I wanted to give sulu a try and so far it looks nice. So installed a minimal version via composer, defined some page templates and everything worked so far. Then i added a new localization as described in http://docs.sulu.io/en/latest/book/webspaces.html and http://docs.sulu.io/en/latest/book/localization.html. Which is not working.
As described i simply added <localization language="de" default="false"/> to the list. But i cannot access the content of the new locale and moreover the starting page content.
The error i retrieve is a permission error:
Operation forbidden The available permissions are not sufficient for this operation
I've checked the permissions and every available permission is granted to the user. Now i am stuck.
That's because you don't have these permissions in the correct locale. The User Role only describes what the user is allowed to do, but it doesn't describe in which language. That's because we don't want to have uncontrolled of user roles. Imagine you have a big homepage, with english, german and french content, then you would have to create three roles: Content Manager EN, Content Manager DE and Content Manager FR. We have chosen a different way.
In a user role you don't describe in which language these permissions apply, you do that on the user instead. Go to Contacts, select the contact with your user, and choose the permissions tab.
In the permissions section on this page you see a table with all the roles, the one being assigned are checked. The dropdown on the right describes to which language this applies. You probably haven't assigned the language to your new user here.
Related
Want to make alfresco site read only in alfresco community 5.0 so that no one can make any changes or edit that during migration.
I already tried changing the user/group permissions but that method doesn't work properly. Is there any other way to make the sites read only?
You need to make all sites in read only mode and so entire Repository should be in read-only mode for migration!
Try this property in your alfresco-global.prop file
server.allowWrite=false
Please check this for reference
The best way to make a site read only would probably be to modify all members of that site to have the consumer role (this would prevent them for creating new content or editing any existing content).
Unfortunately there is no bulk capability built into the UI to do this, however it should be a relatively straightforward exercise to create an admin only custom WebScript to achieve this. It would necessary for the Admin to become the site manager of each site before attempting to change the role of each site member, but there is an API for doing this.
Alternatively (if you have only a few sites) then you could do this manually through the UI using the Site Management Admin Console page. Again, the Admin would need to become the Site Manager for each Site and then visit the site and change the role of every member.
As suggested by #DaveDraper in a former answer, you could setup site memberships to the consumer role. However, this won't take into account any special permission given on a particular node (folder/document) in that site either with or without inheritance of permission.
So, if you intend to block any writes on the entire alfresco repo/site you could simply setup an extra security interceptor on your NodeService to block any write access using the NodeService.
PS : You could get some inspiration from the "NodeService_security" bean and implementation !
I can think of a turn-around or two, but those would be really sloppy so I won't be including them in this response
I'm using umbraco CMS and creating a site like blog. Including me there are 10 members involved in
writing article's but i'm the one who needs to check the article.
All 10 members are not in a single place. The thing I want to know is if a person other than me is putting a content, I only want to decide whether to publish or not. Is there a option to set this kind of permission.
would somebody say can we done this in umbraco CMS.
Yes, this can be done.
Within the Users section, there's a node called User Types and from your description it sounds like Writer is best suited for your members. Just make sure they are set as this user type when creating/updating their respective user nodes. Most notably, they'll have the following permissions amongst others:
Create
Update
Send to Publish
There's a bunch of other permissions there that you can choose from if Writer doesn't precisely match your requirements or you could create your own user type from scratch.
I am trying to restrict access to a particular node (NOT node type) in Drupal.
I'm not finding a good module to be able to do this (or I am not understanding how to).
It seems like Content Access might be a good one - but I see no way to make access to a specific node not be granted.
How is the best way to restrict access to one particular node in Drupal 6?
Node Access should do the trick
Provides global and node specific security permissions by role and user account.
Global security for all content types and nodes (default).
Per content type and all nodes for the content type.
Per node security scheme
Emphasis mine.
The Content Access module is indeed a good one.
After installing and enabling, go to Home › Administer › Content management and select the content type you're interested in. Click Edit and then the Access control tab. Look at the bottom of the page at the panel Per content node access control settings.
When you enable this a new tab for the content access settings appears when viewing content, allowing controlling access for each individual node.
If you're looking for even more fine-grained per node access control, take a look at Flexi Access (however it is currently for Drupal 7 only). It is set up to control access per node by default, and also let you create and maintain access control lists, breaking access control down to both per user and per node.
I am using both of these myself, and they work.
For more options, see the page: Overview of Node Access modules # Drupal.org.
I have an ASP.Net website running on IIS7. The developers have created a CMS in the \admin folder, which allows the website admin to create/edit/delete pages.
They have said:
"The read/write permission should be given to the user that requires login access to the admin panel, not the anonymous user that has general public access to the website. The reason for the write permission is to allow the administrator to be able to upload images and files through the CMS, and make various changes to the navigation, style sheet, etc".
Also, they have said:
"Password protect the /admin folder and assign full rights to your admin user as it needs to update data (site files) accordingly as mentioned in the Folder level section above. For certain modules to work, such as the file manager, you would need to use Basic Authentication at the Directory Security level. The FCKeditor folder also should be protected so it has the correct permissions. "
Is this approach safe? I have tried assigning full rights to the Plesk protected folder user (the \admin folder is protected through Plesk), but Plesk keeps reverting back to its default settings. I am told this is a security measure, which makes sense.
What would an alternate way of accomplishing this be without rewriting any code?
If the application needs the ability to upload then it will always need read/write permissions to the directories it is going to upload to - no amount of rewriting will change this, it's part of the basic functionality. The same applies to editing stylesheets etc.
Reverting changes you make sounds like a very bad security measure - warning you would be fine, but generally you make these changes for a reason and want them to stay.
Hay try this...
Right-click the file and select Properties.
Click on the Security tab.
Click Advanced in the lower right.
In the Advanced Security Settings window that pops up, click on the Owner tab.
Click Edit.
Click Other users or groups.
Click Advanced in the lower left corner.
Click Find Now.
Scroll through the results and double-click on your current user account.
Click OK to all of the remaining windows except the first Properties window.
Select your user account from the list up top and click Edit.
Select your user account from the list up top again and then in the pane below, check Full control under Allow, or as much control as you need.
You’ll get a security warning, click Yes.
On some files that are essential to Windows, you’ll get a “Unable to save permission changes… access is denied” warning and there’s nothing that you can do about it to the best of my knowledge.
Reconsider why you’re using Windows.
Suppose I have two content typs, "Job Listing" and "Job Application". A job application has a field (using the CCK module) to reference the job listing (a required field). Suppose the job application has a field "Status" with values like "new", "accepted", "rejected".
I would like to set permissions so that the job application status can only be set by the creator of the job listing it corresponds to. If there is an addon that can do this great. I would also like general direction as to how a custom addon might implement this.
(I am following the scenario in Ch. 3 of O'Reilly's "Using Drupal")
I don't know if there is a module for this but this can be done pretty easily with some custom code though.
Use hook_form_alter to add your own validate handler to the node_edit form for the application content type.
Check to see if the value has changed
Set an error is user isn't the creator or has the administer content permission.
You're done.
Directions by googletorp are on the right track but you will have to take care of some more permissions also.
Remove the edit own permission for the application content type.
Also you probably do not want author of one job listing editing the applications in response to some other job listing. This is hard to do with any built in permissions. So check in the form_alter hook that current user is the same as the author of the job listing to which the application being edited is connected to.