How to get nexus project specific permissions running with repository targets? - nexus

I would like to set up our long running nexus (currently updated to 2.10) for project specific permissions, so that users are limited to access only a part of the repository.
I found this article and this one which exactly match what I am looking for.
So I set up our config like this.
The regexp for us is: ./de/mycompany/myproject./.*
But there is still one error:
I can log in with restricted view and in the search I just see the filtered artifacts. Which is great. But the bottom part of the UI where the repository tree is shown, is empty. Instead I get a 403 error. Looking in the system feed for authentication I find:
Unable to authorize user [myuser] for read(HTTP method "GET") to /nexus/service/local/repositories/releases/index_content/ from IP Address 192.168.0.41, user agent:"n/a"
"releases" is the name of our repo, for a part of which the user is permitted. So what to do to get access to this strange index_content? Do I need another privilege or role? Or another regexp? Using ./index_content/. does not work.

Well, as nobody knew a solution a did a lot of try an error at the weekend. Finally I ended with added a second regex just with a slash ("/"). Now it works as expected and documented in the referred articles.

Right, you need to add permissions for the directories along the path for "browse storage" to work.
See here for more information: https://support.sonatype.com/entries/21592111

Related

Link to issue page from within Phabricator

We've been using Phabricator for post-commit code reviews (aka Audits) for some months now. When doing a commit we also attach an issue number ("Issue: XXXX").
The issue tracker url for this issue is:
site.com/issue/XXXX
I'm wondering if there's any way we could configure Phabricator to replace this text with a hyperlink to its corresponding URL when viewing the commit's comment from Phabricator.
First step
Go to the configuration interface at <your-hosted-phabricator>/config/all/.
Second step
Edit the following two parameters:
In bugtraq.logregex set:
/[Ii]ssues?:?(\s*,?\s*\d+)+/
/(\d+)/
In bugtraq.url set:
https://<your-issue-tracker>/issue/%BUGID%
If you are using these same config settings for another tracking system, you will have to pick and choose. But, we found this very useful when linking to an unsupported bug tracking system.
You should be able to replace the url to your local system's url and build your own regex that will match your "Issue: XXXX" commit message.
Good Luck!

Umbraco error "Looks like there's still work to do"

I am trying to publish Umbraco 4.7.0 site.
when i am trying to publish Node get this error.
Cannot insert the value NULL into column 'id', table 'hedronDB.dbo.cmsPropertyData'; column does not allow nulls. INSERT fails.
And when i see in browser i get "Looks like there's still work to do" this error.
Any help is much appreciated!
I assume you are seeing the error in the database's [umbracoLog] error table?
Have you just migrated your site to a new server? If so, your umbraco.config file may be missing. This is usually why you see the "Looks like ..." message, because nothing has previously been published.
Also, check the permissions on the site to ensure that modify permissions have been given to the correct folders.
If none of these help, one of your doc types or pages may be corrupt, meaning that when a page or pages of a particular doc type are being saved, Umbraco thinks there should be a particular property on the doc type when there isn't.
Check the Umbraco logs in the database [umbracoLogs] table, and see if there is a reference to a particular doc type or page being saved. The solution here would be to recreate the offending doc type, and also recreate the pages from the doc type.
Aside from this, it is always worth checking or raising your issue at our.umbraco.org
Finally, if possible I would very much advise upgrading to the latest version of Umbraco (currently v6.1.2) or at the very least v4.7.2 which is a patched version of the version you are using.

Products.Reflecto and Plone sharing, bug or feature?

I'm using Products.Reflecto in Plone 4 to mirror file system content and provide fine-grained security on that content (i.e. give specific groups access to selected folders)
I know Reflecto objects are not real Plone content, however there is a sharing tab on all the files inside the Reflecto object. It works as expected, until you reindex the reflector at which point the settings are only applied to the reflector object.
E.g.:
Mkdir (on the file system) -p test/foo/bar/baz
Create a reflector object mirroring a "test" directory on the file system.
Share "view" permission on baz with any user or group
Verify that sharing works as expected
Reindex "test"
Notice that the user or group now has "view" permission on "foo"
Curiously, as soon as you configure sharing on a child object the reflector object has the same settings, but they seem to be ignored. Also curious, if you configure a "live" reflector sharing does not work at all. Is this a bug or a feature? Is it reasonable to try to support this use case? I.e. reindex the reflector and maintain sharing settings?
I don't think this was ever meant to work; I don't recall covering the use case when developing Reflecto in any case.
I haven't touched the product in years though, and I didn't do any more than glance at the code base to remind myself.
What I suspect in your test case is that the sharing information is set (via acquisition) on the reflector object, but the directory proxy for baz is being reindexed. If you were to reindex the reflector the sharing settings would no longer be ignored.
If so, then the presence of the sharing tab on the directory proxies is the real bug here.

