I'm developing an Alfresco client which uses the OpenCMIS (Apache Chemistry) to upload files into Alfresco. I would like to know if there is a way to make a single file read-only for everyone.
Thanks,
Miretz
In theory, you'll need to use CMIS to alter the Access Controls on the node to change the permissions.
However...
From what you've described, I think your node will have "Inherit Permissions" turned on. This means that you can grant additional permissions with CMIS, via the Access Controls functionality, but you can't remove any permissions that come from the parent. This Alfresco forum thread has more on it. Currently, I believe you'll need to use a tiny bit of Alfresco code (rule JS, Java, WebScript etc) to turn off the "Inherit Permissions" on your node. You can then use CMIS to grant people read access to it, without write (Consumer)
At the moment you can't disable inherited permissions.
So what Can you do?
Get ALL the ACL's of the object you just uploaded/submitted to Alfresco. Set these to Read.
Create a rule/behaviour in the folder-tree where you save documents and disable the inherit permissions.
Related
I'm currently working on a bot for some anarchy servers, and it's a lot more reliable for it to read the log than just plain chat. I need a way to access that, but I don't know how. Is there even a way to do this without admin access?
No there is actually no way to view this. Because it's a file located on the server you can only view it if you have (direct) file access to the server. The only way to get the latest.log file is to contact the server owner, but I think that no server owner of e.g Hypixel will give you this log file.
You can make a Minecraft plugin in Java that acts as an API server, you can then make it read the file and return it. Of course, you would want to protect it with some type of authorization. You can use an HTTP server, an example would be this, it allows commands to be executed but you could easily work off that.
As MCTzOCK mentioned you can't view it without asking for permission from the server owner.
I had been using VisualSvn Server for a long time. I was able to set user access read/write permissions for each folder of the repo with VSS.
I couldn't find a way to do that on SCM-Manager. There is a Path Write Protection plugin, but I think it is just for write permissions. I want users to be able to reach or not specific paths on the repo.
Is there a way to do that with SCM-Manager.
Thanks.
No, sorry, there is no such option and we do not plan this for the future. We suggest using svn:externals for this.
As soon as I take away EVERYONE from the root folder (Company Home) in alfresco, some custom webscripts stop working and respond that this folder cannot be found. I would like to give a subset of EVERYONE (eg GROUP_A) permission from the rootfolder down. The "normal" usage of alfresco through Share keeps working when I do just that, only the webscripts give me some trouble. There are answers like this one:
Alfresco openCMIS connect to home folder
But that's just a workaround. Maybe some kind of system user needs to have permissions on the root folder?
I think this is a similar question: Alfresco webscript can't find Company Home folder
The most clear answer is (depends on which version you are) that the webscripts, CMIS & Java code need to know the path of the node you are in.
In Previous Alfresco versions even in Share a user needs to have Consumer rights on the parent folder otherwise the breadcrum would fail to load and other issues.
In 4.2.x if you retrieve a document/folder and you as user don't have rights on one of the parents folders OpenCMIS code breaks. This will/should also happen on some webscripts.
A user needs rights on the template folders within Data Dictionary, so it's good to keep the EVERYONE group on Data Dictionary.
I'm a user on a publicly available Trac setup of some project. I've been using the XMLRPC interface now for quite some months but today I got a message in my UI that I need XMLRPC permissions.
I'm unsure if this is an error on my end or the permissions have been revoked. I remember I could see the permissions I had at least on the web-frontend of Trac but I don't remember where this was located.
Does anybody know where it is normally located?
It's only visible in the "Permissions" admin panel if you have PERMISSION_GRANT or PERMISSION_REVOKE. There may be a plugin that does what you want, although a quick search on trac-hacks doesn't yield anything interesting.
I can see permissions under admin/general/perm but you might need TRAC_ADMIN and/or PERMISSION_ADMIN.
When an ASP.NET application is running under IIS6.0 in Windows 2003 Server with impersonation, what user account is relevant for deciding file read/write/execute access privileges? I have two scenarios where I am trying to understand what access to grant/revoke. I thought the most relevant user is probably the identity specified in the Application Pool, but that doesn't seem to be the whole story.
The first issue concerns executing a local batch file via System.Diagnostics.Process.Start()--I can't do so when the AppPool is set to IWAM_WIN2K3WEB user, but it works fine if it is set to the Network Service identity. I of course made sure that the IWAM user has execute rights on the file.
The second involves writing to a file on the local hard drive--I'd like to be able to prevent doing so via the access control list via folder properties, but even when I set up all users in the folder as "read" (no users/groups with "write" at all), our ASP.NET still writes out the file no problem. How can it if it doesn't have write access?
Google search turns up bits and pieces but never the whole story.
what user account is relevant for [..] file read/write/execute access
As a rule: Always the user account the application/page runs under.
The IWAM account is pretty limited. I don't think it has permissions to start an external process. File access rights are irrelevant at this point.
If a user account (Network Service in your case) owns a file (i.e. has created it), it can do anything to this file, even if not explicitly allowed. Check who owns your file.
Process Monitor from Microsoft is a great tool to track down subtleties like this one.
A bit more searching reveals that the IWAM user isn't that well documented and we should stick with NETWORK SERVICE or a manually-supplied identity if we want to specify permissions for that user.