I'm developing an application using gvNix. I used typicalsecurity addon to secure my application. What I need now is to allow the user to update only their profile. i.e. the user can see a profile tab on the nav bar menu, and when clicking on it, a form should be displayed containing only their data.
I tried adding the following to my code, but it restricts the access even to the admin.
#RooWebScaffold(path = "users", formBackingObject = User.class, delete=false, create=false);
The xml here removes the menu tab or part of its sub items, so it doesn't show an option to edit the profile
...
xmlns:sec="http://www.springframework.org/security/tags"
...
<sec:authorize ifAllGranted="ROLE_ADMIN">...</sec:authorize>
Usually all the users should update their profiles, so the link should be visible for all users.
Then modify the controller method that handles that request to get the user principal for the requester, this is the way to load the profile of the loged user.
To get the principal of the user read the Spring Security docs.
Related
Suppose I have a fragment account and there are three ways to access my app Register, Login and Skip for now. If an user clicks on skip for now, the components of my account fragment should be hidden and instead of all that, there must be one login button.
You can maintain it by setting a variable in shared preferences or you can set a global variable on the base of user's entry choice. Accordingly manage visibility of the content.
This page
http://azure.microsoft.com/en-us/documentation/articles/app-insights-web-track-usage-custom-events-metrics/#authenticated-users
Show how to have login information in the section "Authenticated users".
But how can I see this information in Application Insight after that
I do not see user anywhere in the custom event properties for events, it seems to be the internal field that's collected but not directly exposed in the view because most of the time this "auto-collected" user would be simply an auto-generated GUID....
You can take a look at the users summary on "Usage Analytics/Users" view as well as in Metric Explorer (just select the metrics about app users like "user accounts"...)
You should be able to search for user in the Diagnostic Search but only if you specify the user name you are looking for in the search - you'll get events/traces and so on for that particular user.
Also, you can try to submit authenticated user as a custom property on the event instead of (in addition to) the embedded property, in this case you should definitely see if as part of the properties in UI but this leads to a duplication of the value inside the event (internal + custom)...
You can make a query with Analytics. The result of your query should return a column called user_AuthenticatedId.
For a Drupal 7 site, I need to create a secured page with a list (view) of documents(.pdf's). There will be one page with a list of documents (a view of pdf's). To get to that page and be able to download any of the .pdf's, the user must be logged in with their own unique username/password. So what I believe needs to be done is the following.
Set up a page with a view of the documents (can do).
Make sure the docs (pdf's) can't be viewed with a direct URL (I think private file)
Prevent access to the page by non-logged in users. (no idea. help!)
Create a menu item for the page that only displays when the user is logged in. (no idea. help!)
Define permissions for accessing the page and add the permissions to specific roles. (I think I can do)
Can anyone provide info on how to do this? Is there a module for this functionality?
thank you,
You can use content_access module to do this. You will be able to restrict access to any content (you list page) by role.
If you create a link to this page in the main/secondary nav (for example) then this link should only appear to a user that has the appropriate permissions (as defined in the role).
LF
create some permissions and assign that to particular user then in your hook_meny you can use user_acccess function to check that whether the logged in user has that permisiion or not and according to that return true or false.
if(user_access(YOUR_PERMISSION_HERE)) {
return TRUE;
}
else {
return FALSE
}
You can also write your sql query inside that. You can put this code in your function and call that function in your access callback for that particular form menu definition
Drupal login page, while going from url ?q=user shows you login form and it also shows Change password and Create new account tabs .
I want to remove the Create new account option/tab from there and also I do not want user to access registration page even via url: ?q=user/register.
Anyone?
To hide the Create new account tab in the /user path, you can insert the following in your module code:
function modulename_menu_alter(&$item) {
// Hide the "Create new account" tab
$item['user/register']['type'] = MENU_CALLBACK;
}
This hides the tab but still allows for /user/register to be accessed.
Open the Configuration admin menu, and under the People heading click Account Settings. Under the heading Who can register accounts? select Administrators only and then save the settings.
The Tab Tamer module will do this. Just make sure you choose hidden and not disabled, otherwise users will get access denied errors.
Home>administration>configuration>people> who can register accounts> select administrators only
To remove the "Register Tab" in login page for visitors, go to Administration>>Account Settings>> select the administrator to create the account. Save the changes. By doing this, only "Admin" can create the accounts. Users cannot see the "Register" Tab.
I want to customize the user/register form.
When the anonymous user goes on this page I don't want to show the tabs Create new account, Log in, Request new password, and don't want to see the fieldset Account information with a username and email.
How can I do it in Drupal 6?
The tabtamer module lets you control what tabs are visible from the admin pages.
I'm not sure if it's possible to remove the user profile page entirely, but a module like login_destination or logintoboggan let you control where the user goes when they log in.