I have pdf files in a htaccess-protected directory that I want to show to some users in Yii application.
How is best to solve that? I understand it should be done inside Yii, not with a separate script as it needs to check if a valid user is logged in.
Access control filters
You would do your appropriate security checking (user is in group, or has permission or whatever) and then you would use readfile or something similar.
Do you have code already that isn't working? Or did you just need help with what approach to take?
Thanks!
I got some idea from this link:
http://harrybailey.com/2011/07/yii-rewrite-files-or-images-for-download-or-display/
In short: made a new actionfunction into controller and in that function sending headers and readfile.
Related
I got an error on my Odoo like on the picture, I've checked the user already has access to the user group. It's very thankful if you can help me.
I need more information but whenever you parform the action you are doing a security record rule is trggered, you can try the hard mode, go to security record rules and disable one rule and try and re enable after.
I add this setting (see on the picture) on the user's group I want to give access and it's solved. Apparently it's because the user does not have access to Object ir.filters which most of my modules use this.
i want to make an app with Vue where a user only get certain permissions, like write a post, after payment, but I don't understand how that can be done. There is any content where this is explained, or anyone can point me a way? Thanks.
VueAcl
That's a pretty good permission check plugin that you can check out
I can see that getRecord call has CREATEORREAD action. Is it possible to make it read only? I need it to properly limit client permissions.
Thank you in advance!
Do you mean to avoid creating it if user does not have permissions? If the user does not have permissions for UPDATE or PATCH this will stop him from being able to update anything, but we don't yet have an individual READ action to avoid the record from being created initially. We'll raise that as an issue and try implement it soon.
Edit:
Issue created on github
I've written a HIT on mturk asking people for domain suggestions. Is there any way to ensure that the domain has valid syntax at the time of entry or submission?
So it turns out you can embed an iframe within the HIT. This allowed me to embed a form which I could then validate in any way I pleased. It requires the worker to copy the result of the form into the HIT form.
I think to do this the 'proper way' (i.e. no need to copy-paste) you'd need to use an ExternalQuestion. This can be done via either the API (various languages) or the command-line client.
Hello and excuse me again
I have the next problem:
I am using fbgraph on ROR3. I understand that My application need permissions for to know about facebook user. So I need ask for permissions.
How could my application (facebook canvas) ask permissions from like button?
If need my code please to comment.
Thanks in advance
There are several ways to go about it, one of which is the FB.ui route, using the "oauth" method. You wouldn't necessarily use it directly from a "Like", but rather as the result of a page refresh to a non-fan-gated page or specific user action.