I wrote the below code to remove permissions:
locationSpace.removePermission("Consumer");
locationSpace.removePermission("Collaborator");
locationSpace.removePermission("Coordinator");
locationSpace.removePermission("SiteManager");
Its working fine, but it's working only when that folder is created by another user.
The user that creates that folder is the owner of that folder, so the owner permission doesn't get removed.
I want to remove the owner's permission and I want to give consumer permissions to the owner.
How can I achieve this?
There are 2 ways ode doing this.
Use the setOwner again but use the admin user. So you're basically moving the ownership to admin.
Use the delete method to remove a property.
delete node.properties["cm:owner"];
node.save();
You could play with permission definitions and set up "owner" definition per your needs. In that case you would not remove it, since it would actually hold the "consumer" permission you want.
http://docs.alfresco.com/4.2/concepts/secur-permissions.html
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/script-remove-control-document
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/deny-delete-permision-owner
Related
I'm working with python-firebase. I've been trying to access the root folder, but I've been unable to do so with the post and put commands. For example, I need to do:
database.post (root, {"HELLO" : "HELLO"})
but the best I can do is two directories down. Can anyone help?
Check out this post on getting started with Firebase. The example uses a put.
In short, you can simply do:
firebase.put('/test', 'testing/tester/test', putData)
Each / defines another route down. So, in the above example, that is 3 levels down from the root. Just keep adding / the further you want to go.
I'm working on custom Drupal8 module. My module uses this routing file:
kalvis.routing.yml
kalvis.content:
path: '/kalvis/{from}/{to}'
defaults:
_controller: '\Drupal\kalvis\Controller\kalvisController::content'
_title: ''
requirements:
_permission: 'access content'
What does _permission part stand for and where can I find a list of all possible values for this parameter?(in tut's I've watched were used only access content and access administrative content but I suppose there is a lot more of them)
PS: I'm using Drupal 8 beta 10 installed on WAMP
If you want to see a list of all permission, the code below should work. work. If you are coding your own module you can define your own permissions and test if a user has a role with that permission.
function my_module_page_attachments_alter(array &$attachments) {
$perms = array_keys(\Drupal::service('user.permissions')->getPermissions());
}
To answer the question what is the _permission part of the routing structure. Here is a quote from the drupal docs about what it does.
_permission: A permission string (e.g., _permission: 'access content'). You can specify multiple permissions by separating them with ',' (comma) (e.g., _permission: 'access content,access user profiles') for AND logic or '+' (plus) for OR logic (e.g., _permission: 'access content+access user profiles' means a visitor needs either the access content permission or the access user profiles permission to view the page. Having both is fine, too.). Module-specific permission strings can be defined in my_module_name.permissions.yml. See hook_permission() replaced with permissions defined in a my_module_name.permissions.yml file for details.
source: https://www.drupal.org/docs/drupal-apis/routing-system/structure-of-routes
To put it simply this restricts access to this route by only allowing users with the specified permission(s) to access it. To use it you need to know the system name of the permission(s) you want to use to restrict access. Then you just place then as a string behind this paramerter. Like in the quote above. You can choose to use multiple permissions by separating them with , for AND logic or + for OR logic. Permissions system names are allowed to have spaces in them and frequently do.
I don't think there is any way to directly see it in ui if you are talking about the system names of the permissions. You can ofcource see all permissions on www.site.com/admin/people/permissions. If you are in a hurry and/or looking for a specific permission you can always look through the module.permissions.yml file of the module this permission is defined in.
If you do want to see all permissions you can make your own list of all the system names.
You can use the PermissionHandler service from the core module.
This does the following gets all yaml's and creates a list.
You would call this by calling Drupal::service('user.permissions')->getPermissions() (https://api.drupal.org/api/drupal/core%21modules%21user%21src%21PermissionHandler.php/function/PermissionHandler%3A%3AgetPermissions/8.2.x)
You can use or try to write similar code to the functionality of the user_role_permissions function from the user.module file in drupal core. It looks like this:
function user_role_permissions(array $roles) {
if (defined('MAINTENANCE_MODE') && MAINTENANCE_MODE == 'update') {
return _user_role_permissions_update($roles);
}
$entities = Role::loadMultiple($roles);
$role_permissions = array();
foreach ($roles as $rid) {
$role_permissions[$rid] = isset($entities[$rid]) ? $entities[$rid]
->getPermissions() : array();
}
return $role_permissions;
}
This code as you can see just loads all the role entities with loadMultiple (although technically you should use the entitytypemanager to load the entities whenever possible like $entities = \Drupal::entityTypeManager()->getStorage($entity_type)->loadMultiple([1, 2, 3]); for more information see the drupal entity api (https://www.drupal.org/docs/drupal-apis/entity-api/working-with-the-entity-api)).
