I am getting an error "Disk i/o is a restricted operation" when attaching a file and saving a xpage document using Internet Explorer.
Environment:
An xpage with richtext field and an upload control which is binded to the same richtext field (for saving attachments).
Thanks
Add the XPage signer to the field on the server document that identifies users who are allowed to run restricted operations. This field impacts permissions for both agents and XPages. So anything that would be considered a restricted operation in an agent will also be considered a restricted operation in an XPage, and the signer must be granted sufficient rights.
Related
I am an admin for MS CRM 2011 and I have this demand that certain users - although they have READ access to an entity - should NOT have access to any of this entity's forms.
Meaning, they should only view the records via sub grids, on related records.
Is there a way to have such control over user view?
You could make all the tabs on the form invisible unless the user had certain roles(s) through JavaScript.
This seems like a very strange request. Any chance you could elaborate?
Put these users in a role. Create a new form for each entity and assign that form to that role. Make sure these users do not have access to the other forms by role. Don't put any fields on this new form and maybe even add a javascript pop-up error message and some code that closes the form immediately.
This way your other forms aren't slowed down by a javascript request that always checks role membership plus everything is contained in that special form instead of spread through your other "real" forms.
if this entity just hold relationships like a N:N entity would do, you can also make sure that the relationship (reference to it) is not shown on the navigation area of the related entity forms. This way its there but no one can 'use' it.
I m working with xpages for following scenario.
I have one agent that will update the value to one of the field of datasource from notesview. sometimes, while one user is opening the datasource via xpage and other user run the agent in the same time. at that time, agent can run and update the field of datasource. but from the xpages side, we can catch the exception for the document is modified by other user and cannot save the xpages.
i would like to prevent this from agent side. i would like to know whether there is a way to know that document is opened by one of the user from agent side, so that agent wont update the value to that datasource.
thank for your help.
First of all: mixing agent and XPages is more trouble than it is worth, you are better off converting your agent code into a Java class (and pay the technical debt accumulated over time in the agent).
One BIG reason: an agent and XPages do not share anything other than the document in memory (if handed over) on that one user's session.
If you launch the agent from an XPage: you can use an ApplicationScope variable (e.g. a java.util.HashMap) that you fill with the unid and username when a user opens a document. Before you launch that agent, you check the scope if the unid is inside with a different username. If yes, don't run the agent.
You need to build a mechanism to expire and renew these locks otherwise you end up with dead lock entries.
If the agent is launched directly or on schedule things get a little more complicated. You could implement a web service servlet that handles the locks since both XPages and agents can talk to a web service.
Currently I develop a database for another employee at my company. I have Manager Rights at the database to access everything. The administrator of the database should only be able to create/edit/delete documents. He currently got Editor-Access with selected "delete documents"-option. When he wants to delete a document on the database (i tried it with Simple Actions or with Javascript Code-both don't work) he gets redirected to the same page and nothing happens or with Simple Actions the Server-Login page shows up with the message "You don't have the permission to perform this action".
When im testing the functions with my manager access everything works fine. But when i'm changing my rank to Editor like the normal administrator of the database i also can't delete any documents. Like i already said the option in the ACL is activated.
I hope you can understand my problem and there is a solution for it. Normally that access right works fine on every other database at our company.
Another point: There are no Reader or Editor fields in the Documents. So there is no restriction with fields. Could this be the problem?
Check to see if there is some code in the QueryDocumentDelete event for the database. Perhaps that is failing and / or preventing you from deleting.
Given that you mention redirecting and server login, I presume it's a web enabled database?
In which case have you tried looking at the ACL (Access Control List) for the problem database and clicking the Advanced tab.
In there is a field Maximum Internet name and password, this is the maximum access allowed for internet users. If it's not editor, this could be the problem?
Try deleting with ?DeleteDocument URL. That way it will for sure not try to do anything else.
Check the user's access level at server with Database.getCurrentAccessLevel() and Database.queryAccessPrivileges(String name)
After the great suggestions of you all the problem was the checkbox "Allow document locking" at the database properties was enabled. That caused the problems at deleting documents. As Manager is have enough rights to go over that but for the normal Administrator with Editor Access the deletion request got blocked by the little option.
Thanks to everyone!
I'm currently implementing the OpenNTF Multiple File Uploader by Mark Leusink.
This very nice custom control uses an xAgent to embed the selected file attachment into the target Notes document. Everything was working fine until I added Authors and Readers fields to the Notes documents. Now I'm getting a security error (402) when uploading the file.
My thought is the Upload xAgent can't edit the target document to attach the file. If I remove the security fields, everything works again.
My question is, do xAgents run with the same security as the current user? If not, can I set a "run as" user for the xAgent like I can for a Lotus Script agent?
I'd suggest that you look at the xAgent's code and rewrite it to use sessionAsSigner to access the database/document to upload the file. This will cause it to run as the signer of the application and bypass the security issues that your running into.
Both Tom's and Declan's answers are correct, but this doesn't count for the file uploader.
It uses a Flash component to do the actual uploading (called SWFUpload). Since browser cookies aren't shared with Flash, it can't send along the user's session cookie with the file and therefore to the Domino server the user performing the upload is nog logged in (aka Anonymous). That's why the uploader requires anonymous users to be allowed to read/write public documents in the ACL and the XPage/ XAgent handling the uploaded files (aUpload.xsp) is set to allow "public access users". It uses the sessionAsSigner object to access the database's content
Normally, the above settings would allow everyone to anonymously upload files. That's why I implemented a custom authentication solution based on an idea by Mark Barton: before every file is uploaded, a request is made to an XPage to retrieve a unique key. That XPage (aGetAuth.xsp) does run under the user's credentials and stores the key in a document in the database. This key is send along with the uploaded file and compared with the stored key. The upload is only allowed if the keys match.
First thing I'd check in your case if the code in the aUpload.xsp XAgent can read and write the target document using the sessionAsSigner call.
Mark, Declan, and Tim, thanks for jumping in.
I modified the xAgent **aGetAuth.xsp** to use sessionAsSigner to get the current database. At first I got the error "sessionAsSigner not found".
Google showed a quick answer was to re-sign the template before testing. After re-signing the template, twice, and preforming a "clean" everything works brilliantly.
I am storing Infopath forms in a Sharepoint Document Library.
Because these forms are completed in a disconnected environment, the document library is used for storing the submitted forms (and other related documents). A web application also updates the Infopath documents.
The Infopath Template associated with the forms is installed on user's PCs as an msi.
I've noticed that if a user has one of the forms open from the document library (but not checked out),using the Copy web service to update the document returns a "DestinationCheckedOut" error. My question is, is there anything I can use to query Sharepoint to determine if a user has the file opened. I've used Lists web service and CheckoutUser but this only worked if document is checked out (not just open). I've also tried setting "Version Settings" to "Require documents to be checked out when edited" but doing so returns the error "Infopath cannot open the following file:.....The file is not a valid XML File" when the form by opened by a user.
I am going to handle the "DestinationCheckedOut" exception but wanted to have my code check for this scenario first before the update process is attempted.
Any help would be appreciated.
I don't know if there is any Web service that return the information you are looking for.
The server side object model calls are SPFile.CheckOutStatus and SPFile.CheckOutType ( http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spfile_properties.aspx ). There are 2 types of "checked out" one when document is simply opened for editing and the other when it is explicitly checked out - you hitting the first one.