this is my first grails project, so sorry if it's a newbish question but I didn't find anything about it.
I'm using Grails 3.3.2 with mongoDB and the calls to the DB are made with GORM.
I created a method that receives a list of users to create a MAP with the users and their specific roles and render it in a view. Only the admin has access to this page and now I don't want for a logged in admin to have access to his privileges/role, in other words, an admin can ONLY change the roles for other admins.
This way the system don't be with no admin by mistake.
This is the method:
#Secured(["ROLE_Administrador"])
def renderListUsers(def listUsers) {
//remove o proprio utilizador antes de tudo!
// THIS PRINTLN !!
//println(listUsers)
listUsers.remove(User.findByUsername(getPrincipal().username))
def usersWithRole = [:]
for (user in listUsers) {
usersWithRole[user.username] = UserRole.findByUser(user).role.toString().split("_")[1]
}
render(view: "listUsers", model: [users: listUsers, userRoles: usersWithRole])
}
This method is working perfectly, the issue is that as soon as I added the "listUsers.remove(...)" (line 7) to remove the logged in user I was getting this error and I didn't understand why, then I find out that the error only occurs if the user removed is in the index 0 of that list.
Now I found if I add that "println(listUsers)" before it just works always! Even if the object removed is in the index 0.
Is this a known error on groovy or what am I doing wrong? I don't want to leave that print there.
Thank you for your time!
EDIT:
Got it to work! This way:
def loggedUser = User.findByUsername(getPrincipal().username)
if (loggedUser in listUsers) {
listUsers.remove(loggedUser)
}
I knew that I needed to add this verification, but I didn't thought that it would resolve this.
I've been going through the rules guide but haven't found an answer to this.
App users are able to submit "scores" of different types, which are then processed in JS and written to a "ranking" node. I have it set up so that every time a new score is submitted, the rankings are automatically recalculated and a new child is written if the user doesn't exist or updated if the user exists.
My question is how to secure this "ranking" node. Everyone should be able to read it, nobody except the system should be able to write it. This would prevent people from submitting their own rankings and aggregate scores.
EDIT
This is the operation:
Ref.child('rankings').child(uid).once('value', function (snapshot) {
if (snapshot.exists()) {
snapshot.ref().update(user); //user object created upstream
} else {
var payload = {};
payload[uid] = user;
snapshot.ref().parent().update(payload);
}
});
How would I add custom authentication to this call? Also, since I'm using AngularJS, is there any way to hide this custom token or would I have to route it through a backend server?
The key part of your problem definition is:
only the system should be able to write it.
This requires that you are able to recognize "the system" in your security rules. Since Firebase security is user-based, you'll have to make your "system" into a user. You can do this by either recording the uid from a regular user account or by minting a custom token for your "system".
Once you have that, the security for your ranking node becomes:
".read": true,
".write": "auth.uid == 'thesystem'"
In the above I assume you mint a custom token and specify thesystem as the uid.
I used the example in this page to add a user to an Active Directory group, but I get an exception with the message "Server is unwilling to process the request" when executing
dirEntry.Properties["member"].Add(userDn);
I had a similar issue where I was trying to add a member to a group. Specifically trying to add a group to a group and getting the same helpful error 'The server is unwilling to process the request' The answer provided by the OP did not work for me.
For me, the reason I was unable to add a group to my group was because the group I was trying to add members to was a 'global' scoped group whereas it needed to be a 'universal' scoped group. Hope this helps someone.
This question took me a lot of time to solve. First of all, the error message looks like a joke. Second, there is nothing more, just that message.
Anyway, I managed to fix it by:
Making sure that userDn contains the whole path (e.g., "LDAP://server-address/CN=" + userDn + ",OU=optional,DC=your-domain,DC=com". This is actually very important, if you don't supply the full path it will throw an Exception from HRESULT: 0x80005000.