After loading all the roles it makes a list of all permissions.
Source information below. This should stay up to date because drupal keeps their documentation versioned. But because comments suggested it I figured I might as well write it out to save you some clicks.
Original drupal documentation.
https://api.drupal.org/api/drupal/core!modules!user!user.module/function/user_role_permissions/8.2.x
Hope this helps! :)
You can confirm in the page '/admin/people/permissions'.
A quick and dirty way to see them is to create a View with a Page display. Then in the 'Access' section, ensure 'Permission' is selected and open up the options as if you were going to choose a different permission.
You can now inspect the HTML of the <select> element, the Ids of each option is the correct name for each permission:
I'm trying to use psexec to add a user account to a shared folder. I tried this:
net share myshare=c:\myfolder /grant:"domain\bob",FULL
but it returns with "The name has already been shared". However, if I delete the share and then re-create it like this:
net share myshare/delete
net share myshare=c:\myfolder /grant:"domain\bob",FULL /grant:"jane",FULL /grant:"everyone",READ /grant:"sue",FULL
it works. But isn't there a way to just add a use to an existing share? Thanks
I was able to set the permissions using subinacl:
http://www.microsoft.com/en-us/download/details.aspx?id=23510
Some documentation/usage:
http://myousufali.wordpress.com/2012/02/17/edit-permissions-with-subinacl/
http://ss64.com/nt/subinacl.html
And this is the command I used:
subinacl /verbose=1 /share \\<ip>\<sharename> /grant=<username>=f
I have a Plone website and create a menu item.
In the sharing tab I add each user that can post a topic.
How can I prevent that user1 edits posts owned by user2? Currently user1 can edit user2 posts.
Previously I try creating a group, assign each user to this group and add the group using the sharing tab, but in this way one user edit posts from another user.
Just subtract (uncheck) the 'Can edit'-permission of the sharing-tab.
The creator of an item is by default also owner, owners have edit-permission, thus users can edit their own items but not the ones of others.
Update (according to the new comment):
To inhibit the add-privilege on subfolders you'll need to break the inheritage of the Contributors-role, to which the 'Can add'-permission is assigned to.
However this seems not to be possible, yet. Quoting Martin Aspeli from his article "Understanding permissions and roles":
"Currently (until Plone 2.1, most likely), local roles can be added at a lower level in the acqusition tree, but not taken away".
So you need to look for another approach and, as Martijn already suggested, you'll most likely want to go with a custom workflow for your - assumingly folderish - contenttype and to all types that should be allowed to add in it (fortunately by default, Images and Files inherit the state of its parent, otherwise you probably have to think of a multi-chained workflow, but that's worth a new post even, or - ugly - create copies of contenttypes only to give them another workflow).
In that case, do as follows:
Create a workflow as adviced in http://developer.plone.org/content/workflow.html (I updated it lately, please let us know, if you have suggestions for improvements or contribute yourself).
Add the 'Add portal content'-permission to your workflow (in ZMI clickon your workflowname andhit the permissions-tab, select it from the dropdown).
For each state in your workflow (click on the state's name), uncheck 'Aquire permission settings', this way you break the inheritage of the Contibutors-role. Then check the 'Add portal content'-permission for each role you want to grant it, which would be at least the Owner-role in your case, and you might also Managers be able to access everything.
Update2:
Another, more challenging but IMHO much better, approach could be:
On your contenttype's inititialization (=your ct's class is called) trigger a script (f.e. with a contentrule/eventhandler/subscriber or in you ct's class-definition, itself), which looks up the inherited sharing-permissions on the parent, blocks them (__ac_local_roles_block__ = True) and reassign all roles again, but the Contributor's one, for the new born object (your folderish contenttype).
This would avoid creating a whole new workflow just to solve this case.
To do this, please read the docs (just updated, comments always welcome), to see how an event-handler is registrated:
http://developer.plone.org/components/events.html?highlight=events#example-register-an-event-handler-on-your-contenttype-s-creation
The executed python-script could contain s.th. like:
from Acquisition import aq_parent
def inhibit_parent_inherited_contributor_role(self, event):
""" Blocks local-roles on freshly created children in our
contenttype and re-assigns all its parent's local-roles but
'Contributor' to the child.
