I would like to implement the following:
I have a "master folder" in which all subfolders are structured down. However, these subfolders are person-related and should only be visible and editable for the authorized persons including the admin -> This also means that those who do not have authorization should not even see the folder.
I was able to implement the whole thing very successfully, without problems, but with a lot of click work on the web interface.
Now I want to automate the whole thing:
create a user in Nextcloud
create a personal subfolder in the "master folder"
assign authorization
The first point has already worked without problems -> the new user is created correctly and added to the group accordingly.
The second point also worked, but I create the folders via mkdir and then execute the command occ files:scan --all. The folder is already visible for all in the "Master Folder".
Now we come to the third and last point:
I absolutely can't figure out how to create the appropriate Manage advanced permissions on command line level.
The whole group should not be able to see the folder, except the selected persons. I can't find any commands to do this without using the web interface...
I really hope that you can help me somehow, otherwise I will soon be busy with clicking only ...
I'm not 100% sure what you try to achieve here, so here are a few answers that I can think of right now:
Have new users have the same files
If your goal is to have every new user have the same files in their folder, you can just change the files in /core/skeleton. When a user is created, these files are copied into their home.
If the files change a lot you can just upload them to your admin account an share them with the group everyone. (Need the app Everyone Group for that) The users then will see the files shared with them in their homedir.
Have one folder where all users can read everything, but only write to their own folder
For this I would do the following to set it up:
Go to Settings > Group Folders
Add a group folder (let's call it master here)
Give the groups everyone and admin permissions to read and write
Activate special permissions and give them to the admin group.
Go to Files and enter the new group folder master
Click on the 'share' Symbol in the top next to the folder name
In the right hand panel, go to the share tab
At the bottom make sure that:
Admin has permissions to read/write/delete everything
Everyone only has permissions to read files and is denied everything else
These permissions are set without inheritance. (The arrow are a bit grey when inherited and full black when not)
Now you can do the following every time a user is created:
Create a folder in master (either as you suggested or sync an empty folder via nextcloudcmd)
Use the occ groupfolders:permissions command to set the permissions. See here for more information
The command probably will look something like this:
occ groupfolders:permissions <folder_id> --user=<username> <path> -- +read +write +create +delete
So if master has the folder_id 1, the user has the user_id adam and you named this folder adams_dir:
occ groupfolders:permissions 1 --user=adam /adams_dir -- +read +write +create +delete +share
I hope this is what you are looking for.
Required Apps to be installed:
Group Folders
Everyone Group
Related
I want to make a program with the google drive API.
But I am not sure if this is possible. I want to make a program who explores my shared folders. Go into the last folder, give me all global information (date/owner/what inside/size of the folder/if he got folders in him). And after coming back in, "his father folder" and continue to give me the same information.
BUT ! If the "father folder" has a second child, he gives me the second child information first.
I just want to know if this is possible and if is not too complicated( I an not an expert).
Thanks for your help.
Hello every action ou described is possible !
Have a look at https://developers.google.com/drive/v3/reference/
You can list, filter, get informations on files and folders delete, share, insert
Good luck
You have to use sharedWithMe, when using the Querying for Files:
The "Shared with me" category includes files owned and shared by others users which have been either: directly shared with the current user, a group containing the current user, or have been accessed by the current user.
Here is sample snippet that search for files shared with the authorized user with "hello" in the name:
sharedWithMe and name contains 'hello'
For "Go into the last folder, give me all global information (date/owner/what inside/size of the folder/if he got folders in him). And after coming back in, "his father folder" and continue to give me the same information. BUT ! If the "father folder" has a second child, he gives me the second child information first."
This will depend on your implementation but you have to recursively get the children of a folder type file. As stated in this related SO post,"stop thinking about Drive as being a tree structure. It isn't. "Folders" are simply labels, eg. a file can have multiple parents."
After getting the desire fileID with your specific qualifications, get the details using file.get or include the details you want to get in file.list.
