I want to add a space in the home of the administrator on alfresco but I want the space to be visible only to the administrator (adminstrator home is the Company Home).
I used this code to add the space in the admin's home but the hidden part I don't know how to use:
NodeRef personNodeRef = personService.getPerson("admin");
NodeRef homespaceNodeRef = (NodeRef) nodeService.getProperty(
personNodeRef,
ContentModel.PROP_HOMEFOLDER);
serviceRegistry.getFileFolderService().create(
homespaceNodeRef,
LOG_FOLDER_NAME,
ContentModel.TYPE_FOLDER);
I'm persuaded that I'm gonna add a property but I don't know which, can any one help ?
If you want to do it via code and looking for api
PermissionService of alfresco has API
void setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef, boolean inheritParentPermissions)
if you pass true in second argument it will set inheripermission as false so none of the other person able to see space create by admin(provided space is created by admin user)
otherwise as I had suggested in comment you can do it from user interface as well.
Related
I have a project based on documentum, and after user login I'd like to know what's his role.
The reason is that there is a requirment for a menu-action to be enabled just for users who has the specific role.
Assume I have the username (being taken from the login page), how can I do this?
Do I have to put this data on session once the user logged in? I'd prefer to have a one line code that could be called from the client side (javascript) and on the fly doing the disabling of the menu action.
When you login at that service u can create a JSON which will have value of which all menus are enabled for the logged in user.Now when the screen loads with menus u can use this JSON data to hide/display or enable/disable the menu items.
Or else u can write a scriplet tag in the the disables attribute and in the scriplet tag you can call a class static method which returns true or false based in the user details sent.
You can use the following condition to determine the role of a user. I have provided it as a DQL, but you can use the logic to fit it in your code.
select group_name from dm_group where any i_all_users_names = "user_name"
Hope this helps.
I'm writing a java component which build all the pages in a wiki. What would be the best way to assign the user rights or groups which may view the page or spaces from within the java service component?
Really struggling to find details on this in the API.
You are finding no details in the API, because the Rights API is only about reading rights information, not setting rights
If you want to set permissions on pages programatically, and you can assume that the default permission handler is in place (which both the UI and the code to create new users in XWiki does, so it seems not too unreasonbale), you can create them as objects in the pages.
Permissions are set by adding objects of type "XWiki.XWikiRights" to the pages
these objects have the following attributes:
groups : a string containing a comma separated list of group references (e.g. XWiki.XWikiAdminGroup,XWiki.XWikiAllGroup for the default admin and "all members" group)
users : a string containing a comma separated list of user references (e.g. xwiki:XWiki.Admin,XWiki.Admin would describe the main wiki admin and the "Admin" account in the local wiki
levels : a string containing a comma separated list of permissions who ate affected by this entry, e.g. view,comment,edit
allow : an integer which should have two values: 1 means the entry is an "allow this right", 0 means it is a "deny these rights"
The groups and users fields can be empty, though usually one of them is filled with data. The levels and allow must be set with some values.
One example how a permission is set on a page is the (internal) method XWiki.protectUserPage which sets the permissions on a newly create user in the way this user can edit ones one profile page:
public void protectUserPage(String userName, String userRights, XWikiDocument doc, XWikiContext context)
throws XWikiException
{
DocumentReference rightClassReference = getRightsClass(context).getDocumentReference();
EntityReference relativeRightClassReference =
rightClassReference.removeParent(rightClassReference.getWikiReference());
// Allow users to edit their own profiles
BaseObject newuserrightsobject = doc.newXObject(relativeRightClassReference, context);
newuserrightsobject.setLargeStringValue("users", userName);
newuserrightsobject.setStringValue("levels", userRights);
newuserrightsobject.setIntValue("allow", 1);
}
Here the first few lines are slightly more complicated to make sure the XWiki.XWikiRights class page is present and properly initialized; without harm you should be able to do something simpler like:
BaseObject newrightsobject = doc.newObject("XWiki.XWikiRights", context);
The userRights is usually edit here (it was only that while looking for the code that I found out this is actually configurable ...); userName is the full name of the users profile page here (e.g XWiki.NewUser)
The actual full code can be viewed at github e.g. for the 7.2 release:
https://github.com/xwiki/xwiki-platform/blob/xwiki-platform-7.2/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/XWiki.java#L3366
Finally to distinguish between rights only given to a specific page, and rights given to a page and all its subpages: if you want a rights object to be valid for subpages, too, do not add it to the page itself, but create a special subpage with name WebPreferences and add an object of type XWiki.XWikiGlobalRights (with the same fields) to that page.
