I'm new to Symfony, for my project I'm trying to use ACL and their Permission Attributes. In the cookbook it says that the permission map is by no means static and could be completely replaced at will. I need to create two other attributes, one Proposer and the other Acceptance. Something like where a user can propose new pages or comments and another one can decide if it can be published or not. Just for the moment I can't find how to implement this with ACL. Anyone has a clue or reference I could start from? I already read about ACL in the cookbook and the advanced use of it but it did not help me.
What you looking for is more related to a rules engine than ACL.
You can have a look on the following link for a quick implementation :
http://knpbundles.com/rezzza/RulerBundle
Related
I am using XAF from devexpress, I just added the security module from the expandframework and all my navigation disappears for non administrative users.
Am using XAF's new security system all well configured even navigation.Is there
extra configuration that am unaware of in expandframework?(am new to the expand framework)
The info you posted is not enough to determine this behavior. For each eXpandFramework module there is a set of tester solutions located # https://github.com/expand/eXpand/tree/17.2/Demos/Modules I suggest you look how the SecurityTester solution is configured and try to see what might differ. SO is not the best place to post such questions as there are dedicated forums and I happy to help you if you post a sample demonstrating this case there.
I was working in a client application with alfresco and in need to capture the changes in docs from user's alfresco account. From further reading I came to know that I need to set some properties in alfresco-global.properties file to enable change log audit. So is there anyway I can do this using an API without requesting user to do this ? Please help
I'm not sure something like that is possible, other then using JMX. I'd be happy is someone would prove me wrong, though.
http://docs.alfresco.com/5.1/concepts/jmx-intro-config.html
For Community there is no direct way to do this other than using addon's or writing your own custom code.
There are some ways you can use when using the JavaScript Api of Alfresco.
There is an Open Source module here using JMX and a paid one here using a custom Share page.
Want to make alfresco site read only in alfresco community 5.0 so that no one can make any changes or edit that during migration.
I already tried changing the user/group permissions but that method doesn't work properly. Is there any other way to make the sites read only?
You need to make all sites in read only mode and so entire Repository should be in read-only mode for migration!
Try this property in your alfresco-global.prop file
server.allowWrite=false
Please check this for reference
The best way to make a site read only would probably be to modify all members of that site to have the consumer role (this would prevent them for creating new content or editing any existing content).
Unfortunately there is no bulk capability built into the UI to do this, however it should be a relatively straightforward exercise to create an admin only custom WebScript to achieve this. It would necessary for the Admin to become the site manager of each site before attempting to change the role of each site member, but there is an API for doing this.
Alternatively (if you have only a few sites) then you could do this manually through the UI using the Site Management Admin Console page. Again, the Admin would need to become the Site Manager for each Site and then visit the site and change the role of every member.
As suggested by #DaveDraper in a former answer, you could setup site memberships to the consumer role. However, this won't take into account any special permission given on a particular node (folder/document) in that site either with or without inheritance of permission.
So, if you intend to block any writes on the entire alfresco repo/site you could simply setup an extra security interceptor on your NodeService to block any write access using the NodeService.
PS : You could get some inspiration from the "NodeService_security" bean and implementation !
I can think of a turn-around or two, but those would be really sloppy so I won't be including them in this response
On my symfony app, the time has come to add mailer functionality. Im always aware that that some new functionality justifiably goes into its own bundle. right now i want to add some mailer functionality so a user can check off some options, then send the items to a friend.
thinking ahead, i might also use that functionality in another bundle in this same app, which is a different part of the website.
so im thinking, i might want to put an email controller in its own bundle, but i know the swiftmailer bundle is already doing this, which i will be using.
so in the end im thinking its probably only a few lines of code i will need, and that may be best placed on the controllers of the specific parts of the website i need the email functionality on.
now comes the main reason i thought of making it its own bundle, twig templates for the email body's. do i want these templates dangling around in my other bundles? i guess it would make sense.
any suggestions?
It looks a bit overkill to create a bundle just for a few lines of code.
For your twig template you can put the shared template part inside app/Resources/views, which is shared for all your application. And put domain specific templates in domain specific bundles.
http://symfony.com/doc/current/book/templating.html#template-naming-locations
Whatever your email logic code should be inside a service wrapping swift mailer, like that if you need to switch mailing strategy, for example sending mails using an HTTP API, you just need to change this service, not all your controllers.
If you have some code to share between your bundles, may should you have an {App|Main|Core|...}Bundle containing all your "Single" services, that can be moved later in their own bundle if needed.
Anyway their is many approach for your global question :
You could use a single bundle containing all your business logic and externalize / decouple your technical / generic stuff inside bundles that can be shared between your apps
You could have an opposite approach with one bundle for technical stuff and many bundles for your business logic, may could it be harder to keep it low coupled
Or a mix of both
In my point of view the first approach works nicely for simple applications while second and third can be more domain oriented for bigger apps. The most important is probably to be consistant.
I need to build a system around a concept as follows:
Users have their objects, which are created by managers and by users themselves. Their objects are visible only to themselves. How to do it in broad way? What logic and mechanism I should choose?
I know this question is perhaps too broad but I am quite novice to development.
Your requirements can be easily solved by using the built-in user-folders of Plone.
You need to enable them in the security-part of the controlpanel via yourhost:8080/sitename/##security-controlpanel
(Note: If you are logged in and trying to see the change of the config afterwards, looking for your own urserfolder, you need to logout and login again, because the foldercreation-trigger is the 'first' login).
Every user gets its own folder then, where other users but Managers don't have have access to and additionally have access themselves to items Managers created in their folder, because the ownership of the user-folder belongs to the user.
Preferably set this configuration in your own product (plone-add-on/plugin), to make it reproducable programatically.