I am using the autoassignrole module to assign ROLE#1 to anyone registering on my site.
Once signed in, users with ROLE#1 permissions can create users of their own for which I am using the uCreate module.
I have it setup so that when creating users via the uCreate module, the new user can be assigned ROLE#2 or ROLE#3 permissions.
The problem is at this point. The new user also inherits the ROLE#1 from the autoassignrole module.
So, I put together a custom module and implemented hook_user and the plan is to detect when a user is being registered and programmatically stop the autoassignrole user_hook ... how do I do that?
There are 2 potential solutions that I see at a high level:
If uCreate has a custom form to create users, you can alter that form to also include a on-submission database query that removes the role from the user being created
You can check if adding a condition to the autoassignrole module is possible-to attempt to disable autoassignment if the user's creation comes from an administration/uCreate add user URL
Related
Can we disable exporting data from the user interface actions in Kentico Managing form data?
Regards,
SA
Try setting the ShowObjectMenu property of the UniGrid to false. Detailed documentation available here.
The UniGrid definition should be the one found in this file (can't verify it as I currently don't have access to a Kentico instance): CMSModules\BizForms\Controls\BizFormEditData.ascx
Not all objects, pages, etc have the permissions available/coded to allow this restriction that I'm aware of within the user interface. Take a look at the post I wrote on restricting download/export of anything out of Kentico.
Short story is you set the permissions at the IIS level on /CMS/CMSSiteUtils/Export directory to not allow the user running IIS app pool to access that directory. This directory is where all exports, no matter what, get sent to.
I'm trying to implement permission levels in SharePoint hosted app. I've created a custom list "Permissions" where I'm adding different users with their roles.
I have created a page List.aspx where I'm showing my custom list "Products" as a list view web part. Page List.aspx checks the user's role against "Permissions" list, and page can show or hide content in regards to this role. The problem is, when user tries to navigate to "Lists/Products/Allitems.aspx" or "Lists/Permissions/Allitems.aspx" he can see the list items.
All code check is done in JavaScript and I know there is a security risk, but this will work for my users. I just need to find a way to inject custom JavaScript code to Allitems.aspx, and to check if user has permissions to see it or not.
Everything here is done on App web and there's nothing that I use on host web.
I've found a workaround for this. Basically what I did is that I just hide the list view from direct access. To achieve this, open the Schema.xml of the list and replace "JSLink":
from
<JSLink>clienttemplates.js</JSLink>
to
<JSLink>~site/Scripts/OverrideListView.js</JSLink>
Now, create a new file Scripts/OverrideListView.js and add following code to it:
document.write("<style>body {display:none; };</style>");
Try now to access Lists/Permissions/Allitems.aspx directly. You will get a blank page.
This is basically idea how to insert custom JS code into list view. You could add additional code for checking current user's permissions on site level and in regards to it to unhide this view, or even to redirect him to the homepage if he does not have right role or permissions.
This is basically two question? First i was wonder how to change the page liferay redirects when a user tries to access a page that has Power User view permissions. Liferay by default points to localhost:web/guest/home where they have their login page. On my application i have a different login in page and i want to redirect to the following page. I was browsing the web and found out that by setting auth.login.site.url=/whereiwontittopoint should actualy redirect me there. However it does not. I'm using Liferay 6.0.6 Community Editions. Has anyone done this? Is this the right way or this need to be done with a hook?
My other question is the following. I want to have a custom role on some pages. And i want when a user does not have that specfic role to be redirect to a totaly different page not the default login. I'm fairly sure this can be done by using the hook on some service but for some reason i can not identify this service.
EDIT
Ok for the first question i solved the issues. For the second question the answers i got here were not what i was looking for probably because i didn't post the question correctly. This is a full scenario of what i have done and what i need to do:
First of all i changed the /web/guest path that's on every liferay page to web/somthing/ this might not play a crucial role but the problems(some of the problems) started when that happend. THe over all idea is the following. I'm using spring mvc to create the application. I have created a backend to my application from where the admin can create pages for other users to see(This is not done by going to the control panel of liferay and adding a page but through the logic of the application). Once a page is created depending on some logic i create a role for that certain page(customer role also through code not the liferay admin). Some of the users are given this role if the satisfy some criteria and some are not. Here my problem arises, once a user that is loged in to my application tries to access a page (by inputting a direct URL in the browser to the page) that requres the view permision of the role i create for that page and the user does not have the appropriate role he gets redirect to lets say localhost/web/(username)/home a personal page and for some reason on that page by default from liferay he is able to view personal data(user name) of all other users of the application. My question is how through code to handle the redirection that happens of the above scenario.