vTiger doesn't recognize any user

I having a problem using vTiger.
Actually i had no problems but we had to format one of our servers and as the SQL has been backup'ed i had no worries about vTiger.
Just got vTiger folder backup'ed too, but when i had my server back and put the folder of vTiger into www and restored the database i had a few errors, mostly resolved by re-configuring config.inc.php because paths had changes. But after all the configuration is done again i can't login to my vTiger. He reachs the database but does not recognize any of the users. I alway get username or password is wrong. Have anyone experienced this? Is there any possible solution?
Had a similar problem a few days ago, it turns out my cookies were corrupt (Firefox). I cleared all related cookies, problem solved. Try first using some other browser to confirm. hth.
First I would check if the db is reached and populated with your data. Try connecting from the command line.
If you are working on Windows and have changed Vtiger's path, and you are using the bundled version, MySql path changes as well, but the Windows service can still be alive on the old path: in this case you must manually cancel the service and afterwards use the "Start Vtiger" button in order to create the new service.
Second, I would turn on the php debugging as explained here. In most cases, these steps should help you.
Have you checked user_privileges folder? in that you must have 2 files for particular user. eg. your user admin having id 1 in database then you must have user_privileges/sharing_privileges_1.php and user_privileges/user_privileges_1.php file
and open user_privileges_1.php file and check username/password in that file, if it's not same with your DB then change it manually.
Try this solution and let me know if it works.

Drupal Administer

How to rename drupal's admin directory as I already have a directory named "admin"?
As Bleadedu pointed out, Drupal has no "directories" in its URL.
The urls you see are all so called "clean urls", achieved with a nifty trick in Apache (the webserver)
configuration. You could disable clean urls that will fix your problem, but may not be an option, if you rely on this feature for some reason.
Another option is to use path module to circumvent this issue. This has downsides too, most notably, the fact you need to manually change each url with admin in it.
The last option is to change the rewrite rules in Apache. This is hard to achieve and requires some knowledge of mod_rewrite.
you can't. simply because admin directory doesn't exist. it's just a url path (defined in all modules that have got a reference of it in hook_menu)
The only solution I have right now is to implements hook_menu_alter and redirect all menus that starts with admin/ somewhere else, but I can't say that it will work 100%.
Instead of changing the path of /admin, you should beef up security elsewhere.
First, finding out your site uses Drupal is a piece of cake.
Huge companies use Drupal, and don't change their /admin path.
Don't use User 1. Most of the time, there is no need for anyone to be using User 1. Even the highest of admins should be given a role, and certain permissions. User 1 should have a complicated long password, changed every (x) number of days or hours, but never actually used. I think there is also a module for this, but I can't remember off the top of my head because I just do this programmatically.
logintoboggan.module
The Login Toboggan module will display the login form for Access denied pages
login_security.module
protect_critical_users.module
userprotect.module
session_limit.module
nodeaccess.module
Don't let direct access to update.php and cron.php. Create a cronjob to run via shell.
-have them direct to forbidden/or a 404 with a search page
Use the tools in cpanel/whm or similar. Knock out bad login attempts and such.
There are a ton of other ways to beef up security in drupal.
I somehow forgot that you said "as I already have a directory named "admin". opps.
I think you would be wise to either alter that other directly instead, put it inside of another directory, or simply don't use it.
It is just going to be very messy. You would have to look into every single module to see if it needs adjusting.
Off the top of my head, the user.module will need to be altered, and also take a look at http://api.drupal.org/api/search/6/url_rewrite.
custom_url_rewrite_outbound and custom_url_rewrite_inbound will work, BUT you will still be able to access /admin by typing it in manually. You will get a forbidden if you stick a "admin" folder in your root.
All in all, I think it would be a messy venture, and you might get a lot of broken updates. Until something like this is offered in core, I wouldn't do it. Even if there was a module that could, I wouldn't use it.
*You will have to "Hack Core," and I don't think this justifies hacking the core.

Resources