I am trying to manage user permissions
I know that if I want to grant a particular user Publish and Browse (PermissionIds U,F) I would do this:
contentService.AssignContentPermission(node, 'U', userId);
contentService.AssignContentPermission(node, 'F', userId);
but if the user already had those permissions and I want to remove Publish and grant 'Send to Publish' (H) how do I remove the existing Publish permission for that user/node combo?
I tried:
contentService.AssignContentPermission(node, '-', userId);
but this didn't seem to work.
looks like it's best to assign the permissions using the ApplicationContext.Current.Services.UserService
get all applicatble nodes (a single one in my case) and permissions and call
userService.ReplaceUserPermissions(user.Id, permissions, nodes);
Related
I am writing some integration tests at the moment for my website, I have noticed that I have been creating accounts without deleting them.
I have just been deauthing them with
try {
info('deauthing: ' .$accountID);
OAuth::deauthorize([
'stripe_user_id' => $accountID,
]);
} catch (\Stripe\Error\OAuth\OAuthBase $e) {
exit("Error: " . $e->getMessage());
}
when i try to reuse an email address for a testing account, it tells me that account already exists. But I can't see it anywhere in my dashboard.
I have tried to delete the account at the end of my test run but I get this error
Stripe\Error\Permission : This application is not authorized to delete this account.
the code i am using is this
public function deleteAccount($accountID)
{
$account = \Stripe\Account::retrieve($accountID);
$account->delete();
}
what am I missing?
There is no way to delete a Standard account via the API. As the platform you can create one, but it is then owned by a separate user and you can not control its deletion for security reasons. De-authorizing the account is the closest thing you can do in this situation.
If you're doing this for unit tests, you might want to create Custom accounts instead to avoid the address conflict. Otherwise, use a random suffix like my+12345#email.com
EDIT: rest-server gives the option "Specify if you want the generated REST API to be secured: (y/N)", is this to enforce the acl?
I've been trying to setup a simple test using hyperledger-composer node js client. In my config I have the following:
"connection-info" : {
"participantId" : "gk1",
"participantPwd" :"CjysyeLjriRT",
"businessNetworkIdentifier" : "myBizNetwork",
"connectionProfile" : "defaultProfile"}
In my business network definition I have the following:
rule Default {
description: "DENY all participants access to all resources"
participant: "ANY"
operation: ALL
resource: "net.name.myBizNetwork"
action: DENY }
When I call the following code in node js app, I can still see the resources:
this.bizNetworkConnection.getAssetRegistry('net.name.myBizNetwork.TestAsset');
}).then((registry) => {
return registry.find('testAssetId = ' + id);
Obviously I'd like to do more scenarios with access control, but in my understanding this should work.
A good first point of call is to try out your model, acl, and script files in the online playground here https://composer-playground.mybluemix.net/
Note - you are an admin by default, to simulate being a participant you can do so by:
Clicking 'admin' in the top right of the playground
'+ Issue New ID'
Supply a User ID (whatever you like) and participant (will be one you created earlier) and then press 'Create New'
Select Option 2: '+ Add to my Wallet' (This will allow you to then use the identity and you will 'be' that participant
From looking at your code, the resource you deny is "net.name.myBizNetwork".
Following the documentation here https://hyperledger.github.io/composer/reference/acl_language.html I think that to deny access to the resources within your network you will need to add a '*' wildcard (see the Examples section in the link). If that doesn't work it may have something to do with identities.
Another note, from my understanding, you need to secure the API if you want to use identities. However, you also need to create/bind identities to existing participants, and then use those identities to 'be' that participant. See the article here https://hyperledger.github.io/composer/managing/identity-issue.html
By default, you are a Null participant (you can see what participant you currently 'are' by pinging the network)
What I am trying to do is to insert new profile id to Webproperty Adwords Link.
There are already some profiles added to this link - lets call them xxxxxx and yyyyyy.
To add a new one I use this method: https://developers.google.com/analytics/devguides/config/mgmt/v3/mgmtReference/management/webPropertyAdWordsLinks/patch#request
I create a new profile via API and i have its id - let's say its: zzzzzz
Next i use this method: PATCH https://www.googleapis.com/analytics/v3/management/accounts/accountId/webproperties/webPropertyId/entityAdWordsLinks/webPropertyAdWordsLinkId
with following body:
{ 'profileIds' => ['xxxxxx', 'yyyyyy', 'zzzzzz'] }
And i got an error: "User does not have sufficient permissions for this PROFILE with ID yyyyyy."
It seems like i dont have a permission to access this yyyyyy profile but its already there - i just want to add zzzzzz profile. Am I doing something wrong?
This code is to a registration page looks great, but again I get an error message after you typed the following code (below is the error message).
I can not understand what is the error and how it should be the correct code?
Codice mysql per fare dei test (aggiungiamo un utente)
INSERT INTO users (id, username, password, online, email, active, rtime) VALUES
(1, ‘testing’, ‘testing’, 0, ‘fake#noemail.co.uk’, 0, 0);
code looks well.
Try to check that your root user have all the rights and password correct for your host.
as far as i can understand you are running with user root.
go to config file and check for user. If you are using phpmyadmin then you can check it in Privileges tab that your user have privileges to access
We have an MVC ASP.NET Application. A Person can see a View, if they are in one of the Active Directory Groups. We have only one box for hosting our Database and Application(code)
Our Problem:
A person does not exist in any one of The ADGroups, but he is Administrator on the box.
For Some Reason, he is authenticated with the View.. He is not supposed to be authenticated.
Do not know why its happening.
I know this is unique problem, Does anyone had similar issue?
This is the code we are using for authenticating a user
if (LoginHelper.IsUserMemberOfRoles(LoginHelper.GetLoggedInUser(), new List<string> { GroupEnum.OurADGroupName.ToString()}))
{
//authenticated
}
else
{
//Redirect to not authorised View
}
My Understanding:
As the Person is Admin on the Box, does this override all ADGroupName Permissions.
It sounds very silly but I thing, this is one possibilty?
He surely must be an admin or in a group in Active Directory