in custom edit template i display user roles:
<metal:block fill-slot="widgets">
<tal:globals tal:define="
portal_membership nocall: context/portal_membership;
userRoles python: portal_membership.getAuthenticatedMember().getRoles();
">
....
<p tal:content="userRoles "></p>
from /##usergroup-userprefs i added, removed roles to a test user, but when logged in as test user i see the same roles! Test user roles changed only when i restart client by runnning
bin/client1 restart; bin/client1 stop; bin/client1 fg
Could anyone give advice? Many thanks.
add/remove roles via
/acl_users/portal_role_manager
as you said here :)
Related
I have a requirement to create userids and assign Admin role for some users and I am trying to do this through a Jython script as it will speed up the process and saves time.
So,I have created the below Jython script to achieve it.
Script
import sys
filename="C:\Users\harish\Desktop\scripts\input.txt"
fileread = open(filename, 'r')
filelines = fileread.readlines()
for row in filelines:
column=row.strip().split(';')
user_name=column[0]
print user_name
pass_word=column[1]
first=column[2]
last=column[3]
AdminTask.createUser(['-uid',user_name, '-password', pass_word, '-confirmPassword', pass_word, '- cn', first, '-sn', last ])
AdminTask.mapUsersToAdminRole(['-roleName','Administrator','-userids',user_name])
AdminConfig.save()
print 'Userid creation completed for', user_name
fileread.close()
The script runs fine and doesn't throw any errors.However, the users are not able to login to WAS Admin Console and they can only able to do it after I save the configuration by clicking "OK" at page "Users and Groups" -> "Administrative User Roles" ->
Can someone please let me know what am I missing here while working with wsadmin or is there anything else I need to do to accomplish the task ?
I am working on WAS 8.5.5.0 version.
Thanks for your help.
I think you need to add this code to the end of your script (not in the for-loop). This will refresh the security configuration.
agmBean = AdminControl.queryNames('type=AuthorizationGroupManager,process=dmgr,*')
AdminControl.invoke(agmBean, 'refreshAll')
This assumes you're using Network Deployment, process=dmgr. You may need to change the process.
I created a new AD group "IT Dev". the application only use windows authentication. I am using User.IsInRole to check if user is in "IT Dev" group.
I couldn't get it work, it always return false. even tho, I already added myself to that group.
I used following codes to see what roles I am in. "IT Dev" is not there.
var roles = Roles.GetRolesForUser(User.Identity.Name);
foreach (string rolesForUser in roles)
{
var m = rolesForUser;
}
then, I restart my computer, everything works. After it goes to production, I dont want to restart my computer, everytime i add a new group. how do I disable cache? so this role info is not saved on the server.
When I try to log in while I'm already logged in, wicket gives me a LoginException; Additional Logins are not allowed. This makes sense of course.
What I want to do, is invalidate the session if there is already a user logged in, and log in in the same event.
if (((AuthenticatedWebSession) getSession()).isUserAuthenticated()) {
((AuthenticatedWebSession) getSession()).invalidateNow();
}
((AuthenticatedWebSession) getSession()).login(secureLoginContext);
It seems invalidateNow is completed after the onSubmit event, because Wicket still gives me the same LoginException.
Any ideas how to make this work?
Why do you want to log in again? Are you trying to log in with different credentials?
I have once written a panel where a user (already logged in) could log in as another user if he had sufficient rights. I ran into a similar problem and fixed it by forcing wicket to make a new session with ThreadContext.setSession(null).
So you code would become:
if (((AuthenticatedWebSession) getSession()).isUserAuthenticated()) {
((AuthenticatedWebSession) getSession()).invalidateNow();
ThreadContext.setSession(null);
}
((AuthenticatedWebSession) getSession()).login(secureLoginContext);
How do users reset passwords while in "off-line" mode.
We are running the site as Intranet.
Joomla 2.5.4
Mhm.. this is quite long to do, but maybe you can work it out.
Grant your user level offline access (you can do that in Global configuration -> Permissions)
Create a menu entry that point to the user profile and set visible to your users
Set every menu/modules etc etc invisible to "normal" users (except the previous one)
I've never tried it before, but it should work.
I just wanted to share my solution for Joomla 3.9:
In the file "offline.php" of your template (or in /templates/system if the template has no offline.php) you can place this code before where the login form is displayed:
if( JRequest::getVar('option') == 'com_users') {
?><jdoc:include type="message"/><?php
$registrationController = new UsersController();
$registrationController->display();
} else {
// Login Form
}
so it displays the dialogs to reset the password if the page is loaded by using "index.php?option=com_users&task=request.reset" or similar, but shows the "offline" login form by default.
We have an MVC ASP.NET Application. A Person can see a View, if they are in one of the Active Directory Groups. We have only one box for hosting our Database and Application(code)
Our Problem:
A person does not exist in any one of The ADGroups, but he is Administrator on the box.
For Some Reason, he is authenticated with the View.. He is not supposed to be authenticated.
Do not know why its happening.
I know this is unique problem, Does anyone had similar issue?
This is the code we are using for authenticating a user
if (LoginHelper.IsUserMemberOfRoles(LoginHelper.GetLoggedInUser(), new List<string> { GroupEnum.OurADGroupName.ToString()}))
{
//authenticated
}
else
{
//Redirect to not authorised View
}
My Understanding:
As the Person is Admin on the Box, does this override all ADGroupName Permissions.
It sounds very silly but I thing, this is one possibilty?
He surely must be an admin or in a group in Active Directory