In <browser:page /> on Plone, I have a permission attribute. I can add a custom permission in there and have better security when the browser view is rendered.
<browser:page
for="*"
name="my_view"
class=".myview.MyView"
allowed_interface=".myview.IMyView"
permission="my.permission"
/>
Just adding the permission attribute it works: trying to do ##my_view, it asks for login.
Now, let's go to the portlets: portlets have a view_permission, that I thought it would do the same, or at least just wouldn't render the portlet if the user didn't have the permission - but none of these situations happen. The portlet is rendered, ignoring the view_permission, thus I still need to use the available portlet property to accomplish what I want (It seems I'm not the only one doing this approach).
So, what view_permission is for? I can't find the docs for it. It seems I would be able to use it like permission like browser views, but it seems I can't...
the purpose of view_permission is to restrict the portlet to users with a specific permission...as it says here:
http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/metadirectives.py
here you can find an example:
http://svn.plone.org/svn/plone/plone.portlet.collection/trunk/plone/portlet/collection/configure.zcml
edit:
unfortunately I have to amend my answer...the purpose of view_permission should be to restrict the portlet to users with a specific permission. But it's not yet honored, as you can see here:
http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/browser/templates/column.pt
http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/metaconfigure.py
(Thanks to the comment of Ulrich Schwarz that pushed me to double check.)
Related
I am testing out DNN 8 and am using the blog app and content management from 2sxc (great module, BTW!).
I have the recent blog post listed on a page sub-directory called '/articles'. But I also wanted some of them listed on the home page as well. When I add the app or module to the home page the url is '/home/post/post-title-here' while on the /articles page the urls are '/articles/post/post-title-here'. This creates the illusion that I have two directories with duplicate blog posts (which probably will get me some dings for SEO for duplicating the same content).
How do I get the app to use the common directory '/articles' regardless of where I put the module/app on the site? I've looked at settings all over and don't see anything that pops out at me. Also not sure if this is a DNN setting or a setting specifically to the extension. Finally, I'd like to be able to keep the year/date/month parts of my url as well as they were on the old site. I assume making that change would probably be similar with the solution to my original question. If that's a different fix, then let me know and I'll put it into a new thread. Thanks in advance!
This question is basically about the blog-app. Now if I understand you correctly, your question is "Can I have multiple lists on various pages, but all of them still link to my main details page". The answer is yes, but the exact solution depends a bit on what you need.
So basically there is a setting in the app-settings to define the main page. I believe it's empty by default, so that the blog-app works automatically without you having to configure anything. But AFAIK if you set that, all blog-details-links will use that as the only source.
I have come across this problem in the past but never solved it.
I am on the verge of finishing a Drupal site for a client. I created two content types and gave him the permissions necessary to edit any occurrence of these node types.
The strange problem is the client can edit any node of type product_type except for one particular node of the same type.
So in other words, all nodes of type product_type are editable except node/3.
Do you have a node access module installed, like Content Access or Taxonomy Access Control? If you do, it could be that there are per-node permissions set and your client's role doesn't have permission to edit that node, or it could be that it is tagged with a particular taxonomy term which prevents him from editing it.
If you don't have any extra node access modules installed, is it just that the link to "Edit" is missing in the tabs section of the page? Can the client type in "http://example.com/node/3/edit" and reach the edit screen that way?
If you supply an answer to these questions in the comments, I'll edit this answer as best I can.
Check the author of the node. If it's different than the client's user account that may account for the problem. If that does not work you may need to "rebuild permissions."
I found out what the issue was. The client account could not edit anything with full-html input format.
I enabled that at /admin/settings/filters and it works just fine now.
Thanks for looking in.
I'm working with ASP.Net MVC and I would like to make a web site accesible via the internet, but only to a select few people right now. I want to do something basically exactly like the beta access page with password just like they did on stackoverflow, serverfault, and superuser.
I don't just want to check and redirect in the home controller, I want it to always go there no matter what url is used.
Anyone know how they do it?
I don't know enough about MVC in particular, but it would probably mean creating a base controller and overriding OnActionExecuting or OnAuthorization.