Some further pointers:
for more details how the access rights work, see http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights especially the reference section: "An overview of permissions"
If you have installed the "Admin Tools" extension, you can view the "ShowRights" page to see all right objects in you wiki.
Problem:
I am logging into a virtual machine(RDC) using the below credentials:
The user is part of a domain group called as teldept
user:147852 pass:helloworld
when i try to get the user details from java application it gives me : 147852
but when i click on start menu at the top i can see my Name displayed.
How is this done? i want to access this name from java application
I use the below snippet:
System.getProperty("user.name");
Whatever the above snippet gives me is correct as aper oracle docs.
I am logging in with ID: 147852 and above snippet gives me 14852
but some how in windows this ID:147852 is mapped with my name so only in the start menu in XP i am getting my name displyed instead of 147852. we need to know how this mapping is done between the ID & Name . I am guessing it has something to do with Domain or some network logic which i am not good with .
The name shown on XP's start menu is not the logon name. It's Full Name Corresponding to the Logon Name. Not sure if your login is a local login or a domain login. If it's a local login, go to Admin Tools -> Computer Management -> Users and Groups -> Here against your username (147852), you will find a full name.
If your login is a domain login, you can similarly lookup your name in Active Directory - or search for it at other places.
This is very OS Specific and cannot be found by Java.
You will need to do this using JNI and Windows API - Calling GetUserNameEx or NetUserGetInfo depending on type of user.
If you just want to get your logon name (147852), calling com.sun.security.auth.module.NTSystem().getName is a better way than using System.getProperty("user.name")
From this SO question, you can use:
System.getProperty("user.name");
to return the currently logged in user. This will return the username string. I believe this is what you're asking for, but your question is rather unclear.
I am working on an existing Web based application.
Now, I need to secure the application against what I think is called url hacking. For instance, if the customer with customerId 1 is logged in and viewing his profile, the following http get variable will be visible in the address field: customerId=1.
I need to prevent a customer from being able to set customerId=2 and see the profile of another customer.
The problem is that, the application is already in production and in good working condition, so the changes should be minimal with respect to this change.
How is this best achieved?
Any sugggestions/comments?
why do you give the id in the URL when the user should only be allowed to change his profile? I don't see any need for this. Rather get the current user from SecurityConext and display its profile on an URL without the id.
with the new information you gave in the comments I suggest sth. like this:
just check if the given orderid in the URL belongs to the current user.
You're saying you use "normal web based Application" so I assume Servlet/jsp based. In your servlet you would do something like this:
int orderId = Integer.parseInt(request.getParameter("orderId"));
String username = request.getUserPrincipal().getName();
/*now you need to check if username match with the username of the order e.g. by using hibernate to get the order by id and check its user and if not throw PermissionDeniedException or similiar*/
95% agree with Korgen's answer above.
5% - if you want to allow administrator access to edit user profiles using the same functionality just switch to UUID to identify edited user.
I need to execute the following steps:
1. Start an IE browser window and open a URL (Done using StartBrowser(final string URL)
2. Start a session (done by logging in)
3. Now, I want to enter a different URL in the same browser window which has the same session.
My question is related to Step 3. How can I overwrite the URL in the existing IE window.
Note: I am using a keyword driven framework written in java.
From the IBM RFT online help: You can use the loadURL() method of the browser object.
If you do not have the browser object already 'learned' into your object map, just record a click on the browser toolbar. Then you can modify that line to be Browser_htmlBrowser().loadURL("http://stackoverflow.com");
Thanks Tom. I agree that loadURL has the implementation to do what I need.
There is one more aspect that may interest others looking at this question, i.e. the way the appropriate browser object is captured. Obviously the easist way is to use the RFT record and click way, and use the appropriate recognition properties or the other way is to implement it is find the existing browseron the fly when the method is called irrespective of recognistion properties etc which may be more useful for some scenarios or frameworks, like it is done below.
RootTestObject root = getRootTestObject();
TestObject[] testobj = root.find(atDescendant(".class", "Html.HtmlBrowser"));
BrowserTestObject bto;
bto = new BrowserTestObject(testobj[0]);
bto.loadUrl(curParamOne);