I have tried on one attempt to actualy hook the servlet.service.events.pre action and before the user access that page to check if he has the appropriate permisions and actualy change his request. So far i have some issues but i can resolve them but this approach is not what i not rly what i am looking for because this action is executed before every single request on the application( and the page handling is just small part of that application) which means i will have a lot of code executing for no reason. I was wondering if there are any ways to add where the exception will redirect when i create the role? If not what action should i hook that will help me solve this scenario but with out the unneeded extrea trafic that i am creating with hooking servlet.service.events.pre action?
For the second stuff a bit hacky way could be as follows
1) Define set of roles against which you want to check in portal-ext.properties. You can add some property like my.super.secret.roles=rolename1,rolename2
2) Add a property for a redirect page url in portal-ext.properties so that you can redirect user there.
3)Add a custom attribute for Layout named checkForSecretRoles which has to be boolean and visible on Page. This will show you a checkbox in Manage page for each page, so that an admin can easily check or uncheck the value
4)Add a condition in your theme (portal_normal.vm) to check if the page has a check for secret role and then check the users role falls in any of the roles defined in portal-ext.properties. If yes then issue a redirect to the page specified by your custom redirect page url property
For your first question, it should work -
auth.forward.last.paths=/sign-in
sign-in would be your page name
The answer for your second question is, you have to create a Hook extending Action and made the below entry in your portal-ext.properties.
login.events.post=com.liferay.portal.events.LoginPostAction,com.liferay.portal.events.CustomLandingPageAction
There is a lot of information you can found on forum about how to use this property.
for 1. set default.landing.page.path=/whereiwontittopoint in portal.properties, see Liferay Login page redirect
for 2. create a hook, set servlet.service.events.post=com.my.action.MyAction and impliment this action, at this point you can redirect user to another page.
using php if that matters.
If you create a website that has users and groups. Where do you put this in the web application? Do you just put a function at the top of every page (pseudo):
if someone is in a group then they can see this page
or
if someone is in this group they can see this button
That sure seems wrong. I wouldn't want to edit the web app code just to change who can see what group-wise. I'm not sure what I should do or how to implement something like this.
Thanks.
In MySQL, I always create these 4 tables: users, user_groups, permissions and user_groups_permissions which are linked using Foreign Keys.
So, user A can be in a user group B, which this user group permissions are in user_groups_permissions.
Now, I just do a INNER JOIN on this 4 tables (or better, three: users, user_groups_permissions and permissions), the results are permissions that user have. all we need is selecting permissions.key by INNER JOIN.
Now, before processing request, I need to check that Client::has_permissin('send_post') returns true or not. And better, also on top of each user-group-related function.
Note: Client is a class that loads all user permissions just one time, before processing request, and then uses that permissions for whole request-life-time, without needing to access to database several times in that request. Use static methods and $permissions property for this class so you never need to send it's object over your applications classes/methods/functions :)
You can have a utility function which takes user id and group code and return true or false.
You can use that utility function as pseudo at the top of each page and the same function also be used to hide or show sections in your page.
If your web application is in MVC, embed user authorization logic in your controller.
I have a project where I need to add users to a SharePoint portal, but when I add them, I also need to set addition parameters inside a separate database.
I want to add a custom administration screen where the administration can set these values when they add the user rather than forcing them to first add the user then go to a separate interface page where they set the values.
Does anyone know of any good articles that will explain how to accomplish this?
Thanks.
It would be easier to create a custom asp.net form that would get all the information required about the user.
the submit could then add the information to the database that is needed and use the object model to add the users.
SPRoleAssignment MyRoleAssign = new SPRoleAssignment(”domain/alias”, “email address”, “User Name”, “Description”);
SPRoleDefinition MyRoleDef = newSubWeb.RoleDefinitions["Contribute"];
MyRoleAssign.RoleDefinitionBindings.Add(MyRoleDef);
site.RoleAssignments.Add(MyRoleAssign);
Code from farhanfaiz.wordpress.com here
Otherwise the SharePoint webservices may do.
Examples here