I have added the SEOptimizer add-on to my site, and need to restrict who can access the SEO tab. I'm not sure how to manage permissions for this.
Default add-on permission use the "Modify portal content" permission, so users able to edit the content will see the tab: https://github.com/quintagroup/quintagroup.seoptimizer/blob/5d0ee147f2b094ea8a05849f1d77161a8329bb44/quintagroup/seoptimizer/profiles/default/actions.xml#L14
You can change this behavior by changing the permission related to this action and the permission in the ZCML: https://github.com/quintagroup/quintagroup.seoptimizer/blob/f55624284a7daa6c225801990e6b2e9801b9eeac/quintagroup/seoptimizer/browser/configure.zcml#L95
Change the permission used by the action is simple (you can do it also TTW accessing ZMI and portal_action tool).
Changing the ZCML permission needs a registration of a new ZCML that will override the old registration: See http://docs.plone.org/develop/addons/components/zcml.html#overrides
You probably need to register a new permission, to be given to your "SEO" role.
BTW: this can be a really good change for the original product too: think about open an issue.
Related
GOAL: Create users in Azure Active Directory using our Global Admin account from an API.
PROBLEM: Every single way I try, I get "unauthorized".
WHAT I'VE TRIED:
I've been focusing mostly on this: https://graph.microsoft.com/v1.0/invitations
I've tried as outlined here
the "Authorization Bearer {token}" is problematic -- I can't seem to properly retrieve tokens, using any of the built URLs recommended (ie, combining ClientID & TenantID in the URL.)
I've tried the relevant portions of this, including creating the app, setting permissions on the app, trying both Web API and Native. I'm able to get a code back, but using it always comes back with Unauthorized.
As an aside, I am using Nintex to run this web service, as it is part of my workflow. Typically, web services don't give me issues. So, this sucks.
I'm missing something, here. Any thoughts or direction?
UPDATE: Removed the word "method" - bad choice of phrasing.
If you want to use Microsoft Graph explorer to create user as the global admin, you could use POST https://graph.microsoft.com/v1.0/users, and the required permission is:
Permissions
For the details, you could read Create user.
Global admin runs as a user by default. To grant access to Active Directory, you need to elevate permissions in the portal.
I'm not convinced you have the permissions to create the user, and that's why I think you're getting the error.
Also, try and avoid using Global Admin. Create a Service Principal and provide more granular permissions.
I have set up a user and assigned him to a role. While I am able to permit or deny access to different pages in the site, assigning access restrictions in Media Library -> Security seems to have no effect. Any idea what I'm missing?
You have to assign them to a role. Configure both 'Permissions' and 'UI personalization' like you can see in the screenshot below.
David
Please check to make sure you do not have any global or higher level permissions set on those users that would override your specific security settings. For instance is a user was set to a role but also has Global Admin rights, the global admin would override all the permissions.
Also have you tested if the users can actually edit those libraries? (add, edit, remove items) or can they just see the media items in there?
I had a similar issue. Disabling the "Manage" permission while leaving "Read" enabled via the Role's Permissions -> Media libraries (Module) resolved it. See my response here: https://devnet.kentico.com/questions/limit-access-to-media-libraries
I've just installed Apache Bloodhound in my server. It's working fine. But with the default settings, anyone can view the list of tickets. I want to change this so that only logged in users are able to view the tickets.
Is it possible? How can I do this?
Default Trac ticket permissions are TICKET_VIEW for 'anonymous' sessions (everyone) and editing for 'authenticated' users, yes.
You'll want to remove TICKET_VIEW, so only authenticated users will see (and modify) tickets. To accomplish that, any user with PERMISSION_REVOKE (inherited by TRAC_ADMIN and PERMISSION_ADMIN as well) is allowed to navigate to the permission web admin page, can check and submit the 'remove' action. Alternatively you could use the trac-admin command:
trac-admin <path_to_trac_env> permission remove anonymous TICKET_VIEW
where you need to replace the path with you real one, like /var/www/trac_env/myTrac.
I just created my second app, and I want to enable Authenticated Referrals as I made on my first app. But the "Authenticated Referrals" option has disappeared in Settings > Permissions, however that option is still in the Facebook app's documentation : http://i.stack.imgur.com/WC6A0.jpg
Can you help me to retrieve this option ? Thanks.
Authenticated Referrals are removed for new applications as described in this blog post
https://developers.facebook.com/blog/post/2012/10/10/growing-quality-apps-with-open-graph/
Authenticated referrals create an inconsistent experience for people by asking them to give permissions in order to access content with little context. You must migrate to use a standard Auth Dialog experience.
My MODx site allows users to upload files (pdf) through the back end.
However this is only working for users in the Admin role and not in my editor role who receive a "disallowed file type" message.
I can't see anywhere to set permissions, does anyone know where I should be looking?
No worries I found it, I had to add pdf to allowed file types in the user manager.