I'm using user defaults to store my app data.
I have some global data that is relevant for all users on the same machine.
How can I share this data between them?
NSUserDefaults' initWithSuiteName did not work.
The only workaround I found it to write to a hidden file in the root folder, but that is too visible to the users.
You can use the /Users/Shared directory like iTunes & the App Store.
The closest you could do is to make all of the users be members of a single group, then make a group writable file with the shared data. It could be a plist and it could even be accessed via the defaults API, assuming you don't need multiple simultaneous write access.
You could use CFPreferences APIs instead of NSUserDefaults, passing kCFPreferencesAnyUser as the user name parameter. However, setting defaults for all users requires admin privileges.
Related
I have an application hosted with AWS CloudFront, which uses Lambda and Cognito for authentication. We have a concept called "user group", in which there are two types of users: type A which has full access to the application, and type B which has restricted access. Our application has an index.html file, which imports an index.js file, which loads a catalog of items that should be visible to group A, while hidden to group B. My task therefore boils down to differentiating user group A from user group B in the JS file.
A seemingly straightforward solution is to store the group that the viewer user belongs to in the cookie. However, this seems problematic since users can simply modify the cookies and get access to resources that they should not have access to. I wonder what the best way of handling this is? Thanks in advance!
Is there any way to overwrite permission to share drive item to specific users only?
e.g.
Case 1:
File1 is shared with User1. I want to share File1 to User2 only using graph api which can also remove User1 from share list.
Currently, Graph APIs are available to add the permission and to delete permission separately.
But, I need to deal with a lot of files to update the permissions and for each file I need to take difference of permissions (User list already shared and User list needs to be updated to share item) for drive item to delete the permission to remove User from share list.
Case 2:
Another case is to make File private to the user. Is there any way to make file private directly(possibly single api call)?. Currently, I have to delete each user permission from shared list(5 calls to delete permissions if file is shared with 5 users). Again, I am dealing with a lot of files.
[Edited]
More info: My use case is for Direct Access permission and Not link-based permission.
According to your scenario, I think you can create a sharelink for a file by using the following API: /sites/{siteId}/drive/items/{itemId}/createLink and grant access to sharelink accordingly.
Refer to the documentation here on accessing shared drive items.
If this doesn't help, consider raising user voice for your specific scenario so that it goes into our backlog.
I'm somewhat new to CouchDB and I'm wondering how to make private docs, that is I want to have a database where all docs are public (rw, or r using a validate_doc_update) except for few/some selected docs, how would I do something like that?
And to complicate things a bit more I want them to be private to / accessible by the admin but also varying number of selected users (but no others).
I'm thinking that perhaps I could have two keys in these docs called "private" and "private_users", set them to true and [user1, user2, user3], and somehow use that info to make the docs private / only accessible by them.
So essentially it's about users being able to create docs and have them visible to everybody or just themselves and other selected users.
One way to do this would be to make the database private by setting the Security admin and members lists to the owner (making the database completely private), and then route all calls to reading documents through a backend script which checks these properties of the document through an admin account and fetches and returns the content if conditions are met, but the thing is I'd like to do this through configuring CouchDB and do CORS HTTPS calls from the clients browser directly to CouchDB, with no script in the middle.
Is this possible?
There are several potential solutions to this problem:
The problem: For a given user, allow only specific access to a given document in the database.
Database per user:
Create one database for each user and use authentication on the database for that given user. Because views do not work across databases, you will have to replicate all needed data between the different user databases to allow for a view to contain both private and public/other users' data. Because normal users can not create/delete databases, you will need to have a separate process running which watches your database for changes and creates a new user database when a new user registers.
Smart Proxy:
Create a smart proxy that wraps all documents with the user credentials and filters all results.
Document Encryption on a per User Basis:
This solution is described in a google document which was mentioned on the development mailinglist. The goal of this solution is to create a P2P like system, where you can replicate data to nodes which you don't trust.
validate_read_doc:
Have a javascript function be called on every read, in the same manner as the validate_doc_update system is applied.
For more information:
http://wiki.apache.org/couchdb/PerDocumentAuthorization
So essentially it's about users being able to create docs and have them visible to everybody or just themselves and other selected users ...... Is this possible?
Not with just couchdb...
The permissions that you set with _security in a database only apply write level security on it.
Other wise most of the documents (except the design documents) are available for every one to read. With validate functions
you can impose further restrictions on who writes the documents but again there is no way to check who is reading your documents.
rcouch has a validation on read which can help you what you want to do. Other wise if you want to go with couchdb you could use a proxy for communicating with it.
How can I tell which paths have been granted access by the user? I know that with NSOpenPanel, the sandbox is automatically expanded to allow access to the directory the user chooses. Is this information stored anywhere so I can know whether I need to throw up an NSOpenPanel or not?
Or do I need to track it locally in NSUserDefaults or something?
You are responsible to store already-granted paths using the Secure Bookmarks, read NSURL documentation.
If you need to access to a path check if you have it on secured bookmarks (stored for example inside NSUserDefaults) if you have reuse it otherwise show the open panel
If you need to know whether the current execution of your app can access a particular path you can call access - see the unix man pages section 2. You can test for read, write and execute access, and the result reflects the current sandbox.
If you want to preserve access between executions of your app then you need to create security scoped bookmarks and stored them in user defaults or some other file.
In our application based on Symfony2 we would like to create a list of which of the users in the system that has permissions for a given domain object. We are using ACL and our immediate instinct was to look in the ACL-object returned from the ACLProvider of the domain object in question, for methods that could return the users (or at least SecurityIdentities) that has permissions, but I could not find such methods.
We are certain that this functionality is available through the API, but we cannot find where these methods are hidden.
EDIT An alternative would be to look up these connections in the acl-tables directly and finding out that way, but it would not be very pretty and we would probably be reinventing the wheel.
By default, the Authorization are specified in the file app/config/security.yml. It describe if a Role is allowed or not to access some modules.
There are some differences between Authorization and Permissions.
Permission are not managed by default by Symfony but through specific development (or bundles...)