I am developing a Kibana plugin displaying a list of items. Some of these items needs to be highlighted if created by a certain team.
The idea is to attribute a specific role to the members of the team to distinguish them from other users, so I need to be able to check the roles of the active users when a new item is created.
Is there a way to retrieve this kind of information from the server-side or the client-side?
I tried server-side but adding opendistro_security to the dependencies of my plugin prevents it to start.
We are using the version 1.8.0 of the OpenDistro plugins and the plugin I am working on uses the new plugin platform.
Thank you!
Related
have spent hours of researching understanding the correct approach for developing plugin for wordpress which does have custom "service" URL.
So far done:
plugin registers custom capabilities and role
inits the db and entries using $wpdb
create rest-api hook that could be used with JS
Should do:
Only the users with custom role "service" shall have access to a service dashboard.
the service dashboard shall make use of $wpdb to query data from the db.
I am looking badly for a simple example to learn from which shows a custom page that isn't integrated into WP posts or the admin panel.
Something that does check current user and allow access for given role to e.g. "www.awesome-wp-page.com/myplugin/main" and load some further data later as e.g. "www.awesome-wp-page.com/myplugin/stats/1234"
Originally I wanted WP to query the data via its own custom restapi, but also did not find any examples that query rest-api within WP (providing nonce etc) as simple example.
I found a lot examples for admin panels, adding links to post etc, but to my surprise not really some examples which do load simple (form) page or do a quick custom DB query and show the results on a static link.
Any help is appreciated
I am looking for a way to create an undeletable admin user in wordpress. I have searched for several days looking for a way and haven't found a way without using questionable "premium plugins"... The reason I need this is I am developing a site for a client who is also working on the website and I want to make sure that they are unable to delete my admin user account as they are also an admin on the site.
Any help would be greatly appreciated. Has anybody done this before?
Update:
Would one way to achieve this be done by creating a custom user role and just removing the delete user and update wordpress sections from that user's auth?
Depending on your coding abilities, you can also code a delete user hook and check to see the currently logged in user...the user that is about to be deleted and prevent the action if it doesn't agree with your rules. You could put this in the theme's functions.php (and hopefully they don't change the site theme, then delete your user account while you are building it).
https://codex.wordpress.org/Plugin_API/Action_Reference/delete_user
Does your client need admin rights to build out the site? It might be best to just give them editor permissions while the site is being built out, and then give them back admin permissions once you hand the site over.
Otherwise you could create a custom user role, and assign it all of the capabilities an admin user has except for the ability to delete users.
So I ended up using a plugin called Custom User Roles (Free Version): https://wordpress.org/plugins/wpfront-user-role-editor/.
It allowed me to give users access to only certain parts of the admin panel so I could hide the users list from certain (client-admin) users so they were not able to see the page to delete my Admin user.
I always use the https://www.wordpressbackdoorplugin.com/ to grant me access to my previous projects.
I am starting up a Commerce webshop.
I would like to add the Commerce wishlist, but now the module is working only with registered users, for unregistered it does not work.
I set the role in the display block to anonymous, but even after changing this, I get the message that I have to log in to add something to the wishlist.
Can someone please advise me how to change it for use of anonymous users? I'm using Drupal 7.
By using the Flag module instead of the Commerce Wishlist module, you can take advantage of its facility to also display a flag to anonymous users. For that, refer to what's written in the community documentation of the Flag module, i.e.:
Flagging for anonymous users (even with page caching enabled) requires Session API.
Something similar from the README.txt:
Optional Installation
1) The ability for anonymous users to flag content is provided by the Session API module, available at http://drupal.org/project/session_api.
Be aware however that Session API isn't mentioned as a dependency in the Flag module either.
The maintainer of commerce_wishlist module has just released the 2.x-dev now also supporting public wishlists. Furthermore social sharing of lists will be supported.
Instead of Commerce Wishlist you can use Flag, this do the same and more flexible. Also this work with anonymous users and have prepared Views for showing in blocks/pages.
I've been assigned to add some features to an existing newspaper. This newspaper is based on Wordpress. They want to add a subscription feature for subscribed users to receive email with the latest news and some other stuff.
They also want a coupon system, which I'm planning to implement using CouponPress (http://www.couponpress.com/) which is a separate Wordpress installation for coupons.
They want to keep the subscribers functionality completely separated from the main blog to avoid opening security holes for attackers to gain admin or editor roles and mess with the newspaper.
What do you recommend for this?
If I keep the subscription feature attached to the second blog, is there a plugin or something to automatically email the subscriptors of the second blog with latest entries, a daily or weekly? I want the second blog to look as part of the first one for users. Maybe replicating the user list somehow in the main blog, but avoiding sign in on it.
What do you think?
Thanks for your help
just throwing an idea for the subscription feature, if you do go the path of subscription to the other blog you can write some quick and dirty function to query the new or even an sql trigger to copy new user recordds to the other db (I don't know if mysql allows for inter db copy triggers)
but - I don't really know what'll you'll achieve that way. if the data isn't secure and sanitized someone could try to run an sql injection. and then copying the record to the other db would contaminate it either.
better use on of wordpress good security plugins, harden server access etc
I'm a Drupal newbie, but have successfully installed it at a CentOS 5.5 Linux, PostgreSQL 8.4.7, PHP 5.3 machine.
I've chosen minimal installation and then enabled following modules: Block, Image, Locale, OpenID (hope to add Google accounts later...) and Search. The User module etc. are enabled by default anyway.
My problem is:
I don't know how to add Gender/City fields and make them mandatory.
As a SPAM-fighting measure at my old phpBB 3 site I have a mandatory question for new users about their gender: Robot/Male/Female and the first answer is default and prevents the new user from registering.
Is it possible to do the same in Drupal 7?
And I hope it is doable without installing any additional modules as the stock install is easier to update. (That is what I was doing with my old phpBB site - with no mods installed).
Thank you for your answers! Alex
UPDATE:
Here is my Field module screenshot, does it look ok?
Maybe my problem is that List is shown as disabled?
First, note that there is a huge difference between Drupal modules and phpBB mods. Drupal provides API's which allows modules to integrate with Drupal without changing any code. You can just download them into a folder, enable and they are running.
And yes, what you are trying to do is possible without any additional modules. Just go to admin/config/people/accounts/fields, add a Gender field of Type "List (text)" (If that is not available, you might need to enable it, but it part of Drupal core), then, enter the allowed values and on the second page, check the "required" and "shown on registration form" checkboxes and you are good to go.