Is there a way where we can fetch public folders additional properties
like - list of users and their current rights.
I have tried to list all public folders like this-
<soap:Body>
<FindFolder Traversal="Shallow" xmlns="http://schemas.microsoft.com/exchange/services/2006/messages">
<FolderShape>
<t:BaseShape>Default</t:BaseShape>
</FolderShape>
<ParentFolderIds>
<t:DistinguishedFolderId Id="publicfoldersroot"/>
</ParentFolderIds>
</FindFolder>
</soap:Body>
Now how can I make another soap request to list properties of a particular public folder?
When retrieving folder properties, you need to request folder:PermissionSet property:
See https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-set-folder-permissions-for-another-user-by-using-ews-in-exchange
Related
(eXist 4.4) I am working on creating a user setup page to allow an admin to create site users. I want to store info beyond user name/pword/permissions (for example email, language preference, etc). The question is where to store user info beyond what is kept in the collection /db/system/security/exist/accounts: is there a recommended secure practice for this? Is there a reason not to simply add new elements to the user profile .xml files kept in /db/system/security/exist/accounts ?
Several account metadata attributes from the axschema.org schema are supported by eXist. For example, given a $user record of the form:
<user>
<friendly-name/>
<first-name/>
<last-name/>
<full-name/>
<email/>
<country/>
<language/>
<timezone/>
</user>
You can set these attributes via:
sm:set-account-metadata($username, xs:anyURI("http://axschema.org/namePerson"), $user/full-name),
sm:set-account-metadata($username, xs:anyURI("http://axschema.org/namePerson/first"), $user/first-name),
sm:set-account-metadata($username, xs:anyURI("http://axschema.org/namePerson/last"), $user/last-name),
sm:set-account-metadata($username, xs:anyURI("http://axschema.org/namePerson/friendly"), $user/preferred-name),
sm:set-account-metadata($username, xs:anyURI("http://axschema.org/contact/email"), $user/email),
sm:set-account-metadata($username, xs:anyURI("http://axschema.org/contact/country/home"), $user/country),
sm:set-account-metadata($username, xs:anyURI("http://axschema.org/pref/language"), $user/language),
sm:set-account-metadata($username, xs:anyURI("http://axschema.org/pref/timezone"), $user/timezone)
Then you can retrieve these attributes using the sm:get-account-metadata() function.
See http://exist-db.org/exist/apps/fundocs/index.html?q=account-metadata for the relevant function documentation. See also https://github.com/eXist-db/exist/blob/develop/exist-core/src/main/java/org/exist/security/AXSchemaType.java for the source code.
I have a very simple asp.net core 2.0 application and what it looks like a very simple problem, but I can't find the solution.
My application store diferent private images for users like photo, copy of their id...those images of course have to be private and only the web application can show them in certain pages. For example the administrator can see them when browsing the users in the admin panel, or a user can see his images...
The files are in a folder "users/1/photo.jpg" or "users/243/id.jpg". Of course those folders have to be private and you can't browse them.
How can I do so when I use a image tag I can see the image:
<img src="???">
Without showing the real path and also preventing anyone to access that file but the pages I want.
Thanks.
UPDATE
First of all, thanks to Mark Redman and T.S., you helped a lot.
Finally what I'm doing is to have the sensible images outside the StaticFiles public folder and the non-sensible ones in the wwwroot folder.
PART 1. SENSIBLE IMAGES
For the sensible images I'm using a IActionResult to return the file, but after I encrypt the file name. This is just an example...
public IActionResult ViewUser(int id)
{
var model = new Model();
....
model.EncryptedId = _protector.Protect(id.ToString("D6"));
return View(model);
}
This way I can return the encrypted id to retrieve the image I want without publishing the real id.
In my View:
<img src="/home/GetImage?id=#Model.EncryptedId" />
And the GetImage would look like this:
public IActionResult GetImage(string encryptedId)
{
var decryptedId = _protector.Unprotect(encryptedId);
var file = Path.Combine(_hostingEnvironment.ContentRootPath, "MyPrivateFiles", decryptedId + ".jpg");
return PhysicalFile(file, "image/jpeg");
}
This way, as far as I understand:
- I'm protecting my private files by not storing in a public folder such as wwwroot, so no one can download them directly.
- Also no one can get the id of an existing user and try to call my Action GetImage?id=232 because I have encrypted that id.
Other protection level I can have is only authorize certain users to access the GetImage Action, for example allowing users only to get their images or allowing administrators to download any.
PART 2. NON SENSIBLE IMAGES
For the non sensible images (such as user public photos) I'm storing them in the wwwroot because I need them to be public.
Using the asp-append-version="true" I can cache images, which is a very good improvement of this Asp.Net Core.
The only thing left for me would be to obfuscate those image names so I'm not showing "domain.com/users/1234.jpg" and show, for example, "domain.com/users/sdfjknkjSD2.jpg".
I don't know how to do this WITHOUT LOSING the advantage of the caching.
Is there a way to do this?
Thanks in advance.
It is best practice to not store your images in the web folders.
here is a very basic action, something like this...