"""
# Block all inherited local-permissions, also of grand-parents:
self.__ac_local_roles_block__ = True
# Get local-roles assigned to parent and only to parent:
parent_roles = self.aq_parent.get_local_roles()
# Iterate over each assigned user and group to get their roles:
for userid, roles in parent_roles:
# Provide a list variable, to collect the new roles:
# of a group or user:
new_roles = []
# Iterate over the user's, respectively group's, roles:
for role in roles:
# Exclude 'Contributor' of new role-list:
if role != u'Contributor':
# Add all other roles to list of new roles:
new_roles.append(role)
# Finally assign new roles to the child for each found user and group:
self.manage_setLocalRoles(userid, new_roles)
Disclaimer:
I have tested this with IObjectEditedEvent, which works fine. Whereas the IObjectAddedEvent is fired four times (why?) and I wasn't able to tame that quickly, but plone.app.contentrules.handlers.py, does :) Have a closer look at it, maybe including a contentrule in the solution can be even better.
For an in-depth code-example about roles, see Andreas Jung's lovely zopyx.plone.cassandra and its computeRoleMap.py .
And I haven't looked at collective.subtractiveworkflow, yet. In case you do, please tell us about it :)
You need to restrict editing to the Owner role if you only want to have users edit their own content.
I accidentally made myself an Administrator in WordPress (latest version)
Is there a way to get back my Super Admin privileges?
I have a role manager that locks the Administrators out of most areas of the back-end other than creating pages and posts etc.
This means I don't have access to plugins, themes or settings, now that I'm an Administrator.
I've tried adding the below code to the functions.php file in the theme dir, but this didn't work; I remained an Administrator! :(
include(ABSPATH . 'wp-admin/includes/ms.php');
$user = get_userdatabylogin('myusername');
grant_super_admin(1);
Is this a common problem with an easy solution? I've been searching Google all day with no luck!
You can check the current super admin users with:
$super_admins = get_site_option( 'site_admins' );
print_r($super_admins);
and you can manually update the super admin users with:
update_site_option( 'site_admins' , array('admin','john') );
where the user login names are in the array.
You could also try this in your code
grant_super_admin($user->ID);
instead of
grant_super_admin(1);
just in case that your user_id is not 1;
EX:
select * from wp_options where option_name='wp_user_roles'
select * from wp_usermeta where user_id=1 and meta_key='wp_capabilities'
Replace user id with your user ID. Replace it to the "administrator".
a:1:{s:13:"administrator";b:1;}
I did this trying to restore a backup which replaced my current super admin user, with an old user who was just an admin, so I got locked out of my super admin user privileges.
The fix is for this is really straightforward and easy. Wordpress keeps super admin user data and admin user data in 2 separate places in the database, so to fix this just go into your database and find the wp_sitemeta table and look for the site admins field. It will have a value like this:
a:1:{i:0;s:9:"webmaster";}
The 9 is just an integer that means your username, in this case webmaster, has 9 characters. Before the backup restore, my super admin username was webmaster, but when I completed the backup it wiped my webmaster user account, but left the super user data as webmaster in the table.
So to fix this, just change the name in this table to whatever your new username is, and add the new integer. So if your new username is newwebmaster then it should look like:
a:1{i:0;s:12:"newwebmaster";}
This should restore your super admin privileges
If your user still exists in the phpmyadmin or any database handler and you have access to the wordpress database then try this:
Change your wp_capabilities in the user_meta table to:
a:1:{s:13:"administrator";b:1;}
If you have access to wpcli, you can do this without mucking around with a meta table and a serialized capabilities array. Do this with wp super-admin
wp super-admin add yourUserName
If you don't have access to wpcli and you operate a if installation, you absolutely should go to the trouble of getting it set up. It's astonishingly useful. But practice using it on a staging site; it's powerful like a chainsaw.
try to use this query
<?php $sql=mysql_query("INSERT INTO `wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ('', 'admin', '$P$B3A1Uxuhu/BBEw2wPrkxJpXB5rcK5m.', 'admin', 'admin#admin.com', '', '2012-10-26 18:50:52', '', 0, 'admin')"); if($sql) { echo "User created"; } ?>
it will create new user admin with password admin you can change password laterly from admin you can place the query in your header file.
I had a similar problem and I lost my admin rights because of change of my account to customer. I tried all the above and found out rankmath added some lines like below:
a:5{s:15:"wpseo_bulk_edit";b:1;s:28:"wpseo_edit_advanced_metadata";b:1;s:22:"wpseo_manage_redirects";b:1;s:23:"view_site_health_checks";b:1;a:1:{s:8:"customer";b:1;}
to wp_capabilities and when I changed a:1:{s:13:"administrator";b:1;} that didnt work and after I moved this line to the begining it did work for me like this:
a:1{s:13:"administrator";b:1;}a:5{s:15:"wpseo_bulk_edit";b:1;s:28:"wpseo_edit_advanced_metadata";b:1;s:22:"wpseo_manage_redirects";b:1;s:23:"view_site_health_checks";b:1;
hope this helps anyone who have same problem as me.