(some of the problems) started when that happend. THe over all idea is the following. I'm using spring mvc to create the application. I have created a backend to my application from where the admin can create pages for other users to see(This is not done by going to the control panel of liferay and adding a page but through the logic of the application). Once a page is created depending on some logic i create a role for that certain page(customer role also through code not the liferay admin). Some of the users are given this role if the satisfy some criteria and some are not. Here my problem arises, once a user that is loged in to my application tries to access a page (by inputting a direct URL in the browser to the page) that requres the view permision of the role i create for that page and the user does not have the appropriate role he gets redirect to lets say localhost/web/(username)/home a personal page and for some reason on that page by default from liferay he is able to view personal data(user name) of all other users of the application. My question is how through code to handle the redirection that happens of the above scenario.
I have tried on one attempt to actualy hook the servlet.service.events.pre action and before the user access that page to check if he has the appropriate permisions and actualy change his request. So far i have some issues but i can resolve them but this approach is not what i not rly what i am looking for because this action is executed before every single request on the application( and the page handling is just small part of that application) which means i will have a lot of code executing for no reason. I was wondering if there are any ways to add where the exception will redirect when i create the role? If not what action should i hook that will help me solve this scenario but with out the unneeded extrea trafic that i am creating with hooking servlet.service.events.pre action?
For the second stuff a bit hacky way could be as follows
1) Define set of roles against which you want to check in portal-ext.properties. You can add some property like my.super.secret.roles=rolename1,rolename2
2) Add a property for a redirect page url in portal-ext.properties so that you can redirect user there.
3)Add a custom attribute for Layout named checkForSecretRoles which has to be boolean and visible on Page. This will show you a checkbox in Manage page for each page, so that an admin can easily check or uncheck the value
4)Add a condition in your theme (portal_normal.vm) to check if the page has a check for secret role and then check the users role falls in any of the roles defined in portal-ext.properties. If yes then issue a redirect to the page specified by your custom redirect page url property
For your first question, it should work -
auth.forward.last.paths=/sign-in
sign-in would be your page name
The answer for your second question is, you have to create a Hook extending Action and made the below entry in your portal-ext.properties.
login.events.post=com.liferay.portal.events.LoginPostAction,com.liferay.portal.events.CustomLandingPageAction
There is a lot of information you can found on forum about how to use this property.
for 1. set default.landing.page.path=/whereiwontittopoint in portal.properties, see Liferay Login page redirect
for 2. create a hook, set servlet.service.events.post=com.my.action.MyAction and impliment this action, at this point you can redirect user to another page.
I have a CCK content type Event which has a privacy text field to describe if its a 'public' or 'private'. I'm also using the RSVP module so users can invite their friends to an event they have created.
I need to be able to block access to an Event node if its private and the user attempting to view the node has not been invited.
I thought this would be easy enough by implementing hook_access which would check if the privacy field is private. If it is I would make a quick database call to check if the user has been invited. If not return false and block node access.
Imagine my horror when I discovered that this hook cannot be used for CCK content types and only works for content types the node module owns.
Can anyone point me in the right direction to do some custom node access validation 'the drupal way' when using CCK content types. Using drupal 6 by the way.
maybe you'll be lucky with the content access - module.
I didn't try it yet, but it seems to be the solution to your problem.