[HttpGet]
public FileResult GetImage(string userId, string id)
{
return File($"{YourRootPath}users/{userId}/{id}.jpg"), "image/jpeg");
}
<img src="/YourController/GetImage/?userId=243&id=123"/>
for .net core you might want to do this;
public async Task<IActionResult> GetImage(string userId, string id)
{
Stream stream = await [get stream here__]
if(stream == null)
return NotFound();
return File(fileStream, "image/jpeg", $"{id}.jpg");
}
One solution i can suggest to this problem is, creating a folder using GUID id and storing the image of the user in that folder. So this happens for each user so now while showing using img tag, only the app would be able to render the correct image as the path is derived from the db while hackers would find it almost impossible to guess the guid id which essentially is a folder name and required for guessing the image and rendering it on webpage.
Can't seem to to find this posted online anywhere - excuse me if it is!
I am looking for an event/pipeline that one can override for the main content tree in the CMS. I need to hide/disable items in the tree according to user roles so they will not be able to select or view them.
Thanks!
Dan
You should be using access rights for it. It would fit your needs.
You basically need to select the item you need to limit access, then got to the Security>Assign.
Break inheritance to Everyone, then set Allow Read for a specifc role you want to allow. That will hide the items in the tree for the users which are not in the specified role.
Yes, there are situations where access filtering might not be a very good solution, so you should probably go with a custom DataView instead. Override the default Sitecore.Web.UI.HtmlControls.MasterDataView class and override the GetChildItems like this:
protected override void GetChildItems (ItemCollection children, Item parent)
{
base.GetChildItems(children, parent);
YourFilteringMethod(children); // Let this method remove unwanted items
}
Then replace the master data view in your sitecore config file, such as using a patch file like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:x="http://www.sitecore.net/xmlconfig/">
<sitecore>
<dataviews>
<dataview name="Master">
<patch:attribute name="assembly">YourAssembly</patch:attribute>
<patch:attribute name="type">YourNamespace.MasterDataView</patch:attribute>
</dataview>
</dataviews>
</sitecore>
</configuration>
Here's a post about it where it's being used for language filtering (it goes a bit further as well), but you can implement it for doing access filtering that suits your needs instead:
http://mikael.com/2014/10/sitecore-dataviews/
/ Mikael
The below SOAP call will update the entire list of categories (previous entries will be gone), but I want to add one or more.
<soapenv:Envelope [snip]>
<soapenv:Header>
<typ:RequestServerVersion Version="Exchange2007_SP1"/>
<typ:MailboxCulture>en-US</typ:MailboxCulture>
</soapenv:Header>
<soapenv:Body>
<mes:UpdateItem ConflictResolution="AutoResolve" SendMeetingInvitationsOrCancellations="SendToNone">
<mes:ItemChanges>
<typ:ItemChange>
<typ:ItemId Id="AQMk[snip]AAAA==" ChangeKey="DwA[snip]JPV57"/>
<typ:Updates>
<typ:SetItemField>
<typ:FieldURI FieldURI="item:Categories"/>
<typ:CalendarItem>
<typ:Categories>
<typ:String>TIMETELL</typ:String>
</typ:Categories>
</typ:CalendarItem>
</typ:SetItemField>
</typ:Updates>
</typ:ItemChange>
</mes:ItemChanges>
</mes:UpdateItem>
</soapenv:Body>
</soapenv:Envelope>
I tried AppendToItemField instead of SetItemField, but Categories is not a 'appendable' property (ErrorInvalidPropertyAppend - Only To, Cc, Bcc, Required, Optional, Resources, Body, and ReplyTo are).
Is there a way to add Categories strings?
Glen Scales' answer in this post suggests that I would have to refresh the entire categories list but he's not sure
What I want is indeed not possible, the entire list of categories must be updated.
Also note that "Stamping a contact item with a category doesn't modify the Master Category List, which is what Outlook uses to display the drop down. If you want your category to appear in the drop down, you must add it to the MCL."
And updating the MCL must be done differently in Exchange 2007 or later versions,
"because the Master category list is stored in a hidden item in the mailbox - EWS doesn't allow you to access hidden items so there's no real workarounds. You can however do this with any of the other Exchange API's such as Mapi, Exoledb or WebDAV."
I am trying to read (FetchXml) the content of all the readable attributes of all the entities based on the list I get using the metadata webservice.
This works fine except for 3 entities ("resourcegroupexpansion", "workflowwaitsubscription" and "interprocesslock") for which I systematically get the following error:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Server was unable to process request.</faultstring>
<detail>
<error>
<code>0x80040216</code>
<description>An unexpected error occurred.</description>
<type>Platform</type>
</error>
</detail>
</soap:Fault>
</soap:Body>
</soap:Envelope>
According to this http://msdn.microsoft.com/en-us/library/gg328086.aspx those 3 entities are for internal use only which might explain why I get an error (having said that I’m able to read other “internal use only” entities).
So my question is this: how can I detect from the metadata which entities are “for internal use only” and which are not ?
Of course, I could hard-code the list of entities based on the documentation but I don’t find it very satisfying.
Unfortunately there is No flag to identify the "for Internal use only" entities.
But one thing I noticed from XrmToolbox Metadata browser - the description column of entity is having "for Internal use only" text for ~15 entities.
We can leverage the same by identifying & updating this field with unique values for internal system entities (thru some unsupported way like export solution, modify & reimport). Then description field text can be used to filter out these internal entities.
I never tried this. Will try & update my answer soon.