I get the below error when running a custom command from the yiic shell.
I am using the latest MAMP 2.0.2 on OS X 10.7.2
I am not sure what the error means by reader or member does not exist?
Line 56 is: $role->addChild("reader"); and the full code of the custom command and and terminal output is below:
users-MacBook-Air:protected user$ ./yiic shell ../index.php
Yii Interactive Tool v1.1 (based on Yii v1.1.2)
Please type 'help' for help. Type 'exit' to quit.
>> rbac
This command will create three roles: Owner, Member, and Reader and the following permissions:
create, read, update and delete user
create, read, update and delete project
create, read, update and delete issue
Would you like to continue? [Yes|No]y
exception 'CException' with message 'Either "member" or "reader" does not exist.' in /Users/user/Dropbox/localhost/yii/framework/web/auth/CDbAuthManager.php:203
Stack trace:
#0 /Users/user/Dropbox/localhost/yii/framework/web/auth/CAuthItem.php(185): CDbAuthManager->addItemChild('member', 'reader')
#1 /Users/user/Dropbox/localhost/trackstar/protected/commands/shell/RbacCommand.php(56): CAuthItem->addChild('reader')
#2 /Users/user/Dropbox/localhost/yii/framework/cli/commands/ShellCommand.php(144): RbacCommand->run(Array)
#3 /Users/user/Dropbox/localhost/yii/framework/cli/commands/ShellCommand.php(99): ShellCommand->runShell()
#4 /Users/user/Dropbox/localhost/yii/framework/console/CConsoleCommandRunner.php(62): ShellCommand->run(Array)
#5 /Users/user/Dropbox/localhost/yii/framework/console/CConsoleApplication.php(88): CConsoleCommandRunner->run(Array)
#6 /Users/user/Dropbox/localhost/yii/framework/base/CApplication.php(135): CConsoleApplication->processRequest()
#7 /Users/user/Dropbox/localhost/yii/framework/yiic.php(33): CApplication->run()
#8 /Users/user/Dropbox/localhost/trackstar/protected/yiic.php(7): require_once('/Users/user/Dro...')
#9 /Users/user/Dropbox/localhost/trackstar/protected/yiic(4): require_once('/Users/user/Dro...')
#10 {main}
>>
RBAC Command:
<?php
class RbacCommand extends CConsoleCommand
{
private $_authManager;
public function getHelp()
{
return "<<<EOD
USAGE
rbac
DESCRIPTION
This command generates an initial RBAC authorization hierarchy.
EOD";
}
public function run($args)
{
if(($this->_authManager=Yii::app()->authManager)===null)
{
echo "Error: an authorization manager, named 'authManager' must be configured to use this command.\n";
echo "If you already added 'authManager' component in applicaton configuration,\n";
echo "please quit and re-enter the yiic shell.\n";
return;
}
echo "This command will create three roles: Owner, Member, and Reader and the following permissions:\n";
echo "create, read, update and delete user\n";
echo "create, read, update and delete project\n";
echo "create, read, update and delete issue\n";
echo "Would you like to continue? [Yes|No]";
if(!strncasecmp(trim(fgets(STDIN)),'y',1))
{
$this->_authManager->clearAll();
$this->_authManager->createOperation("createUser","create a new user");
$this->_authManager->createOperation("readUser","read user profile information");
$this->_authManager->createOperation("updateUser","update a users information");
$this->_authManager->createOperation("deleteUser","remove a user from a project");
$this->_authManager->createOperation("createProject","create a new project");
$this->_authManager->createOperation("readProject","read project information");
$this->_authManager->createOperation("updateProject","update project information");
$this->_authManager->createOperation("deleteProject","delete a project");
$this->_authManager->createOperation("createIssue","create a new issue");
$this->_authManager->createOperation("readIssue","read issue information");
$this->_authManager->createOperation("updateIssue","update issue information");
$this->_authManager->createOperation("deleteIssue","delete a issue");
$role=$this->_authManager->createRole("member");
$role->addChild("reader");
$role->addChild("createIssue");
$role->addChild("updateIssue");
$role->addChild("deleteIssue");
$role=$this->_authManager->createRole("owner");
$role->addChild("reader");
$role->addChild("member");
$role->addChild("createUser");
$role->addChild("updateUser");
$role->addChild("deleteUser");
$role->addChild("createProject");
$role->addChild("updateProject");
$role->addChild("deleteProject");
}
}
}
?>
I think you need to create the "reader" operation (or task, or role) before you can add it to the "member" role with addChild(). Something like this:
<?php
// define reader role
$role=$this->_authManager->createRole("reader");
// add some operations
$role->addChild("readIssue");
// NOW create the member role
$role=$this->_authManager->createRole("member");
// and now that reader is defined, we can add it to member
$role->addChild("reader");
?>
I'm sure you have already found this, but there are more details on the Yii Guide page for Role-based ACL.
