Lists.GetListItems form the Lists Web Service returns a ows_PermMask
attribute (16 character hexadecimal) for each list item.
Anyone know how this attribute maps to the user's permissions or where the
meaning of this attribute is documented?
This site should offer you a little more detail:
http://mdasblog.wordpress.com/2009/02/03/permmask-in-sharepoint-dvwps/
It is just a built in field containing the permissions required:
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spbuiltinfieldid.permmask.aspx
This link also provides some good detail on PermMask:
http://social.technet.microsoft.com/Forums/sharepoint/en-US/c16aa8e4-672b-4241-a88c-6a421000e00f/setting-itemlevel-permissions-through-sharepoints-builtin-webservices?forum=sharepointdevelopmentlegacy
From the comments in that post:
"Using the PermissionMask is only for the current user... which is likely an admin user anyway which will have the permission PermMask="0x7fffffffffffffff"... this is useless for most use cases of finding what users and groups have access to the item / document."
The PermMask is very interesting stuff in SharePoint. The value of PermMask is hexadecimal. It is 16 digit (e.g 0x0000XXXXXXXX0000).
The minimum value is 0x0000000000000000 for no permission and maximum value is 0x7FFFFFFFFFFFFFFF for full permission (Basically site collection administrator).
[Bit Level Reservation of PermMask][1]
The list and document permissions (0x000000000000XXXX) are specified as follows.
ViewListItems 0x0000000000000001
AddListItems 0x0000000000000002
EditListItems 0x0000000000000004
DeleteListItems 0x0000000000000008
ApproveItems 0x0000000000000010
OpenItems 0x0000000000000020
ViewVersions 0x0000000000000040
DeleteVersions 0x0000000000000080
CancelCheckout 0x0000000000000100
ManagePersonalViews 0x0000000000000200
ManageLists 0x0000000000000800
ViewFormPages 0x0000000000001000
The list item permissions (0x000000000000000X) are specified as follows.
[PermMask ListItemPermissions for edit item][2]
Related
I have a GraphQL API that is governed by a permission system that I implemented.
I tried going with Graphql-shield but I didn't want to error out on the whole request if the client requests a forbidden field, so instead I implemented my own permission system.
Now, I need to solve a problem:
The way I implemented the permission system means that every field is checked if it is permitted and if it is not then null is returned. However, I would like to return some indication that the field was not actually null but that the field was "not permitted".
I thought about doing it in two ways:
During each check I append to some query-wide variable all fields that are not accessible and return it along with the query (probably in some middleware of some sort)
I extend all of the objects in my schema with a "permitted" field in which I return the value of the permission
Any suggestions ?
IMHO not worth the effort ... api faq or docs (available in graphiql/playground) can contain notice about 'unexpected null', ACL resons etc. It's enough for majority of use cases.
If you still want to include some [debug] info in response extensions are for that, f.e. https://github.com/apollographql/apollo-tracing , - in this case:
just attach a list of 'field access denied' [structured] notices;
collect them (in/from resolver) in some context object, attach in middleware (?), before overal response return;
Make it configurable (debug mode), too.
Within MediaWiki 1.31.8, I need to restrict access to pages in a namespace so only members of a group would be able to use/view it.
The wiki has over 500 pages that begin with "MARKETING:"
I have created a namespace by adding this to LocalSettings.php:
"$wgExtraNamespaces =
array (104 => "MARKETING",
105 => "MARKETING_Talk");
I then installed Lockdown and added this line to LocalSettings.php:
$wgNamespacePermissionLockdown[MARKETING]['*'] = ['marketing'];
(I've seen some users have "marketing" as their group in the wiki "ListUsers" webpage)
I then went to test it in incognito (to avoid cookies error) with a dummy user that has no groups with the expectation that he won't have any privileges but it just didn't work. I've noticed that I can enter gibberish into the code above and it doesn't change anything or even throw logs. Would really appreciate the help, thanks ahead.
