On an xpage web application the user only has public documents read access.
I would like to find a way for the user to be able to save to a form.
I guess the most secure way is by dooing this with an agent since I read somwhere that giving write access to public documents isn't secure.
Let's say I have 2 fields : firstname and lastname .
Do I bind them to a scoped variable to have acces to them in the agent or is there a better way ?
How do I run the agent on a button click ? is following correct ?
var agent:NotesAgent = database.getAgent("(register)");
How do I give the agent the necessary authority to save the document?
And how do I get my data in my agent ? with for example sessionScope.firstName or is there a better way ?
The eventually smartest way: store that data into another database at all. XPages allows you to write to a different database. If the name shouldn't be visible for other public users, then use depositor as access level
Don't use an agent for saving a document. Use sessionAsSigner instead.
sessionAsSigner allows to run code with the permission of XPage's signer instead of the current user accessing the XPage.
Example:
var db:NotesDatabase = sessionAsSigner.getCurrentDatabase();
var doc:NotesDocument = db.createDocument();
...
doc.save();
Related
I'm writing Java code in an XPage Rest Service basing on https://setza-projects.atlassian.net/wiki/spaces/RSD/pages/44007659/IBM+Domino which is an REST service written in Java used to handle Resource Reservations database. However the way it currently works, it creates the reservations for the current session user only:
private JsonObject createIntanceAppointment(ResourceDefinition rd, Database reDatabase, Date dtStart, Date dtEnd, String subject) throws NotesException {
Session session = reDatabase.getParent();
Name nnOrganizier = session.createName(session.getEffectiveUserName());
Name nnREsource = session.createName(rd.getFullName());
DateTime dt_startDateUTC = session.createDateTime(dtStart);
DateTime dt_endDateUTC = session.createDateTime(dtEnd);
Document doc = reDatabase.createDocument();
doc.replaceItemValue("form", "Reservation");
doc.replaceItemValue("Purpose", subject);
doc.replaceItemValue("ReservedFor", nnOrganizier.getCanonical());
doc.replaceItemValue("ResourceName", nnREsource.getAbbreviated());
doc.replaceItemValue("ResNameFormat", nnREsource.getAbbreviated());
I'm doing a very similar integration with Domino, although I'd prefer to have the reservations created for individual users (they provide their username & password on the room-booking application on a touch screen).
I could just authenticate as the user in my REST client, but if I understand the installation requirements for that RoomZ api correctly, the 'api managing user' needs to be exclusively signed to the database, so I would need to do that for every user in Domino that could make reservations.
I tried using NotesFactory.createSession("", "user", "password"); but that doesn't work, it gives Cannot create a session from an agent error
If I cannot create another session, is there any way I could verify that the username and password passed to the API in the payload is correct (to verify if the user can login)? Then I could just set the organizer/reserved for to this user.
Also, is there any way to make these reservation also appear in the organizer's Notes calendar? Currently they are succesfully created in the Reservations database and all, but the organizer is unaware of them despite he's assigned to the reservation.
You do not need to create a session for every user. The important thing is the nnOrganizer = session.createName(" ") which should contain the user. Probably you'll also need to set additional fields like chair or from for the reservation.
If you want to have some entries in the organizers calendar, send them a proper invitation or create a calendar entry in their mailfile.
I am trying to write a webservice to add new contacts to my existing contacts. I access my names.nsf file using the code below. I am new to Lotus Notes. Can anyone please post the code to access contacts in Java. Any related references would also be helpful.
Session session = getSession();
AgentContext agentContext = session.getAgentContext();
DbDirectory dir = session.getDbDirectory(null);
Database basedb = dir.openDatabase("names");
Thanks..
Your original question did not mention the creating of a new document, only how to access contacts.
Based on your comment
thanks..now i am able get all the views present in names.nsf in the
domino designer..but stil unable add a new contact
the code in Java to create a new document in the names.nsf database (once you have a handle on it) would be...
Document doc = dir.createDocument();
//fill in the necessary fields
doc.save();
Hi its time to answer my question
If you are working on creating contacts in lotus notes account using java.Please follow the below steps in an agent.you can later turn this into web service easily
1.Create a session.
Session m_session = getSession();
2.Get the database
DbDirectory dbdir = m_session.getDbDirectory("");
Database m_database = dbdir.openMailDatabase();
3.Get a new document
Document doc=m_database.createDocument();
4.Set the required properties of the document using
doc.replaceItemValue method.
for example
doc.replaceItemValue("FillName","yourName");
5.Save the document and thats it.
doc.save();
If you use the names.nsf database the contact will be added only in the local copy of your client application and not the same is not reflected in the server copy.
Using Orchard 1.6 Iv created a new role 'FactoryWorker'. When this user logs in from the front end I want them to be navigated to one page only.
OrchardLocal/System/ManufacturedProducts
I have set this page to be a print screen of the order details so the factory worker will know what products to get ready for ship out & they wont be able to navigate as no menu appears, but also need the other pages blocked incase the user decides to enter the URL of a page they arnt allowed access to.
This is the only page I want this particular user to be able to access(after they login), and I have added a logout button, which logs out the user and returns them to the home page.
