is there a way to get the list of currently listed developers on a face book connect application i want to use this to validate if a user is authorized to sublmit new contenet and create events through the connect website or do i need to couple this with a forms authorization account to handle permissions
or is there a better way over all to handle this
To check if a user is a developer of some specific app you can run such FQL:
select application_id from developer where developer_id=me() and application_id=<APP_ID>
To check if a user granted your app some specific permission you can use this FQL (not sure if this would be helpful in your case though):
select uid from permissions where uid=me() and <PERMISSION_NAME>=1
where <PERMISSION_NAME> is one of these.
Related
I have a Flutter app where most of the users should never log in. I also use this same app for a small selection of users that I personally manage and would like to allow them to create a Firebase account, preferably just with by giving them a password to access the account creation page. Ideally I don't want just anyone to be able to create an account, only those who I have personally given access to. Is there a way I could password protect the account creation page so that only those with access to the password could create an account? Perhaps there is another way to do this? Ideally, I'm not looking to get into a situation where anyone can create an account and then downstream I have to authorize that account so that it has the correct access. I really just want only those with the access upstream to be able to create the account. Perhaps this is not logical but this seems to make more sense than letting accounts be created by anyone and then approved by me after the fact. So my question really is, how do I password protect a page in flutter? Or is this just a bad idea and should I work to manage things downstream? Or is there another solution I have yet to consider?
Have you considered using something like a dynamic link that navigates to the specified page in the app when clicked. firebase_dynamic_links might be of help. Only those who have the link will be able to access it and I presume that you could manage the link actions from the Firebase console.
You could also opt for simplicity and create a password field that pops up before your account creation page
Is there a way to make admin not able to delete user from Active Directory? I need to disable this feature some how in global properies or else. I want admin only to create users,edit them and disable them, but not delete. The version of Alfresco is Community 5.2. Thanks in advance.
I guess you mean the other way around:
Is there a way to prevent admin from deleting users which have been created by ldap sync?
or do you mean:
Is there a way to revoke permission to delete any user?
Do you understand the difference between a user which has been created by ldap sync and a user manually created in the Alfresco admin UI?
There is no (easy and supported) way I know of to restrict admin permissions or for a member of the group ALFRESCO_ADMINISTRATORS. The ROLE_ADMINISTRATOR has always any permission.
There maybe a way to achieve what you expect in a customization module implementing a new behavior which disallows user deletion in a specific zone or by creating your own permissionGroups/permissions in a customPermissionDefinitions, setting the new introduced permissions on the user zones to specific groups but that kind of customization would be hard to maintain on later updates/upgrades.
EDIT:
What is your use case for allowing (end) users to create new users inside Alfresco although you have an user directory (AD) in place?
If your aim is to support external users, managed by specific internal user groups you may add another directory like samba4 which your internal users may get permissions to create/delete users (that's what we actually do from/thru our CRM system) or if you prefer integrations with OAuth2 providers such as Google, Facebook, Github you may take a look on the Spring Cloud Gateway for the Alfresco platform project
After referring so many forums, I am able to authenticate and sync active directory users to alfresco. The problem is we have more than 25,000 users and rite now we are planning to open alfresco only for selected users. Whenever someone search people they will be finding all the 25,000 users who are not even using alfresco. My It team is not willing to create seperate group for these selected members. Is it possible to sync only users who are logged in.
I am using alfresco 4.2e Binary Installation. Windows 7 64 bit.
The most easiest way would be to distinct users to sync via LDAP query.
You could find this link useful.
This scenario should do it:
enable ldap authentication
configure the authenication chain to include Alfresco and LDAP. This will ensure to try to authenticat against both systems. e.g.
