I have a question about Symfony2, I Hope someone could help me.
I'm developing an application where the Administrator user has to be able to create new roles with new privileges. In other words, the app/security.yml file will change every time the Administrator creates a new role. I'd like to know how I can do that... or if there is a Bundle that could help me with this.
You may want to use ACL's.
But it depends on what you are doing with the roles. Why is the Admin creating new Roles? What permissions do they grant? The Roles typically protect routes, and I don't know a way to dynamically define routes from some sort of Admin interface (out of the box). So I'm guessing you want to give users permissions to do various things. So I think you want to look at ACL's.
Create your own user entity extends UserInterface and then custom the function getRoles();
Take a look at http://php-and-symfony.matthiasnoback.nl/2012/07/symfony2-security-creating-dynamic-roles-using-roleinterface/
Related
I need to implement an authentication system where a super admin can create multiple different roles with different rights for users. That is, not a system with a set number of roles, but have the option to create as many roles with different combination of rights as the superadmin wants, and then assign them to new users. Also with the option of editing these roles, deleting them etc. I'm fairly new at Node Js. Is this something hard to implement? Are there any articles/videos I can read/watch, to start understanding the process? Where do I start? I'd really appreciate any help. Thank you in advance!
You're thinking about Role-Based Access Control (RBAC). I have actually implemented this in Node.js before, feel free to checkout how I implemented it here: https://github.com/JLCarveth/nodeblog.
It's relatively simple. You need a table for tracking roles. Each role has 0 or more permissions. These permissions can be comma-separated strings, or IDs referencing a permissions table. Each user is then assigned a role.
Each route is protected with a middleware that specifies the needed permissions. If a user accesses this route, check that they have the necessary permissions and continue, reject if not.
I'm new in sails and I have a PostgreSQL database. I want to implement a user management. I have some users, each user can be assigned to multiple groups, each group can be assigned to multiple roles and each role can have some permissions! I checked document of sails permissions but I didn't get it well. for example, I want some groups not to be able to add or edit users or I want some roles not to be able to see user management menu. what should I do?
I may be a little late to post answer here, But there is a way available for access control in sails.
Sails has built-in policy based access control system.
Policy
Policies in Sails are designed for controlling binary ("yes or no") access to particular actions. They work great for checking whether a user is logged in or for other simple "yes or no" checks, like whether the logged in user is a "super admin".
But for Dynamic permissions,
Helpers
Link for documentation of helper, access-control-and-permissions
For more complex permission schemes, like those in which a requesting user agent's access rights depend on both who they are and what they're trying to do, you'll want to involve the database. While you can use policies to accomplish this, it's usually more straightforward and maintainable to use a helper.
One can find example here,
Using helper for access control and permission
So you can use postgreSQL for storing roles and their respective permissions and retrive user role and check permission on need in policy/helper.
Sails.js has no ACL managment
You have to use 3rd party middleware like roles or role-acl
Sounds like what's most important is the association of the user to the permission (or role). So you could consider making models for each tier (user, role, group) or you can make a model for each kind of group and/or role (though that sounds like it could get out of hand) and then have the models associated with eachother. Then in the view action you can set what the permissions are (aka what groups or roles are allowed to see that page). Also in the markup you can set who is allowed to even see a button.
For example:
isSales could be a boolean on your group or roles model for a user that is in sales and they are allowed to see the edit button to change the price of something. So in your markup you have:
<div v-if="user.isSales">
<button> Edit price </button>
</div>
I need to give permissions to edit/create/destroy pages in a node to a group of users.
I've created a group and added a test user to that group.
I can't seem to give permission to the Pages application so see if i can see the node.
I also added game this role permissions at the node level too.
Ideally this editor role would be able to create new sub pages, which also means being able to upload media.
Your new user must have editor privilege level (you can edit user in Users application). If you want to provide ability to see content in Pages app you have to grant the user with Browse tree and Read permission (content module). To satisfy your scenario you need to grand user with Modify and Create permissions, too (maybe Design?).
Just FYI: The approach provided by Brenden (cloning the role) is very handy but there a is chance you grant the user with permission you don`t want to provide (inappropriate permissions for original role).
I've found the most efficient method is review the out of the box roles provided by Kentico and clone the one which fits closest to your needs. Then modify your cloned role to add/remove abilities and permissions.
If you're unsure of what each role can and cannot do, create a new test user with one of the roles assigned to them and log in as them. Do the same for all the roles you want to test until you find the one closest to what you're looking for.
Is there a quick way to mark a custom entity as readable by all users via a Customizations.xml entry?
I have been successful in creating the custom entity I need, but cannot seem to make it readable by newly created users without creating a security role (with read permissions for the entity) and applying it to ALL users.
Is there a way I can ensure that everyone (even newly created users) have read access to a custom entity?
Sorry the question, but why do you need an Entity for each user that is readable by everyone?
I mean is not the same to create a record in one entity and filter it with custom views if you want to?
Users need at least one role to be able to log in, so I'd suggest to create one common role that is assigned to everyone. Then you can grant permission to read your entity in this common role.
This approach might help you also in future, when you'll have to allow access to other entities for everyone.
I want to have user rights split into two. Some of the policies at the client's side mention that we should have a seperate user who has only the rights to add users and nothing else, and the Site Administrator should not be able to add users.
As of now, the Site Admin is used to Add users and to manage other configuration. Can we remove the User Addition role from Site Admin?
Is there a way to create a new User Role by writing some code?
I don't think it is possible to remove any permissions from the site administrator. You could do something wild like add security code to your master page, however. That could detect the current user and the current page, and throw an error if the site administrator were in the wrong place.
You can create a custom permission level, provided your permission sets summarise to one of the options offered by the SPBasePermissions enumeration. Unfortunately there is no specific 'add user' permission, only ManagePermissions. For reference anyway, here's a basic code sample.
I think the best approach is that given by strongopinions where a piece of code runs to check who the user is if they visit the Add User page.