I know we can show content based on a users access level using Joomla ACL, but is it possible to show content to all users except for one specific group? If so, how?
I've tried creating an access level called news that includes all groups except no_news group then assigned my module access level of news.
Unfortunately users belonging to the no_news group were able to see the content. Any suggestions?
The no_news class is inherited from registered.
Is your no_news group inherited from Public? If so, exclude Public group from NEWS access level. Basically the idea is that if the parent group has access, then all child groups will also have.
Related
Is it possible to change the attributes of form view for specific user groups in form view tag, like in form tag, readonly="{('user_group','=','some_group')}">
I need to make a form view read-only for s specific user group but only from front-end. Records are updated from code by that user belonging to that specific user group from back-end. and if i disable updating the records of that model by that user group in my security file, that user is not able to modify the records even from back-end.
Best way to do this is by defining a new group that have only read access on that model and add to that user you will save a lot of typing and a lot of your time.
Because what you really asking is to remove edit write for a specific user.
I have entity "Work Order" for which I have defined many custom views. Work Orders can have records with statuses as "active ,cancelled, closed, inprogress, submitted" etc. My requirement is - currently logged in user who belongs to a specific team "sales representative" should be able to see all records on view.This can be done easily, but If current logged in user does not belongs to "sales representative" team, she should not be able to see "cancelled" records on view but all other record should be visible to her. How can I achieve this using custom filters if it is possible? Or by code changes?
It is possible to do this with custom code. Without questioning the "why" you'd like to do this (possibly it's sensitive information or something?), you can achieve it using a RetrieveMultiple plugin registered on the pre-operation event. Within this plugin one of the input parameters passed in is called "Query" and will have a QueryExpression. You can simply add a filter to this query in the plugin and the relevant rows will be filtered out. Something like this:
var query = (QueryExpression)context.InputParameters["Query"];
var condition= new ConditionExpression()
{
AttributeName = "statuscode",
Operator = ConditionOperator.NotIn,
Values = { 2, 3 } // Or whatever codes you want to filter!
};
query.Criteria.AddCondition(condition);
To check the current user you can grab the user id from the plugin context and retrieve the necessary info you would like to check.
Doesn't sound like this is possible with advanced find alright. You may be able to achieve it using security roles though. If you could assign cancelled work orders to a specific team, and then organise your security setup so that users who are not sales representatives can't see work orders from that specific team, then it might work. Unfortunately you would have to reassign the cancelled work orders which is not always an option.
Otherwise, you might have to go with a separate view for cancelled work orders, out of the box advanced find should allow you present a blank grid of you are not on the right team. But now obviously you are not presenting a whole view of the work orders.
In general I would go with the security option, and just make it work. Any other option is just a stop-gap. Users can always create custom views, so if you don't lock down access using security roles, the data is still accessible in indirect ways.
This question is really made of two parts.
Using Parse, I'd like to have the following [simplified] scheme, where I have Users who are part of secret groups, and there are discussion that can appear across a few groups at one. That is Users who are part of Group A also are added to the GroupA role, and have access to discussions in Group A.
My trouble is, when I create a new discussion and tell it the groups it should appear in, how do I query for the roles and add them to the Discussion as well? I'm really fuzzy on this roles/ACLs business, even after reading extensively.
User(firstname, lastname)
Group(members, secrets)
Discussion (groups, note, comments)
Create a Role when you create a Group. Assign a pointer from the Group to the Role. Set the ACL for the Group to the Role (for write, it can be public read or whatever you want). When you add users to the Group, add them to the Role so they have access through the ACL.
For your Discussion you need to add all of the appropriate Roles from all of the Groups to the ACL list so that all of the users in all of those Roles have access.
I would like to get the list of groups that every user in the yammer instance belongs to. Currently it looks like the user object from both the data export API and the REST API do not contain a section with which groups each user belongs to. I know that there is a way to see what groups I belong to in the REST API, but that does not seem to give the groups for every user in the yammer instance.
Does anybody know if there is a way to get the list of all groups that each and every user in the yammer instance belongs to using either of the APIs?
Thanks!
A fairly easy way to do this would be to get the list of groups:
https://www.yammer.com/api/v1/groups.json
And then iterate over the group IDs returned to get the list of members of each group:
https://www.yammer.com/api/v1/groups/{group id}/members.json
Bear in mind, unless you have proper access you may not be able to see into private groups to get the list of members.
I found that if you have the full list of group IDs (either from the data export api or the rest api), you can use those group IDs to individually query, and page through the following endpoint on the REST API.
https://www.yammer.com/api/v1/users/in_group/[group_id].json?page=[page_number]
I am working on an ASP.NET MVC 3 application where users can be assigned different roles for different asset types. They are able to view assets that belong to different groups (asset type), one at a time.
Depending on the asset type of the asset that is being viewed, I would like to update the Principal's roles array to only have the roles that the user has been assigned for that asset type.
I am thinking I would do an authorization filter that takes care of looking up the roles the user has been assigned to based on the asset being viewed and loading them into the roles array. This way, the roles array will always reflect the permissions they have for the asset being viewed.
Then from the view, I can hide/show different parts of the page depending if they are in a specific group (User.isInRole)
Would this be the right approach to switching roles for the user depending on the asset type?
If these roles need to be applied across a request, and you can get the items identifier from header, query string, cookie, or session, i would suggest possibly adding an httpmodule that would bind to the AuthorizeRequest event. In that point you will want to provide your IPrinciple object with its custom implementation
the IsInRoles based on your rules.
Would this work, I'm mainly just guessing about your setup and on an ipad.