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap-ad1:ldap-ad
disable sync
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=false
If you start Alfresco the very first time there is no user in Alfresco. Depending on your strategy how to control the user creatioin you could ether:
create user manual
If you're running on linux the easiest way would be to use the alfresco-shell-tools otherwise you could use the csv-import feature in the user admin. The trick is to use the same username so Alfresco will try to authenticat against both systems before it fails.
create user on first login
Another way is to enable implicit user creation on first login. This isn't my recommendation since you will get trouble later because the user has no email address configured / no user info is synced. (This way is not tested - if this doesn't work you may define a sync query which doesn't return users to enable sync)
synchronization.autoCreatePeopleOnLogin=true
you will get the auto-creation of people who were successfully authenticated but weren't brought in by the sync
you need to add/change this line also on ldap-authentication.properties :
ldap.authentication.active=true
ldap.synchronization.active=false
ldap.synchronization.autoCreatePeopleOnLogin=false
synchronization.syncOnStartup=false
synchronization.syncWhenMissingPeopleLogIn=false
and add on alfresco-global.properties :
create.missing.people=false
I am the lead engineer on a web-based application that we would like to tightly integrate with salesforce. Specifically, we would like to:
Save email, hashed password / salt with contact record, and implement basic authentication service
Save entitlement information as part of the contact record
Basically, we would like to use salesforce as an authentication / entitlements service. Once a contact has been "converted" into a full fledged user of our system, we would like to be able to add user credentials to the contact object, and build an apex remote call that our system would use to authenticate the user. Furthermore, we would also like to enable / disable certain functionality on our site based on entitlements configured as part of the contact record.
I have read about using salesforce as an identity provider, but I don't think that this what we want. The contact record does not allow salesforce login.
Any direction would be appreciated.
They're probably going to need to be Customer Portal or Partner Portal Users.
I believe what you want to do may bypass SF's terms on users. If you want to authenticate users through salesforce, I believe you need a user license for every user (but there are some cheap licenses for high amounts of users, contact salesforce).
If you want access based on the contact object, you can map contacts to portal users, which creates an additional user object. From there on I do think the Salesforce Identity they are building, may be what you want ?
http://www.salesforce.com/company/news-press/press-releases/2012/09/120919-7.jsp
You don't need customer portal or partner portal, there are a set of tools that help you integrate Salesforce with third party application
look here :
http://wiki.developerforce.com/page/Integration
Hope this helps :)
We're currently using forms authentication for our intranet site and would like to allow users to authenticate via windows authentication instead. How will this affect current user accounts, profiles and roles. I have seen on the web that I can mix the two authentication types and put roles and profiles in a separate DB, but how do I link up existing role and profile assignments with windows authentication user logins?
I'm not sure if you can do it exactly what you are asking however you could code your way out of this, you could write functionality that requires people who are windows authenticated to enter a credential you already have on file which is unique (say an email address) you could then convert the user account programatically if they responded by clicking a link.
You could create the new account and import the information from the old non windows authenticated account and then delete the old account. All db records that relyon UserId however would need to be changed in this approach as part of migration.
Depends on how integrated you want to be but if it's single sign on that't driving this.
get the user's sid look for it in profiles roles etc (could add sid column to them but a simple sid - userid table would be better.
if they are in there you are good to go.
if they aren't use the forms athentication to identify them and add a mapping from their sid touserid. So they'll get asked once more and thats it.
You'll probably need a similar mechanism anyway, in the event of the sid changing, which can happen after various windows issues. or for say anonymous access for non windows users.
if you don't like sid as an id then some other e.g domain\user name might do it.
windows groups/roles to application roles for full integration is another step, as would
rationalising profile info like full name etc..
it's nice quick start any way without having to trawl through everything that uses user id now and change it.
Finally coming back around to answer the question. We actually kind of scrapped what we had in our Forms Authentication. The Roles work pretty differently with Windows authentication, as does the profile. We used a custom profile provider rather than the built in profile provider. If anyone is interested in what we've done, I put together a series of four blog posts that detail what we did in our environment and some of the glitches we ran into: Part 1, Part 2, Part 3 and Part 4.