Related
I have built a chrome extension in manifest version 2 and am now looking at migrating to version 3. As part of this migration I have come across an issue when trying to toggle an optional permission to use the chrome notifications api.
Since you can't request a new permission from a content script as the api is not accessible from a content script, you have to send a message to the background script to perform the request and return the response to the content script. This worked as expected with version 2, now I am receiving this error:
Unchecked runtime.lastError: This function must be called during a user gesture
This means that the extension wants the permission request to be initiated on the back of an event initiated by a user action, such as a click. This indicates that the extension wishes the permission request to be completed from the content script but as stated above this is impossible.
Could anyone illuminate me if I'm missing something?
Content Script:
chrome.runtime.sendMessage(
{message: 'requestPermissions', permissions: ['notifications']},
(res) => console.log(res)
);
Background Script:
export function requestPermissions(request, sender, sendResponse) {
const {permissions} = request;
new Promise((resolve) => {
chrome.permissions.request(
{
permissions
},
(granted) => resolve(granted)
);
}).then((res) => sendResponse(res));
return true;
}
I am trying to download the content of a password-protected Gerrit URL in a Jenkins pipeline Groovy script. HTTPBuilder is not accessible so I am using the URL class with Authenticator:
// To avoid pipline bailing out since data PasswordAuthentication is non-serializable
#NonCPS
def getToString(data) {
data.toString()
}
def fetchCommit(host, project, version) {
withCredentials([usernamePassword(credentialsId: 'my-credentials',
usernameVariable: 'user',
passwordVariable: 'PASSWORD')]) {
proj = java.net.URLEncoder.encode(project, 'UTF-8')
echo "Setting default authentication"
Authenticator.default = {
new PasswordAuthentication(env.user, env.PASSWORD as char[])
} as Authenticator
echo "https://${host}/a/projects/${proj}/commits/${version}"
url = "https://${host}/a/projects/${proj}/commits/${version}".toURL()
result = getToString(url.getText())
echo "${result}"
}
}
The result is a PasswordAuthentication instance, and not the expected data:
[Pipeline] echo
java.net.PasswordAuthentication#3938b0f1
I have been wrestling with this for a while. I have tried different ways to setup the authentication and reading the data, but those mostly end up with an exception. Using eachLine() on the url does not enter the closure at all. The job also exits far to quickly, giving the impression it not even tries to make a connection.
Refs:
https://kousenit.org/2012/06/07/password-authentication-using-groovy/
We actually want to upload a file and attach it to an item but we're having problems just uploading it.
We are having a problem uploading an image into an item. We cant seem to access the image we uploaded to Podio via the API. We get a - "Sorry, you don't have access to this file. You might want to ask your admin to provide you the access to this file."
Which is so weird because everyone in our team cant access it, and we're admins on our workspaces. I also setup the api/secret keys and i'm and admin on that workspace. Whats wrong with this?
This is the code:
Podio::setup($client_id, $client_secret);
try {
Podio::authenticate_with_app($app_id, $app_token);
$upload = PodioFile::upload('PATH_TO_FILE', 'test_image.jpg');
if( $upload != ""){
echo "<br><br>Image uploaded to podio!<br><br>";
echo "<pre>".$upload."</pre>";
echo "<br><br>".$upload->file_id."<br>";
echo $upload->link."<br>";
}
if( PodioFile::attach( $upload->file_id, array('ref_type' => 'item', 'ref_id' => 43 )) != ""){
echo "<br><br>Image attached to item!<br>";
}
}catch (PodioError $e) {
echo $e->body['error_description'];
}
Podio::set_debug(true);
You can't access file itself until it's linked to something because files don't have own access-control system. Once file is attached to item or task or workspace or whatever else, then you might be able to access it if you have enough rights :).