EDIT: SOLVED. Turns out since the marketing namespace is set with an array, I have had to use the syntax for an array:
$wgNamespacePermissionLockdown = array_fill( 104, 105, [ '*' => [ 'marketinhRW' ] ] );
You are confusing namespace names, IDs and constants. 104 is the namespace ID, MARKETING is the namespace name. Almost everything takes a namespace ID (not name) as key, $wgNamespacePermissionLockdown included.
Conventionally, you'd define a human-readable constant for the namespace ID, by putting define( 'NS_MARKETING', 104 ) somewhere in your configuration, and then write $wgNamespacePermissionLockdown[NS_MARKETING]['*'] = ['marketing']; which will index by ID. If you instead write $wgNamespacePermissionLockdown[MARKETING], since there is no MARKETING constant, PHP will assume you meant to write 'MARKETING', and treat it as a string, so there will be no permissions defined for the namespace ID.
i want to transfer a call from first executive to second executive when customer call to first executive by mistake? How first executive can map customer to second executive by pressing a key by using asterisk technology?
Default transfer is *2. For exact code check features.conf
You also have dialplan Transfer application you can map on any other extension.
You have Transfer ami command usable via asterisk managment interface(AMI)
The question is a bit vague, but since you put freepbx on the tags, I suppose you are using freepbx generated dialplan.
If I understand well, when a certain inbound context calls executive1 you want
1) them to be automagically redirected on executive2 before executive1 answers
or
2) executive1 answers, realizes that call is wrong and blind-transfers call to executive2 pressing a single button (= DTMF).
CASE 1 - Automatic redirection
Edit your /etc/asterisk/extension_custom.conf
[your inbound context]
exten => <executive 1 number>,Goto(your inbound context, executive2 number, 1)
You can find the name of your inbound context in the freepbx automatic generated dialplan, or in the freepbx GUI
CASE2 - In call transfer
Refer to this post to define a new feature code for in-call transfer. Unfortunately your feature code will be likely some #digit
Associate the application
Goto(your inbound context, executive2 number, 1)
to the feature code
Hope this will help.
How to get the current id that had been used when editing and viewing a record?
I am currently following the instruction by Alfonso Secas that he posted in this topic..
http://www.grocerycrud.com/forums/topic/1326-how-to-use-grocery-crud-and-image-crud-together/page-2
And now on the part where he said "When editing a record, get the current ID from $this->getStateInfo(); to compose the iframe's source url."
It seems like getStateInfo doesn't exist yet so it shows an error "Fatal error: Call to undefined method Examples::getStateInfo() "
http://www.grocerycrud.com/documentation/options_functions/getState
this will do what u want . give it a try
u need to use the CRUD object to call this function instead of $this ..
You have some options:
Primary key
getStateInfo()->get_primary_key
Last uri segment
end($this->uri->segments)
Does not work in list action.
As a workaround you can use one of CodeIgniter's methods to get id from page url
https://www.codeigniter.com/userguide3/libraries/uri.html
You need to take last segment from URI
$segmentsCount = $this->uri->total_segments();
$itemID = intval($this->uri->segment($segmentsCount));
p.s. it is not best solution but it can do the trick
I am seeking examples of how others have modified LDAP schemas to support Cardspace and/or OpenID. Links to LDIFs or other documentation is greatly appreciated.
Without having done a LDAP-InfoCard-OpenID-integration I don't think that modifying the LDAP schema to incorporate the required information is that difficult.
For OpenID you have to store the OpenID and for identifiying InfoCard-authorized users you have to store the private personal identifier (PPID) of the respective InfoCard in your LDAP user object.
As an OpenID is merely a URI the LDAP attribute can be of the same type as for example labeledURI (Directory String (1.3.6.1.4.1.1466.115.121.1.15), caseExactMatch (2.5.13.5)).
The InfoCard private personal identifier (PPID) is a base64-encoded byte array (the length is undefined so you should require an appropriate maximum length; just a guess, but I think 48 characters will be enough as the PPID is a SHA256 hash with 32 bytes and base64-encoding will require about 1.3 times the storage space), so you could go with an IA5 String.