Replacing dirEntry.Properties["member"].Add(userDn); by entry.Invoke("Add", new object[] { userDn });
Then I wanted to remove a user and I expected entry.Invoke("Remove", new object[] { userDn }); to work. However, this devilish AD will only work if you use lower case "remove", so entry.Invoke("remove", new object[] { userDn }); worked for me.
I got this generic error message when my path did not match the forest domain name. For example, if my forest domain name is ad.example.com, and I am trying to create a group with path CN=Users,DC=example,DC=net one has .com the other has .net - they don't line up. I would need to correct my group to match. My group path should then be CN=Users,DC=example,DC=com.
ldapwiki.com describes potential causes for "The server is unwilling to process the request". Check ExtendedErrorMessage property of your exception to figure out what applies. In my case "00002145: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM)". The following line resolved the issue:
ent.Properties["groupType"].Value = 8;
I had missed to set groupType and so attempted to nest a universal group in a global group. Find more information on groupType attribute in ldapwiki.com
Just look out, because the start of the .properties("distinguished Name") can be different than the .properties("cn"). If the user is created with a , or ; in the .properties("cn"), the start of the .properties("distinguished Name") will be the username with \, or \;.
This can give an error if u are trying to add a user you found by use of .properties("cn") to a Group.
After many days searching i find the problem. when you add user in group you must set "distinguished Name" not LDAP path.
You must write like this:
ent.Properties["member"].Add("CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
This is wrong code:
ent.Properties["member"].Add("LDAP://CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
Also when you do remove mast to save this rule
ent.Properties["member"].Remove("CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
P.S. ent is DirectoryEntry object of group
I am using iOS 6 Social framework for accessing user's Facebook data. I am trying to get likes of the current user within my app using ACAccount and SLRequest. I have a valid Facebook account reference of type ACAccount named facebook, and I'm trying to get user's likes this way:
SLRequest *req = [SLRequest requestForServiceType:SLServiceTypeFacebook requestMethod:SLRequestMethodGET URL:url parameters:nil];
req.account = facebook;
[req performRequestWithHandler:^(NSData *responseData, NSHTTPURLResponse *urlResponse, NSError *error) {
//my handler code.
}
where url is #"https://graph.facebook.com/me/likes?fields=name"; In my handler, I'm getting this response:
{
error = {
code = 2500;
message = "An active access token must be used to query information about the current user.";
type = OAuthException;
};
}
Shouldn't access tokens be handled by the framework? I've found a similar post Querying Facebook user data through new iOS6 social framework but it doesn't make sense to hard-code an access token parameter into the URL, as logically the access token/login checking should be handled automatically by the framework. In all examples that I've seen around no one plays with an access token manually:
http://damir.me/posts/facebook-authentication-in-ios-6
iOS 6 Facebook posting procedure ends up with "remote_app_id does not match stored id" error
etc.
I am using the iOS6-only approach with the built in Social framework, and I'm not using the Facebook SDK. Am I missing something?
Thanks,
Can.
You need to keep a strong reference to the ACAccountStore that the account comes from. If the store gets deallocated, it looks like it causes this problem.
Try running on an actual device instead of a simulator. This worked for me.
Ensure that your bundle id is input into your Facebook app's configuration. You might have a different bundle id for your dev/debug build.
I have the following code for storing data in the keychain:
KeychainItemWrapper *keychainItem = [[KeychainItemWrapper alloc] initWithIdentifier:MounzaKeyName accessGroup:nil];
[keychainItem setObject:txtPassword.text forKey:kSecValueRef];
[keychainItem setObject:txtLogin.text forKey:kSecValueData];
However, whenever I run it, i'm getting the following:
Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Couldn't update the Keychain Item.'
Is there anything I am missing? I tried to investigate this..its happening right after the user is logging in. I'm trying to store the username and password in the code...
Online it was saying that i should be using standard keys, which I am:
Storing keys in KeyChain with KeyChainItemWrapper
You need to use one keychain wrapper per value. You are trying to put two values into one wrapper. Create two wrappers with two different identifiers. In both cases you set a value for the kSecValueData key.