I'm using the CakeDC/Users plugin and want add other user roles.
Right now I have the both superuser and user roles.
I'm doing the permissions control in the permissions.php.
I'm also overwriting the layout files. Tried initially force the role field in the form, but the plugin write the user role in the controllers.
As steinkel posted in this issue: https://github.com/CakeDC/users/issues/513
You must add this line after the pathEntity in /vendor/cakedc/user/src/Controller/Traits/SimpleCrudTrait.php
$entity->role = $this->request->data('role');
Then configure your form to pass the role field. In my case, I passed this information with a select box.
Related
I have enabled Field security on 2 checkboxes I have on a my form.
Checkboxes:
Security Override (checkbox)
Financial Overide (checkbox)
I have created 2 Field Security Profiles (FSP).
Override Control
This FSP will grant assigned users the ability to read, create, update.
Override Read
This FSP will grant assigned users the ability to read.
When I tested Override Read with an assigned user. I was still able to click and changed the checkboxes. It appears as if crm is ignoring the Override Read FSP.
How can I configure the checkboxes to be read only using Field Security Profiles?
I tried testing and debugging the issue with the Field Security Profile for a few hours and decided to take a different approach.
I ended up using javascript, when the page loads it will disable the override checkboxes. The checkboxes will only been enabled if the user has a particular security role.
In case you were testing using account that has System Administrator - that would not work because System Administrator will have an access to any fields if I'm not wrong.
UPD in this case please provide screenshots of fields you've made FL-secured, profiles you've created for fields and screenshot of profiles assigned to a user and at the end screenshot of a form with fields.
I hope you're fine, this is my first question and I really don't know where to start from, so here it is,
I've been trying to build a sample with Microsoft Web api Template where I have to authorize users based on roles for example "Admin, Moderators, etc..." so, the thing is the I don't want to put all those roles on the top of the controller like
[Authorize ( Roles ="Admin, Moderators, etc...")]
I see this as not a good practice because What happens if I create another role in my db? I will have to modify the controller to add the new Role xD, really bad, isn't it? so the question is. How to extend some class like AuthorizeFilter to get the roles from database and validate with the controller? I mean if there is a user who is in the role admin authorize it and viceversa?
the other question is How to build a great authorzationfilter which can manage something like if a user if in Moderator Role but the only right he has is to user the Create action in the controller?
I hope you can help me with an example...
Thanks in advance
Ps. Sorry for my english
I agree role based authorization is somehow limited and authorize attribute is a bit rigid.
In some scenarios role based authorization is not enough, you need to extend it. You can introduce the permission concept. Instead of be a requirement that you have to be a member of a specific role to execute an action, you could state that to be authorized to execute an action you need a specific permission. So instead of authorize attribute you use RequiredPermisionAttribute. Of course you need to write RequiredPermissionAttribute as an authorization filter.
In the database you have the Permissions Table, the RolesTable, the RolePermissions table and UsersInRole table.
So a user can be a member of one or more roles. A role can have one or more permissions. A user has a specific permission if he/she is a memeber of a role that has that permission.
The required permission filter checks if the logged in user is a member of a role that has the permission, if not, then returns 401 not authorized.
This is a more flexible approach, actions are not tied to roles and roles don't have a fixed number of permissions.
How to give the User permission in winform?
For Example
My application is based on retail shops,so the every employee having username and password,the Super Admin(Manager) he needs to give the permission to each user
NOT all employees have the full rights to access all the forms.
In each forms they have to access only selected controls only
for ex. User x have permission only for ADD and Edit only, but not To delete the record.
The User x not suppose enter discount more than 25%
The Super Admin Have the permission to allow access to every employee.
In this I need some logic references
may grateful.
As Somewhere Mentioned above you need a role based architecture.
In your database Of users you should include role column.
At the time of user log in you have to get role of of the user having particular
user name and password and store in some global static variable which can be used throughout
application.
And according to role,set visibility true or false for each form on form load method.
you should develop a Role-Base windows application. This tutorial describe what you need
i hope it helps you
When managing the settings of an HTML module in DNN 6 I'm able to add user usernames in the permissions tab below the user roles.
After doing so, I get a new row with 2 columns, Edit and View module.
If Inherit View permissions from Page is left unchecked, both the View and Edit module columns are locked.
If Inherit View permissions from Page is checked, View Module is locked, but Edit Module becomes accessible.
Why am I unable to edit view settings for individual users, and is there way to assign view privileges to a module on a user level?
I imagine that this is a bug in DNN6 and would encourage you to look at upgrading to DNN7.
Also, I would advise against using User permissions. I would recommend you create a role, and assign that user to the role.
The problem with user level permissions is their inflexibility, for example: If the user ever leaves your organization, and you need to replace them with a new user, you have to go through and apply all the permissions over again. If you had used role based permissions, all you would need to do is remove User1 from the security role, and add the new User2 to the security role.
In DotNetNuke, Administrator only can add new user. I want to allow other user with custom role as well to Add New User. Is it possible with DotNetNuke ?
It used to be possible, though I haven't tried this in quite a while.
Basically what you can try a couple of options.
1) You can assign PAGE permissions on the User Accounts page in DNN to users of a specific role. Then you will need to provide those users a LINK to the page, as they won't see the admin menu and won't have access to the link via the Admin menu.
2) You can actually (used to be able to) place the User account module on a page that other roles have access to, the problem is that the User Accounts and Security roles modules are "premium" meaning that you have to specifically (as a superuser) allow them for use in a portal before they can be placed on a page. You do this from the host/extensions page and click on the edit pencil next to the module, find the premium section then assign it to the specific portal. Then you will add the module(s) to a page, you'll find that more than just the User Account module gets added, so you will want to remove the extra ones by deleting them from the page.
Hopefully one of those two options will work for you.