There is at least one error item_id=43 is for sure not your item, so you can't attach file to it.
i create a custom Observer :
class Observer_Test extends Orm\Observer
{
public function after_insert(Orm\Model $model)
{
\Log::info('Succesfully created new object of class '.get_class($model));
}
}
i put this code in app/classes/observer/test.php
and i called from my model in app/classes/model/
this my observer
protected static $_observers = array(
'Observer\Observer_Test' => array(
'events' => array('after_insert'),
),
);
and i got an error message like this
ErrorException [ Error ]: Uncaught exception 'Fuel\Core\FuelException'
with message 'Unable to create or write to the log file. Please check
the permissions on
/Applications/XAMPP/xamppfiles/htdocs/MPOSSERVER/fuel/app/logs/' in
/Applications/XAMPP/xamppfiles/htdocs/MPOSSERVER/fuel/core/classes/log.php:77
Stack trace: #0 [internal function]: Fuel\Core\Log::_init() #1
/Applications/XAMPP/xamppfiles/htdocs/MPOSSERVER/fuel/core/classes/autoloader.php(364):
call_user_func('Log::_init') #2
/Applications/XAMPP/xamppfiles/htdocs/MPOSSERVER/fuel/core/classes/autoloader.php(247):
Fuel\Core\Autoloader::init_class('Log') #3 [internal function]:
Fuel\Core\Autoloader::load('Log') #4
/Applications/XAMPP/xamppfiles/htdocs/MPOSSERVER/fuel/core/base.php(91):
spl_autoload_call('Log') #5
/Applications/XAMPP/xamppfiles/htdocs/MPOSSERVER/fuel/core/classes/error.php(117):
logger(400, 'Error - Observe...') #6
/Applications/XAMPP/xamppfiles/htdocs/MPOSSERVER/fuel/core/bootstrap.php(71):
Fuel\Core\Error::exception_handler(Object(UnexpectedValueException))
i think i wrong when i called or put the observer, what is the best practices for creating an observer?
as I see, the error says that there is not enough permission to write to that directory, and observer itself is working. to make sure, just replace Log::() call with something like die('WORKS!'); instead.
To fix the problem, so the logs would start writing, try to fix the directory permissions. I'm not sure how MacOSX handles this but this might heenter code herelp you:
cd /Applications/XAMPP/xamppfiles/htdocs/MPOSSERVER
find . -type f -exec chmod 666 {} \;
find . -type d -exec chmod 777 {} \;
1st command will cd to you web project
2nd will make all files in that directory to chmod to 666 (read/write by everyone)
3rd command will make read/write/execute by everyone
Hope that helps
Good luck :)
I am new to Apache Directory Studio and ldap. I am running a ldap server from Apache Directory studio. I have a user in ldap and i am trying to bind to the uid from a php script.Not sure where i am going wrong.
I am using username as "uid=admin,ou=user"
password as "secret"
I also tried username as "uid=arone_a,ou=users,dc=example,dc=com"
and password as "password"
Password attribute was set manually and arone_a is the user uid.
I am trying to write a php script which can pull all users in the ldap server.
Thanks in advance.
My PHP script is:
$ldaphost = "localhost";
$ldapport = 10389;
$ldaprdn='uid=admin,ou=system';
$ldappass='secret';
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if($ldapconn)
{
$ldapbind=ldap_bind($ldapconn,$ldaprdn,$ldappass);
if($ldapbind)
{
echo "success";
}
else
{
echo "not success";
}
}
Connection goes through but bind is not going through.
I was having a similar issue and the problem was that I added to the userPassword attribute an additional param specifying the language, resulting in userPassword;lang-ca-ES (the wizard shows a form to add it).
That provoked that using Apache Directory Studio the "Verify" was working good, but it failed in the "Bind" check (you can do both in the password editor, double clicking the userPassword attribute.
I finally left userPassword without additional attributes and it binded perfectly :)
Just add the ldap set option, it worked for me
<?php
$ldaphost = "localhost";
$ldapport = 10389;
$ldaprdn='uid=admin,ou=system';
$ldappass='secret';
$ldapconn = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if($ldapconn) {
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
$ldapbind=ldap_bind($ldapconn,$ldaprdn,$ldappass);
if($ldapbind) {
echo "success";
} else {
echo "not success";
}
}
?>
The simple BIND request requires the DN, not the RDN. Should your BIND DN be something like uid=admin,ou=system,dc=example,dc=com?
see also
LDAP: Authentication best practices
LDAP: Programming practices