I have created webscript in alfresco community edition-5.1.x , When non-admin users run the scripts not working I am getting 401-Unauthorized when run from admin users its working fine, Can any help me how can I run webscript from non-admin users.
You need to check your webscript definition :
The authentication part must be user. Other choices are admin (probably your case) or none (no authentication).
<webscript>
<shortname>Hello World</shortname>
<description>Hello World Sample Web Script that responds back with a greeting</description>
<url>/tutorial/helloworld</url>
<format default="html"></format>
<authentication>user</authentication>
<family>Alfresco Tutorials</family>
</webscript>
You can run your webscripts by non-admin user. You have to give the authentication tag of your webscript's desc file with the runas="admin" attribute, like this:
<authentication runas="admin">user</authentication>
Related
I need to Disable directory listing in .
Any suggestions ?
I tried to search for result in google but didn't find any
I only found a way that you can block the connection to the URL but this isn't what i need
If you are looking to disable the directory-listing for particular users, then you can achieve this by adding providing the repository path exclude-pattern at the permission target end.
In the below example, I have enabled anonymous user access only to specific packages, Please refer below steps for the same:
I have created a PyPI local repository, deployed python packages into it as shown in the below screenshot:
screenshot
After this, created a permissions target to restrict access to a specific folder called st-fraud-infra to the anonymous user. Hence added st-fraud-infra/** as a exclude pattern, kindly refer to the below screenshot for the same:
screenshot
Add anonymous users from the Users tab and provided appropriate permissions based on your requirement.
screenshot
Once you saved the permission target while accessing the Artifactory through the anonymous user, I could not see the excluded folder which is st-fraud-infra.
screenshot
I am trying to read a spreadsheet from a shared location folder. using
<cfparam name="xlfilepath" type="string" default="\\file02\OP\!FILE STRUCTURES and FORMS\Agreements\Tracker.xls" />
<cfspreadsheet action="read" src="#xlfilepath#" excludeHeaderRow="true" query="MsaDataSheet1" sheet="1" />
"OP" is the shared folder.
I got "java.io.FileNotFoundException:".Then I try to display the directory listing using cfdirectory tag.
<cfdirectory action="list" directory="\\file02\OP\" recurse="false" name="myList">
<cfdump var="#myList#"><cfabort>
I see that there is no list displayed although there are subdirectories and folders and files in the OP directory.
Does the folder needs any specific permissions to be read by any application or any other mapping required?
Here I will explain by using cf16. The ColdFusion runs in Windows as a service and if we look into all the services of the machine we will find as follow:
Here, you can notice that for ColdFusion service the LogOnAs value is "LocalSyatem". It means ColdFusion service is started as "LocalSystem" login and this login doesn't have enough permission to do any operation on network. So, in order to make the required file operation in the Shared Directory we will have to change the LogOnAs value for ColdFusion service.
Please follow the below step to enable it,
Right Click on the ColdFusion Service then click on "properties".
Click on "Log On" tab. Then you will see a screen like this
Select "This account" radio button .Then click on "Browse" button
and select the user by which you want to start the service. You
should choose the user who have sufficient permission to create file
on the shared directory and also have required permission in local.
But we have to restart the ColdFusion Service for the changes to effect.
Let me know if this work to you or not. Or correct me if I'm wrong understood.
I created a Dashlet in Alfresco Share with an Overwiew of the Replication Jobs. I changed the permissions in the Replication Definition Webscripts from admin to user. As Admin i can start the Replication Job from the Dashlet.
Is it possible to adjust the permissions, that a Site Manager or User can start the Replication Job? I still got a "Access Denied Problem".
Where do i have to look at?
Thanks!
No, all the Replication Job WebScripts explicitly require admin privileges so it is not possible to do this out-of-the-box.
If you really want to achieve this then your only option would be to override the relevant WebScripts (essentially copy/paste the defaults) and change the *.desc.xml files to change
<authentication>admin</authentication>
to be
<authentication>user</authentication>
However, that would make them available for any user to run. You would need to further edit the WebScripts to make checks that the user is a member of a specific group.
I changed the authentication to
<authentication runas="admin">user</authentication>
That helped for me.
Using Alfresco web scripts I can login and get ticket but I can't find any script to get user home folder. I can get folders inside another folder using below script: GET /alfresco/service/slingshot/doclib/doclist/{type}/node/{store_type}/{store_id}/{id} But after login I don't know the user home id. Does anybody know how to do it?
The userhome onces authenticated is considered to be a root object if you are dealing with classic webscripts.
https://wiki.alfresco.com/wiki/5.0_JavaScript_API#Root_Scope_Objects
You can access it via
var name = userhome.properties.name
Or you can use any of the other properties you may need via the Scripting Node API.
If you are looking for a webscript itself that just returns back the userhome you may need to create your own webscript to access just their User Home information. This can be done quickly and I recommend following this tutorial to learn how to quickly create one that fits what you are looking to do
http://ecmarchitect.com/alfresco-developer-series-tutorials/webscripts/tutorial/tutorial.html
I should be able to create a default directory inside project's root directory when the application_start method(inside global.asax)is called for my asp.net web application.
As IIS users dont have full rights to webroot directory(for directory create) i get access denied error message while trying to create the directory.Also IIS users wont be given full access to the root as per client.I am planning to implement like below to meet the expectations of client.Please let me know if there is any better way out for than this approach?
Approach 1:
a.Create a new user account(windows) in the server.
b.Keep the user account name in config file.
c.Read that account from the config file and create directory with that user account using Directory Security object.
Code:
DirectorySecurity dacl = new DirectorySecurity();
string useraccountForDirectoryCreate = System.Net.Dns.GetHostName() + "\\" + "testaccount";
dacl.AddAccessRule(new FileSystemAccessRule(useraccountForDirectoryCreate,
FileSystemRights.FullControl,
InheritanceFlags.
ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow));
Directory.CreateDirectory(imageDirectory, dacl);
The above thing worked locally in IIS server(Haven't tested on client's IIS server)
My concern with this:I think it wont be a feasible to ask the client to create a user account to be
created in the server for just creating the single directory.Also in future he might require to give access to more user for directory create.It wont be feasible to
keep on creating the windows account.
Apporach 2:
a)Create a IIS user account having full access to web root for directory create.(is this a better way out,it is same as giving the IIS user full access to web root isn't it.?Please clarify.)
b)Keep the account info in web config file.
c)Read the account info from web config file and create the directory with permisson with the above piece of code.
Problem with this approach:Is i get the following error.
Some or all identity references could not be translated
when the following statement is invoked.
dacl.AddAccessRule(new FileSystemAccessRule(useraccountForDirectoryCreate,
FileSystemRights.FullControl,
InheritanceFlags.
ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow));
It looks like i am not able to add the access rule for this newly created user.Why is it so?
I have googled enough for the above error message and tried to understand but i am not able to resolve the error.I am not able to understand the error message at all.Please help with the solution for this problem.Its high time to deliver.