I am building a Javascript Web application with a Domino back end, using the Domino DDS REST api to do POST, PUT, and GET operations against the database. I want to use Authors and Readers fields in documents to control which users can see which documents and to give users with Author access in the ACL the ability to edit documents they have created. When doing a POST of a new document (implemented by the save() method of a new Backbone model) is there a way to designate one or more fields as Readers or Authors?
Doing a GET on an existing document returns a JSON object with an attribute named '#authors' containing the names and roles in the Authors fields. Is this attribute read/write?
Can I populate #authors with the desired values before doing a POST to have these values control author access?
My colleague says the Domino REST api makes no provision for setting Authors and Readers fields, and that this functionality can only be done through Java servlets. Is this right?
I'm not familiar with the Domino DDS REST API, but from what I gather it is doubtfull that when POSTing a document, you get to chose the type of the fields. I suspect they all end up as text.
What you could do however is to link the action of your form to a Domino agent which, using the backend Java or LotusScript API, will be able to control precisely the final shape of your document, hereby allowing you to fully utilize the powerfull security model of Domino.
Nevertheless, keep in mind that at some point, your users will have to authenticate against the Domino Directory. Depending where your users originally log in, you may need to talk to your Domino administrator to sort out a Single Sing-On scheme linked to your other directory.
Alternatively, you could take advantage of the fact that Domino is also a web server and an application server : you can build your HTML form in there, starting with a Domino form (simple) or an xPage (a bit more complex).
You may want to have a look here.
Some would say that you could even build your whole application in Domino, as using it as a mere back-end data repository is akin to using a Rolls-Royce to ferry potatoes, but I suppose that you and your organization have good reasons to do so.
Finally you could also completely ditch Domino and use another nosql database like MongoDB, but that would only displace your access control problem.
You can post data back to Domino and nominate a form to use. If you use the 'computewithform=true' parameter and the form design includes the authors/reader fields you need, this will set the field flags correctly and automatically.
Related
Out-of-the-box, an Alfresco user can read a document based on:
The document's permissions
The user's role
The user's groups
Whether the user owns the document or not
Maybe some other factors I forgot?
Now, I want to add a new factor: Whether the document is currently part of a workflow.
Alfresco's permissionDefinitions.xml allows me to define permissions based on authorities such as ROLE_LOCK_OWNER etc, but it does not seem to be the right place to add permission conditions.
I guess I will have to write some Java source code, but I am not sure what classes are responsible for this, and whether there is an Alfresco way to customize them?
So, I assume you want to somehow have nodes that are attached to a workflow have different access rights? You need to think about the behavior you want in all of the UIs and protocols you are exposing (e.g. share, WebDAV, CIFS, FTP, etc.).
If you want to set a permission on a node, you can do that via JavaScript as well as Java (See http://docs.alfresco.com/5.2/references/API-JS-setPermission.html and http://docs.alfresco.com/5.2/references/dev-services-permission.html). As was mentioned in one of the comments, you can also get the number of active workflows on a node by referencing the activeWorkflows property in JavaScript (http://docs.alfresco.com/5.2/references/API-JS-ScriptNode.html) or in Java
Depending on the specifics, I might implement this in different ways, but if all you want to do is have the permission change, you could just update it at the beginning and end of your workflow with a simple javascript call. The only thing bad about that is that it doesn't take into consideration the workflow getting canceled. You could also create a policy/behavior on an aspect you attach or even have a rule or job run that updates content based on the activeWorkflows values.
Context:
The Web interface coded in .NET (Grantee Portal for nonprofits applying for grants) is pulling information from the Salesforce Page Layout.
The Salesforce user we use to connect the Web interface with Salesforce via API has 'view all and edit all' rights
Issue:
As it is now, if a field is defined as Read-Only on the Page Layout in Salesforce, it is still editable on the web page (the Salesforce User we use has to have 'view all and edit all' rights)
What we are trying to achieve:
IF a field is defined as Read-Only on the Salesforce Page Layout
THEN the same field should be Read-Only on the Web interface page
Question:
To achieve the above, I guess that I need to fetch the field property for the Page Layout via API. Any ideas on how to do so?
Thank you!
Izumi.
You'll need Metadata API (the set of webservices that let you add new objects, fields, picklist values or even create classes & run unit tests).
Here's the API Guide: http://www.salesforce.com/us/developer/docs/api_meta/index.htm
Depending on how often you modify layouts you might decide "screw it, I'll just use Eclipse IDE". In that case you'd download all page layouts (they're XML files), point your C# app to them and let the magic happen.
