I want to restrict certain users from accessing a class called Item in my parse database. I created a role called blockedUsers and added some users to it.
Now I am confused as to how I should modify the Items class's Class Level Perrmissions to restrict these users.
My objective: Everyone should have access to class Item except a group of users. Can anyone please help
Related
I am creating one multi-tenant app in Laravel with Single Database and thinking to use laravel-permission package by spatie.
My Requirement is pretty straightforward, I want my tenants to create their own Roles, whereas permissions will be managed by Super Admin only.
My problem is when I was trying using, It worked for 1st client but 2nd time it gives error:
A role 'Admin' already exists for guard 'admin'.
As I mentioned client can create roles, so they can crate duplicate roles.
Please recommend better approach or package or should I try writing custom code.
Any help appreciated!
Because the name is indexed in the role table, you cannot create a duplicate role name, I ask you not to change the package, but in case you have 2 ways to handle this
1- unindex the name collemn or disable unique feature, and add you tenant id to table so by do this you can manage and get right role for each tenant
2- add another table to manage your sub role (tenant role) and connect you sub role with master role by id
I would consider using a hidden prefix: on the roles and permissions that would scope them to a particular tenant. So for example:
Roles
system:admin
tenant_a:admin
tenant_b:admin
Permissions
system:creates-roles
system:reads-roles
tenant_a:creates-roles
tenant_a:reads-roles
The prefix would not be assignable by a Tenant, the system would automatically assign that based on the User. However, if you're a System Admin (i.e. Super Admin) then you could create/view/assign a prefix in order to manage the roles and permissions.
This would require you to write some custom logic for handling the prefix, however, it is pretty flexible (you could nest unlimited identifiers - a:b:c:d:e etc.) and doesn't require you to go messing with any underlying packages (i.e. laravel-permissions).
Im new to Umbraco development, but im plenty familiar with ASP.Net & MVC etc. So Im getting to grips with the object model and terminology used, but Im not sure where to start. I need to use windows authentication on my Umbraco site, which will be for internal use only.
What I envision:
- When a domain user hits any area of the website, grab the user identity
- Lookup to see if matching user(or member) exists and if not create it
- Login this user to Umbraco
- By default all new visitors, if their user identity doesnt match a current member, then create that member and log them in.
Sounds like I need to create my own controller that overrides the base controller (RenderMvcController ?) and check the user identity on each and every request? Maybe do this by overriding the Index action method? Or could I do this with a macro - or as ive seen mentioned, are macros loosing favor with the new version of Umbraco?
Also, Im not sure how to deal with members vs users? As I understand it, members are who have access to the front part of the website, whereas users are those that have access to the back office area and can create/manage content.
Are all users also members?
There will be some that I want to give access to create/manage content, so when Im auto-creating users, its actually members that I need to create, not users?
[ update ]
Actually, I think I will need to create my own membership provider if I want every request routed through the check for a valid domain user? In my research, I keep coming across this example http://thegrayzone.co.uk/blog/2012/07/combined-authentication-with-umbraco/
I have overridden the default RenderMvcController in numerous projects with success, you could of course use the built in Umbraco auth to redirect to an authentication page for users that do not have a valid Umbraco Auth token and set it only only on that page based on their windows identity.
RE: Are users also members?
No. Users & Members are entirely independent of one another; users being back office users & members being front end users. You will need to create 2 accounts.
In our app we have multiple types of users ( caregiver ,patient) each user must login to app then will view his homepage , how can implement this in parse.com ,Because it does not allow the creation only for one user Class
Any help please !
thanks in advance
You can use the Roles feature which allows you to assign User privileges to specific users.
Read more about Roles (this is the iOS doc)
On my parse based application, each user will have a list of notes that are private to him by default.
The user will be able to invite other users (identified by their email address) to view the notes.
I want to use ACL for that, but was wondering what should I do if the invited user is not registered yet as a Parse user on invitation. In that case, the notes creator user cannot add him to the note's ACL since there is no ParseUser object yet.
What is the best solution for this type of invitation?
Can I use ACL for this or do I have to manage the access myself?
If you're familiar with Parse technology called Cloud Code then you should check this https://gist.github.com/mikevansnell/5140654
This code creates future user from the email passed to the function and asign it with some random password. And then an invitation email is send to the passed email with all the info, including password. And when the invited user goes to the app just fill the logi
These are two options I can think of.
1) Use ACL
Modify the note's ACL so that it has read access by the users invited that are already registered. Any users that are not registered, get a new row containing the email and note id in a separate table called NewUserAccess. Whenever a user is created, query NewUserAccess for rows with the registering email. Update those notes with the newly created user's objectId.
2) Manage Access Yourself
The second option is just creating a table called UserAccess. With this, when you invite a user you create a row with their email and the note they have access to. This would cause problems if the user changed emails which would require additional work.
If you want to use ACL in order to control user access to classes, objects
just create a new _Role='registered_user' in the parse built in class "role" .
and when user xyz registers, add them to role 'registered_user'
in the ACL of the classes where you want to restrict READ to the role, use the following:
"ACL":{"registered_user":{"read":true}}
Explicitly setting READ permissions in ACL instead of just wildcarding it using "*" will lock down the access to members of "registered_user" Role.
Its just like groups in the file system.
I have a Sitecore site that uses the AD module for connecting to an Active Directory. Let's say that we have a Role defined in Sitecore called "Content Authors". Content Authors may contain individual user accounts - "jsmith" - or it might contain an entire AD Group - "Northeast Managers". I need to get a list of all users who are in the "Content Authors" role, either directly or indirectly (through an AD group). Right now my code only seems to be returning users that are directly a member of the "Content Authors" role. Here is my code:
string[] _roleUserNames = System.Web.Security.Roles.GetUsersInRole("Content Authors");
I was assuming that this code would return the "effective" list of everyone who is in that role. It seems to only return people who are directly in that role. Does anyone know if there is some other way of getting everyone in a role?
I figured out that this is a specific issue to Sitecore as Sitecore allows Roles in Roles and that functionality is built on top of the MS ASP.NET Membership stuff. To get all users in a role including "indirect" users you should use the following code:
IEnumerable<User> _roleUsers = Sitecore.Security.Accounts.RolesInRolesManager.GetUsersInRole(Role.FromName("Content Authors"), true);
This will give you all of the users including indirect users.
I know this is old, but I ran into this same problem and the above solution did not work for us. The indirect users in Active Directory were not found, only indirect users in Sitecore roles.
Further investigation into the AD module role provider seems to indicate that there is code for indirect roles, but that the call to get to it doesn't seem to function. dotPeek showed me that there is an explicit setting of 'false' for a parameter that would trigger indirect roles searching for users, and was not reading from the setting.
We needed to decompile the AD 1.1 code, and then fix that part in order to get it working.