I am using Plone 4.
How to set custom role through code in plone.
I have created a role "normaluser". i am able to assign this role to user throgh site setup-> users and groups .It is working fine.
How to set this role "normaluser" to a user via code?
You may use plone.api
from plone import api
api.user.grant_roles(username='jane',
roles=['normaluser',]
)
Add obj parameter if you want to assign the role locally on a specific object.
Related
Hello Everyone thank's in advance for your help.
I am trying to configure access permission in alfresco and now stuck in a scenario
It would be great help if someone defines proper way to achieve this functionality
now my problem is
I want to create a site (which will be accessible by all user)
then will create folder and sub folder in that site (i am ready to customize content type of those folder if required)
now i want to configure alfresco in such a way that specific set of user can access specific folder and it's content
for example
This is list of user
user1,user2,user3,user4,user5
And this is folder structure
Project
Data
Test
Exam
Design
art
practice
Work
W1
W2
Now how to configure it in such a way that
user1 can access Data->Exam
user2 can access work and all it's child folder
user3 can access Data and all it's child folder
user4 can access Design and all it's child folder and
user5 can access Data->Work, Design->art,Work->W1 folder
Note that i am using CMIS api to generate this folder structure
so is there any way to achieve this by java code only ?
i have read about managing permission but not sure about using it just because when i have tried to provide permission to folder it allow to add only single user
but in my case i want to make group of user and want to make the folder accessible by that particulate group.
Thank you so much for you time :)
If you want to use a group, you'll need to create the group in Alfresco using either the admin console or the Alfresco API. CMIS cannot manage users or groups.
Once your users and groups are in place, you can use CMIS to assign them to ACLs. However, the challenge is that you may need to disable or "break" ACL inheritance to do exactly what you want. You cannot disable ACL inheritance with the CMIS API. You'll have to do it in the UI or through the Alfresco API.
With your users and groups in place and with your folders configured to inherit or not inherit parent permissions as needed, you can now add users and groups to your folders. With CMIS, you can add as many users or groups as you need to a given folder. It is not limited to a single user or group. This page has some examples on using Access Control Entries (ACEs) which make up Access Control Lists (ACLs).
I think that Jeff Potts answer is great i will only add few thing's you can look to this post it will give you an answer how to work with ACL How to get Acls of a document.
You can also use the allowable action in any Folder (or document) it will look like this :
Action a = Action.CAN_DELETE_OBJECT;
object = session.getObjectByPath(idObject); // In case it's a folder
if (object.getAllowableActions().getAllowableActions().contains(a)) {
return Boolean.TRUE;// You can do it
}
Only remember that you can get the allowable action from String (In case you want work with few of them)
String canCreateFolder= Action.CAN_CREATE_FOLDER.value();
the most importante Action that you have to use :
can_create_folder = Action.CAN_CREATE_FOLDER.value();
can_create_document = Action.CAN_CREATE_DOCUMENT.value();
can_update_folder = Action.CAN_UPDATE_PROPERTIES.value();
can_update_document = Action.CAN_UPDATE_PROPERTIES.value();
can_delete_folder = Action.CAN_DELETE_OBJECT.value();
can_delete_document = Action.CAN_DELETE_OBJECT.value();
Hope that helped you.
I´m using Alfresco-LDAP to migrate all my ldap users to Alfresco service.
So far I achieve transfer all users but for every user the home folder created in Alfresco for them is his name, and what I would like, is to share a folder for all members of the ldap group, since I have multiple groups and every user of that group only can get files from that group.
This is the property
ldap.synchronization.defaultHomeFolderProvider
I read in the Alfresco documentation http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
But seems like what I´m trying to do is not contemplated.
Any suggestion please?
unfortunately there is no configurable HomeFolderProvider for groups supporting specific spaces. You need to crate your own HomeFolderProvider in Java for that. Out of the box you could use the companyHomeFolderProvider which is normally used if you want to disable the homefolder feature. The user object requires a userhome to be able to log in and the work around is to set the root (company_home) for that.
s.