Hope this helps.
I have 10 qlikview app in AccessPoint and for specific user i want to show only 7 app.
I don't wont to use Section Access.
I use NTFS authorization
And on folder Production (where save qvw app for browser) in Properties Security i remove specific user but he still see app...
How can I handle this?
By your description it sounds like you are using publisher.
If you want to display certain QVW's to certain users, then you need to setup the distribution to "Named Users", that way you can only add users to the relevant apps and the people that are not named will not see the QVW on the accesspoint.
Also make sure on the actual QVW (right click on it, properties, security) that only the relevant people have security rights on the file.
OK, so I know that under the new SandBox guidelines, opening a file must abide by certain rules (a.k.a. the opening action must be triggered by the user using an NSOpenPanel, given of course the necessary "open" permissions).
However, here's the catch :
In my application, I've got an NSOutlineView with a complete file manager in it (the full tree structure)
The user is supposed to be able to select a file from the outline view and then the app will open it.
How am I supposed to do that, given that the app should be 100% sandbox-compliant? Is there any known workaround? Is it even possible?
Any ideas?
Short answer: You can't do that. In order to show the contents of a folder within your app's UI, you'd first have to get the user to open it either using an open panel or dragging it in from the Finder.
You can do this, as #omz said, your application needs to request permission to access the folder containing all the files/folders that your application is showing. You don't need permission of individual files, but can get an entire directory structure as a single permission, and then store that as a security scoped bookmark so future executions of your application will already have that permission.
You could even at app launch ask the user for permission to access the entire hard drive, or their entire user directory.
You can use this class I wrote to wrap all that up into a single function call, which will then persist the permission so they are only asked on first run. https://github.com/leighmcculloch/AppSandboxFileAccess
Alternatively if you want to do it with NSOpenPanel manually, just take a look at the code in AppSandboxFileAccess as it uses it to get permissions and then persist those permissions.
I need a way to get & keep permission to write to a specific directory in OS X. How can that be done while abiding with the new Sandbox requirements?
The recipe:
Ask the user to select the directory - use a standard open dialog limited to directory selection. Apart from a few special directories (music, pictures etc.) there is no way to gain access apart from asking the user.
Create a security-scoped bookmark using the URL returned by the standard open dialog, just search the Apple docs for "security-scoped bookmark".
Persist that bookmark, either in user preferences or in the Application Support folder for your app.
On application launch, or before you need access, read in the saved bookmark and activate - you'll find out how to do this in the Apple docs as above.
If I have to use document and media portlet in liferay with following facility then how can I achieve that?
Now From Above picture I want that if organization A user have upload something then it should be viewable by only organization A Users.
right now anyone who have permission to view the document and media portlet cans see my uploaded files.
This level of control is, I think, usually handled by creating sites for your organizations. (There are probably other approaches, which I'd like to see discussed too).
For example, if you create a site for each organization, then there will automatically be a Document and Media library that is private to that site. The site doesn't need to have any pages or anything if you don't need that.
You create the site for the organization by going to "Users and Orgainizations", clicking through to the org of interest, and then working with the "Organization Site" in the control menu.
Once the site is created, then everything at the "site" level of the control panel can be selected for the new site. When so selected, the Documents and Media portlet will show you the top level folder for your organization.
Now you can use the normal permissions settings for sub-folders or even individual items to restrict availability to "site members", which will be, in this case, "organization members".
Well if kirkz answer doesn't solve your issue then I suggest you try the following:
1) For each organisation set up a Liferay "User Role". You'll find "Roles" in the "Portal" section of the Control Panel
2) Assign the relevant users to each of the Roles that you've created based on their Organisation
3) Then go into the Document Library and set the permissions as you need for each of the folders using the Roles you've created. So for example you could have a top level folder for each organisation. Then just set the permissions on the each of those folders so only one Role can access it.
This should solve your issue, however kirkz solution is actually the way you should achieve this hierarchy.