i am trying to build an android app with posts and comments
the comments are shown in ListView using custom adapter
different user can comment on any post
each time a comment is saved it is saved with public readaccess and private write access
there is also a delete and edit option for each comment in case user wanna delete or edit the comment
here i cannot understand how can i check if the current user has access control (ACL) over that data so that i may allow him to edit it
USING PARSE AS A BACKEND!
ANY HELP WOULD BE PRAISED
Related
We have table Transfer Order:
This is the view from admin User.
This is the view of the user to whom I need to give read , write, create and delete access, but the two fields 'To Stockroom' and 'From Stockroom' are not visible to this user.
I have created ACLs like:
how I can make these two fields accessible to some user?
Please help me.
In order to find the specific ACL that is failing the user's request for access, you can simply enable the Debug Security module. Then impersonate the user, visit the record, and scroll down the page. You'll eventually come to a line like this:
This red X indicates that a condition of the ACL was not met. Clicking the ACL (In this case, record/alm_asset.model/write) will take you to the specific security rule. Hovering over the red X will tell you what portion of the ACL was not met; the condition, the script, or the role requirement. That is what you must remedy either in the ACL, or by granting the user the necessary permissions.
I suspect in your case, that the user is able to see the record they're viewing, but does not have access to view the record or table referenced in the reference field. However, only the ACL/security debugger can tell you for sure.
To stop debugging, just click the "stop debugging" module in the app navigator, or log out of ServiceNow.
I'm trying to find a list of users for a specific project (by projectKey) who possess the issueadmin permission. I've found a documented API that gets me pretty close:
api/permissions/search_project_permissions
but the response that I get back only has summary information: counts of groups/users for each permission type.
search_project_permissions response
Does anybody know if there's a way to get to the login details for the users?
There is an "internal" web service (meaning it could change without notice!) that does this. You'll use it like so:
http://myserver.myco.com/api/permissions/users?projectId=[project guid]&permission=issueadmin
In Web API interface use the "Show Internal API" checkbox at the top of the left column to see it.
just noticed in Sonarqube v6.7 it works as follows:
https://sonarqube.dhl.com/api/permissions/users?projectKey=<KEY>
https://sonarqube.dhl.com/api/permissions/users?projectKey=<KEY>&permission=issueadmin
https://sonarqube.dhl.com/api/permissions/users?projectKey=<KEY>&permission=issueadmin&permission=scan
All possible permissions are (reg. Browse, See Source Code, Administer Issues, Administer and Execute Analysis):
admin
codeviewer
issueadmin
scan
user
I have a Post class that contains user posts. The posts should be public readable but unable to write to. However a user(author) should be able to write/delete their own posts. Here are my permission settings on the Post class -
Class Level Permission: Public-Read
Access Control Level: Public-Read, Author(pointer)-Read/Write
I get access denied when I try to delete the post. If CLP always overrides object ACL, what's the point of ACL at all?!!
If that's the case, should my CLP be read/write for Public then?!! How can I get around this or do I HAVE to write Cloud Code?
Thanks a bunch.
The CLP (Class Level Permission) are overwritten by the ACL when they allow an action. If you do not enable the Update CLP, nobody will be able to update any objects on the table, even if they have the right ACL. When you enable the Update CLP for public, the ACL will control what people can update your objects.
So as long as the CPL and the ACL are not allowing any Update/delete for "public" you are "safe".
How do I run/call/kickoff an external program (custom code) whenever certain attributes or objects are added or modified in OpenDJ’s database?
Here is my real world need. (Feel free to change my thought direction entirely).
Whenever a new email address gets created or changed in the OpenDJ database I want to initiate some java code that does some email verification/validation (send the “click here” link with a token to prove the user owns the email they just signed up with).
I know, I could use OpenIDM/AM to accomplish this but to take this a step further I need to validate other information and other credentials (custom) which users supply that are not supported by OpenIDM/AM suites.
Initiating/calling custom code upon ADD or MODIFY of specific objects and attributes is what I want and would like to know how to accomplish this. Preferably without having to scrape logs.
Please Help.
Chad
OpenDJ has a plugin interface where you can plug Java calls on Add or Modify. A sample of this kind of plugin is the attribute uniqueness which verifies that some attributes have a unique value in the directory.
The plugin interface javadoc can be found here : http://docs.forgerock.org/en/opendj/2.6.0/javadoc/org/opends/server/api/plugin/DirectoryServerPlugin.html
I am using sentry for my application.
but, I am still confused to implements sentry permission to declare the owner of the object.
for example : any authors writing an articles.
my question : how to set permissions by the owner of the article ?
I wouldn't see Sentry as being used for this, as it is a simple comparison of current user id to article author id. To use the default Sentry permissions for this you would need to add a new permission to the user permissions for every article that the user added, as far as I am aware - or otherwise extend the Sentry package with a custom function to handle this.
Another approach would be to use Sentry to check if the user is allowed to add an article in the first place, by adding author permissions to the user, or creating an authors group, and then check if they are the owner by just comparing the user and author id. You could also have an edit permission or group for users that can edit any article. Checks would then be something like:
//see if user can add article via sentry permissions
if ($current_user->hasAccess('author'))
//see if user can edit current article if they are author, or have edit permissions
if (($current_user->id == article->author_id) || $current_user->hasAccess('edit'))
with the hasAccess('edit') part using Sentry to check if user can edit the article even though they are not the author.
You would probably want to abstract out the owner check though if you are checking in multiple places in case you change the way you evaluate ownership at any point.