So iv been looking through editing a role, with permissions and content etc...but this all seems to be applying to forms and content in general. where the user can access any content type etc...
So can someone advise me on how to do this?
thanks for any replies
UPDATE
I forgot to mention that this is not a content type, item or part I am talking about.
I have created my own controller & View & VM which is accessible from the dash board (using the AdminMenu, which brings the admin user to OrchardLocal/System/ManufacturedProducts)
I have looked at Orchard.ContentPermissions Feature but it only seems to allow me to 1)Grant permissions for others or 2)Grant permission for own content
any ideas?
You can use a Request Filter, (I do not know if it is the best way) :
FilterProvider – defines the filter applied to each request. Resembles the way default ASP.NET MVC action filters work with the difference that it’s not an attribute. All FilterProvider objects are injected into the request pipeline and are applied to all requests (so you need to check if the current request is suitable for your filter at the beginning of an appropriate method).
From : http://www.szmyd.com.pl/blog/most-useful-orchard-extension-points
So you could implement something like this
public class Filter : FilterProvider, IAuthorizationFilter {
private readonly IAuthenticationService _authenticationService;
public Filter(IAuthenticationService authenticationService) {
_authenticationService = authenticationService;
}
public void OnAuthorization(AuthorizationContext filterContext) {
//If route is the restricted one
if (filterContext.HttpContext.Request.Url.AbsoluteUri.Contains("OrchardLocal/System/ManufacturedProducts")) {
//Get the logged user
IUser loggedUser = _authenticationService.GetAuthenticatedUser();
if (loggedUser == null)
return filterContext.Result = new HttpUnauthorizedResult();
//Get the Roles
var roles = loggedUser.As<IUserRoles>().Roles;
if (!roles.Contains("FactoryUser")) {
//User is not authorized
return filterContext.Result = new HttpUnauthorizedResult();
}
}
}
}
Note: Untested code!
EDIT: Also you could invert the logic and check if the logged user has the role 'FactoryUser' and restrict its access to every page except the one they should see.
Your module can create a new permission (look at one of the permissions.cs files for examples), then create a role that has only that permission. Have your controller action check that permission (again, many examples found by finding usage of the permissions defined in one of the permissions.cs).
You can use the Content Permissions module. Using this module you can attach a content item permission part to a content type. This part allows you to choose which roles can see the content when you create it.
Along with the thumbnail photo, I may want to display other properties in my master pages that are imported from AD such as "company" using User Profile sync
If I use SPServices.SPGetCurrentUser() (https://spservices.codeplex.com/documentation), I can get selected properties held in user profile settings. However, I can't make this call since the property does not exist here (yet).
var company = $().SPServices.SPGetCurrentUser({
fieldName: "Company",
debug: false
});
It is however, is displayed both in http://mysite.mydomain.com/_layouts/EditProfile.aspx when in Mysite and _layouts/ProfAdminEdit.aspx (Edit user properties in Central Admin). I guess my question is then to be able to use SPServices, do I somehow edit the default properties and include my "Company" attribute held in the user' mysite profile? Alternatively, is there another way to access the properties held in the user profile with JavaScript ?
Thanks
Daniel
$().SPServices.SPGetCurrentUser calls this page : http://you.site.com/_layouts/userdisp.aspx?Force=True&1376982818371. For me the function is not able to parse the page correctly, but you could simply use jQuery (or pure JS or whatever) to get by yourself the same page, and then parse it to find the data you want.
Otherwise you can use $SP().people() to query the User Profile Service and gets the info for the user. See the example from the provided link. In theory that should return you the same information or even more info.
I have a custom web part that starts by getting a current user login name like this:
protected static string iAm = System.Web.HttpContext.Current.Request.ServerVariables["AUTH_USER"].Split("\\".ToCharArray())[1].ToLower().
Then it passes this string to a bbl class and fetches a user id:
`IDataReader _drInfo = cisf_BLL.bll_MyInfo.drGetMyInfo(iAm);
while (_drInfo.Read())
{
iUser_Ident = _drInfo.GetInt32(30);
}
`After that it passes the user id integer to another method that fetches user's training record:
_drUserTraining = bll_Training.drGet_required_training_records(iUser_Ident);
_drUserTrainingCompleted = bll_Training.drGet_completed_training_records(iUser_Ident);
This information is then displayed in a tab container with three tab such as "Overdue", "Required", and "Completed".
The problem I'm having is this: I'm logged into SharePoint collaboration site with my domain user name and all my training is displayed just fine. If my someone else then logs in to the SP Portal that user sees my training and not his, even though this user has logged in with his unique credential using a common access card, just as I.
Somehow some strange session seems to persist and I was hoping someone out here has encountered this anomaly.
Thanks in advance!
Risho
You are misusing static - a static property is stored once per web server process, not once per user.
Not an answer, but code improvement: there is much simplyer way to get current user name/id
SPUser user = Microsoft.SharePoint.[SPContext][1].Current.Web.CurrentUser;
user.ID;
user.Email;
user.Name
user.LoginName;
user.Grups;
....
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spuser_members.aspx