I'd create a custom filter that extended AuthorizeAttribute. That way you can put it on the controllers/actions you wanted, and remove it easily enough. Since it's essentially a decorator, you would be playing nice with the Open/Closed principle too.
If you override AuthorizeCore you can check session/cookie/whatever for the login and if that passes, run the base AuthorizeCore too.
The easy way is to put something in the users session. Run a check either on the master page or in an http handler to see if this session is correct or not. If not redirect to the password capture page. When the password is provided then set the session variable...wa la they are in.
If you want to remember them then also drop a cookie and add that to your check as well.
Right now, when I create a media item, I can view it as admin by going through the Media then clicking on view, eventually I end up at [mysite]/blog/?attachment_id=31 which is a nice reduced version of the image (which can be clicked to appear large), and which has the nice feature that there is a place to leave comments at the bottom.
This is great for administrators. But I want anonymous users to be able to look at 5 different, fairly similar images, and make comments on the pages separately. So I'd like for the anonymous users who navigate to [mysite]/blog/?attachment_id=31 to find the same page the way it looks to admins.
But when going to that URL as an anonymous user instead of the image with comment form I get:
Sorry, no posts matched your criteria
So, how can I enable this permission for anonymous users?
If this is not possible, please rephrase the question as, "What is the best way to use Wordpress to get a bunch of anonymous people to vote on 5 different layouts and also to be able to comment on each of them separately, as I am trying to do at http://christian-filipina.com/blog/ ? (None of these are public URLs, please don't link to them.)
Do I need to create a page for each of those separate layouts and then use HTML to link to the variously-sized versions of the images?
When adding an image to the post make sure that "attachment page" is checked instead of "image file" This should fix your problem. See: http://codex.wordpress.org/Using_Image_and_File_Attachments
I have an ASP.Net application which as desired feature, users would like to be able to take a screenshot. While I know this can be simulated, it would be really great to have a way to take a URL (or the current rendered page), and turn it into an image which can be stored on the server.
Is this crazy? Is there a way to do it? If so, any references?
I can tell you right now that there is no way to do it from inside the browser, nor should there be. Imagine that your page embeds GMail in an iframe. You could then steal a screenshot of the person's GMail inbox!
This could be made safe by having the browser "black out" all iframes and embeds that would violate cross-domain restrictions.
You could certainly write an extension to do this, but be aware of the security considerations outlined above.
Update: You can use a canvas utility function to get a screenshot of a page on the same origin as your code. There's even a lib to allow you to do this: http://experiments.hertzen.com/jsfeedback/
You can find other possible answers here: Using HTML5/Canvas/JavaScript to take screenshots
Browsershots has an XML-RPC interface and available source code (in Python).
I used the free assembly UrlScreenshot.dll which you can download here.
Works nicely!
There is also WebSiteScreenShot but it's not free.
You could try a browser plugin like IE7 Pro for Internet Explorer which allows you to save a screenshot of the current site to a file on disk. I'm sure there is a comparable plugin for FireFox out there as well.
If you want to do something like you described. You need to call an external process that prints the IE output as described here.
Why don't you take another approach?
If you have the need that users can view the same content over again, then it sounds like that is a business requirement for your application, and so you should be building it into your application.
Structure the URL so that when the same user (assuming you have sessions and the application shows different things to different users) visits the same URL, they always see same thing. They can then bookmark the URL locally, or you can even have an application feature that saves it in a user profile.
Part of this would mean making "clean urls", eg, site.com/view/whatever-information-needed-here.
If you are doing time-based data, where it changes as it gets older, there are probably a couple possible approaches.
If your data is not changing on a regular basis, then you could make the "current" page always, eg, site.com/view/2008-10-20 (add hour/minute/second as appropriate).
If it is refreshing, and/or updating more regularly, have the "current" page as site.com/view .. but allow specifying the exact time afterwards. In this case, you'd have to have a "link to this page" type function, which would link to the permanent URL with the full date/time. Look to google maps for inspiration here-- if you scroll across a map, you can always click "link to here" and it will provide a link that includes the GPS coordinates, objects on the map, etc. In that case it's not a very friendly url but it does work quite well. :)