[1] https://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
[2] Disable the user home folder creation
I have created an ASPNETDB database on SQL Server 2008 for users, roles and profiles with Aspnet_regsql.exe.
But what I want to more user attributes apart from those default ones (name, email, mobile and comment), e.g. Postcode, Address, Telephone number, Rank, Position, etc. And also those new fields should be exposed to CreateNewUserWizard in the aspx page design mode, so that new user can be registered with more attributes.
I tried to add new columns in the "aspnet_Membership" table of ASPNETDB database. But they weren't automatically picked up.
Can anyone please give me some help on this? Thanks
Cheers,
Alex
Don't touch the database yourself. Follow the steps outlined here:
http://weblogs.asp.net/scottgu/archive/2005/10/18/427754.aspx
Note that you need to use the "Website" project template. Profiles are not supported out-of-the-box (without some customization) for the Web Application project template.
Please refer aspnet_Profile table
To add additional attributes columns you will need to create Profile Properties in web.config file and access this Properties and update the Profile of the currently created user.
If you have complex information about users then u can create your table and use the foreign key relation ship to UserId in aspnet_users table.
Check this MSDN ARTICLE
HOW TO ADD PROPERTIES for Profile
Complete details of using Profiles in Asp.net C# is explained in one of the answer on StackOverflow itself please refer how-to-assign-profile-values
Is there a Drupal module to specify access rules for specific nodes ?
I don't need to specify them for a generic content type, but for a specific node (nid).
Also I would like to specify permissions on a specific page (let's say a view).
thanks
The Content Access module allows you to specify access control per node by role, breaking it down to a granular edit, view or delete permission by role.
Views allows a permission to be set by role under the 'access' option in basic settings. You can therefore set by display giving you quite rich control over what visitors have access to by role.
I've also used Nodeaccess which may be worth looking at. I believe this allows delegation of deciding which roles may edit, delete or update a node to the node author rather than the administrator.
Views has access control built in, you can set permissions for a view from inside the Views UI. When you edit a view there is a setting "Access" where you can set a role or permission that is required to access the view.
"Content Access" has an option for node-specific access, but I never used that part of the module myself (I previously wrote Module Grants, but that functionality came from Content Access).
Other options are Taxonomy Access or TAC lite that apply permissions based on taxonomy.
I am trying to create an application that is based on module level security. The idea is we would have a user login, grab there roles, grab the pages those roles have access to then in those pages grab the modules they have access to then the functions inside the modules they have access to (list, create, edit, delete). That way in an admin screen someon could allow or deny modules and module functions to groups.
Has anyone seen any sample projects like this or have ANY clue on how to implement this? I would really like to try this on a n-layer architecture.
Create your site with a basic membership system. Group your pages into folders and have Web.Config files in each to control access. This is all out-of-the-box functionality for the most part. The only custom code you would have to write is when creating an admin form.
As for the fine grain access, if they can't access the pages, they can't access their methods...
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
UPDATE:
if User.IsInRole("Administrator")...
https://web.archive.org/web/20181010194753/http://www.4guysfromrolla.com:80/articles/082703-1.2.aspx
On the same page, in the code-behind, you can check their roles programmatically and display/enable panels/modules accordingly :-)
I would use a base class for your pages to accomplish the effect you describe. In your base class you can add all of the available methods you will need, but provide an authorization method within the base class that allows methods to identify themselves based on the roles they're allowed to have. All of this could be configured with the web.config if you plan it down. A lot of times the "folder" based method for SQL membership just isn't robust enough.
I suppose as an example, you could build your own (or find one in the System.Security namespace) security enumeration to define access levels and then map access levels from your groups in AD (or wherever) to the enumerations. The methods could then use the security enumeration against your user object to determine if the user's access allows the function.