Slightly more advanced is to use Migration Tool (Ant / Java based application that can be scripted for periodic download of same stuff).
Super advanced would be to use this API guide to write it in C#. It's not rocket science (here's the specification for Page Layout object and here's the Java sample code for the operation that retrieves the metadata... sorry, no C#). Actually you might be better off looking at this example though: http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_calls_describelayout.htm
Seeing that you'll probably want to cache this info somewhere anyway (I can't imagine your user coming to your page, having to wait for the webservice callout to complete, then having his UI rendered) - pick your poison.
Or share the work within the team (1 person kicks off with files downloaded with Eclipse, other tries to figure out the C# code to retrieve them on demand).
When a document is opened in an application from another app, the file name passed into application:openURL:sourceApplication:annotation: is pretty nonsensical for display purposes. The annotation portion of this message should contain an NSDictionary containing user information, like a friendly file name. Since the structure of this field is pretty loose, is there any site that has attempted to aggregate what different apps use when passing that meta-data to other applications?
I realize that trying to account for all apps would likely be an exercise in futility, but being able to handle a few popular applications would be useful to try and accommodate.
http://handleopenurl.com/scheme, and a few more at http://wiki.akosma.com/IPhone_URL_Schemes.
I'm creating an app that will be configurable by the end-user to access SharePoint lists, on various different SharePoint sites, that are entered by the user.
All of the examples for reading SharePoint lists I've come across online are of the form:
Open or create a Visual Studio
project.
In Solution Explorer,
right-click the References node, and
then click Add Service Reference.
In the Address box, type the URL to
the target site and append
/_vti_bin/ListData.svc. For example,
the address for the site
intranet.wingtip.com would be
http://intranet.wingtip.com/_vti_bin/ListData.svc.
Change the default name in the
Namespace box from ServiceReference1
to something more appropriate, such
as WingtipSite.
etc, etc, etc
This method creates proxy classes within your project based on the specified server reference. However, in my case, the server/site is not known at design time, only runtime by reading the sites/lists specified by the user. How would one go about doing that (reading the list via http://intranet.wingtip.com/_vti_bin/ListData.svc, but at runtime only)?
Note: I am making this call from a different machine than the one running Sharepoint.
There are a couple answers.
If the lists schemas will be consistent across all the sites you are querying, you can still use the generated proxy. When you create the DataContext, you just need to pass in the URI to the ListData.svc for the site chosen by the user.
If not, then you can use an ASP.NET WebRequest with an appropriately formatted URI and parse out the ATOM or JSON response that comes back.
For more information on using the REST APIs, check out this talk from the 2009 SharePoint Conference
http://msdn.microsoft.com/en-us/sharepoint/ff462048
You can set the URL in your proxy class at runtime with the Url property.
SharePoint does not provide a proxy class for their web services. Therefore it's not possible to set the url at runtime. WHat I have had to do is add 2 service references and then paramaterize which one I will access. I use a config setting to determine which one to access. If the site name changes or list changes, then I need to remove the references, re-add them, recompile and redeploy. There is no way to change the SharePoint site/list at runtime. Have been searching for 3 days for an answer. Microsoft does not know how to accomplish this.
I became interested in CouchDB recently and wanted to try and form a small application around it.
The way how I invition my system currently is that requests come providing two things, a id, a API Key and a format. The ID is the _id of a document in the database, the API Key is a _id of another document that has a property of {"valid" : true/false}, and the format is the format they want back. If the API Key is valid, the system would generate the show page for the id given, in the format requested. Otherwise it would return a 403 stats code.
Unfortunately I can't find a way to pull up another document from a show page. I am just beginning CouchDB, so maybe there is something simple here I'm missing.
With a _show function, there are three parts involved:
The design document
The show function inside the design document
The additional document to be shown
For the URL format /db/_design/ddoc/_show/my_show_func/otherdoc:
The design document is _design/ddoc
The show function is shows.my_show_func within that design document
The document to be shown has an _id of otherdoc
Those are the only two documents involved. The only way I can think to do what you describe is have a design doc per API key. The user would query /db/_design/API_KEY/_show/other_doc_id. CouchDB is relaxed. There is nothing wrong with thousands of design docs with identical or similar _show functions. You coul use the HTTP COPY method to clone a base design doc to a new API key as needed. Then you could revoke an API key by deleting the design doc. However that is obviously a unique approach, worth a second thought.
A final consideration is (with the default CouchDB, no reverse proxies, mod_security, etc.) if a user can read one document, they can read the entire database (e.g. from the _all_docs query.) Therefore show functions are a convenience for the software but not a security gateway.