Whats the difference between themeDisplay.getUser().getGroupId() and themeDisplay.getScopeGroupId()?
If I retrieve Layouts (pages) from it, would they have any different URL pattern like, /web-or-user/<user>/* or /web-or-user-or-group/<group>/*?
I mean am I right to say that every user has his own group or something?
As I understand it so far, it seems like User Foo has group UserFoo and group GroupFoo so you can retrieve pages personal to Foo or group of Foo ... Am I in the good way?
Every authenticated user can have their own private and public pages which would be the getUser().getGroupId().
Then there is also the Community that a user is currently viewing which is the Scope Group ID.
So yes you're right! :)
Using a group Id you can get the public or private pages of the user. while a scopeGroupId is related to the permission of your portlet(refer chapter security and permission in (http://www.liferay.com/documentation/liferay-portal/6.1/development/-/ai/security-and-permissio-4)
Related
I'm currently facing to a dn based search problem.
I work on a client LDAP so I can't modify the structure and I have a readOnly full access.
In this LDAP the users a grouped by permission.
Let's imagine 4 permissions with follow uid :
uid=APP1#Admin#feature,ou=permission,ou=client,ou=fr
uid=APP1#User#other feature,ou=permission,ou=client,ou=fr
uid=APP2#Admin,ou=permission,ou=client,ou=fr
uid=APP3#Admin,ou=permission,ou=client,ou=fr
APP1, APP2 and APP3 are three diferents applications
Now imagine 3 users :
First
uid=jdoe,ou=user,ou=client,ou=fr
dnPermission=uid=APP2#Admin,ou=permission,ou=client,ou=fr
dnPermission=uid=APP1#User#other feature,ou=permission,ou=client,ou=fr
dnPermission=uid=APP3#Admin,ou=permission,ou=client,ou=fr
Second
uid=jdupont,ou=user,ou=client,ou=fr
dnPermission=uid=APP1#Admin#feature,ou=permission,ou=client,ou=fr
dnPermission=uid=APP2#Admin,ou=permission,ou=client,ou=fr
Third
uid=mhari,ou=user,ou=client,ou=fr
dnPermission=uid=APP2#Admin#feature,ou=permission,ou=client,ou=fr
dnPermission=uid=APP3#Admin,ou=permission,ou=client,ou=fr
Each application can have many permissions and the list of permission is not stable in the time.
My aim is to get all user having permission on APP1 with a single query.
I can't get all users and filter after because the LDAP has 24K+ users and my application concern only 75 users.
My first idea was to handle dn like string and user follow query :
(&(objectclass=people)(dnPermission=uid=APP1*))
or
(&(objectclass=people)(dnPermission=APP1*))
but both return me 0 results.
Is possible ?
How ?
NB1 : people is a subclass of standard Person class with no technical account
NB2 : dnPermission is a DN link, not a full text attribute.
My guess is that there is no such things as an objectClass 'People'.
The standard object class for people in LDAP is 'Person' and its subclasses 'organizationalPerson' and 'inetOrgPerson'
I'm adding security around some buttons in an app I built long ago. The way I implemented this security feature is that I created a a role in the database's ACL. I do a check in the button's hide-when formula and expose the button if the role is there. That role is assigned to a security group in the Domino Directory. That security group contains a collection of other groups. These 2ndary groups contain people's names. Those names are retrieved from a Postgres database -- I have a LotusScript agent that pulls the names from that database. The problem I'm seeing is that even tho a name is in the 2ndary group, Notes doesn't recognize it. Here's an example. This user are in these groups:
however, he should also be in all of these:
How can I debug where the problem is?
thanks
clem
I think the problem is that for one group in particular, there are 2 copies of the group document. I didn't see that b/c in the main group view it doesn't show up. But when I was in the process of assigning a child group to a parent group, I can see the duplicate listed. I suspect this is the source of the problem. Will confirm.
thanks
clem
Make sure the members of the 2ndary groups contain names in fully qualified format that matches the first entry of their FullName in the person document. EG "John Smith" should be "CN=John Smith/O=LabWare" or something like that.
You can see what groups and roles the system recognizes a user in by double clicking on the security icon on the status bar in the Notes Client (bottom 3rd from the right) after you have opened the database.
I know that a list permission can be changed. But it there a way to completely omit a user to see a list. Example - USer A can see Event List but User B cannot see it. Can this be done? Your suggestions will be helpful. Thanks,
If the list has unique permissions (i.e. not set to inherit from it's parent) then the permissions can be configured to only allow groups which do not include User B.
One this is done, User B will not even see the list - they will be unaware that it exists.
If User A forwards User B a direct link to the list, User B will be instead be redirected to the AccessDenied.aspx page.
I am developing an application under Groovy using scafoldig.
We are using the Acegi plugin for security.
We have a class called ChangeManagement defined as follows (simplified version)
class ChangeManagement {
static constraints = {
company(nullable:false)
lastModifiedByUser(nullable:false)
}
Company company
static belongsToCompany = [company:Company]
User lastModifiedByUser
static belongsToUser = [lastModifiedByUser:User]
}
When I address the create method I will get a pull-down menu
with the label "Last Modified By" with all the users from the table Users,
which is the standard behaviour.
Instead of this I would like to have directly the user who is already logged in and
no pull down menu. I've already generate the create template and I can modify it.
I am assuming that I have to get the username from the session.
If my assumption is true, how to get this username? and if I am wrong then from where can I get the username of the current user?
Thanks in advance.
See this question for details on how to get the current username.
I'd also suggest looking into Grails Filters for one way to easily stuff the user into the model after all controller calls and make it available in the view. I use this on my app to put the name of the logged in user in the upper right hand corner of the screen.
As MSDN states, then WriteSecurity has 1 of 3 states possible:
1 — All users can modify all items.
2 — Users can modify only items that
they create.
4 — Users cannot modify any list
item.
But if I want behavour nr. 2 plus users can modify items that are assigned to them? Well if I grant a user full permissions (put in owners group) for list, then those can edit any item (not good). So why wouldn't it work by setting item level permission "full control" just for AssignedTo user (good)? I did, but that didn't help - access denied.
I want exactly the functionality as stated in question "Automatically set list item permission, after new item is created", quoting:
Every users (Supervisor and team members) can see any tasks.
Supervisors can edit any tasks
Team members can only edit their own tasks (tasks that were assigned to them, or created by them)
but although answer has been accepted, the solution does not provide a way for users to edit items assigned to them or items created by user.
Help is appreciated, thank You!
Your only way to do this is using Item-Based Permissions. E.g. have a Workflow or Event Handler change the permission on each file/object based on your requirements.
The solution you quote from the other task is simply setting 2 for SPList.WriteSecurity which still doesn't give users the possibility to edit something they have not created, but were assigned to - in this case you will need to give these users permission, e.g. by listening on the "Assigned To" field with an Event Handler (OnItemUpdated) and give the respective person the needed permission.
Furthermore the solution talks about just setting higher permissions for the users who should always be able to edit items (managers), which is a solution, but you do not have the granularity you usually want in situations like these.