I'm a user on a publicly available Trac setup of some project. I've been using the XMLRPC interface now for quite some months but today I got a message in my UI that I need XMLRPC permissions.
I'm unsure if this is an error on my end or the permissions have been revoked. I remember I could see the permissions I had at least on the web-frontend of Trac but I don't remember where this was located.
Does anybody know where it is normally located?
It's only visible in the "Permissions" admin panel if you have PERMISSION_GRANT or PERMISSION_REVOKE. There may be a plugin that does what you want, although a quick search on trac-hacks doesn't yield anything interesting.
I can see permissions under admin/general/perm but you might need TRAC_ADMIN and/or PERMISSION_ADMIN.
Related
I set up a local Trac wiki using a conda env, where I installed all dependencies, except the system packages, which I installed in the system:
trac-admin . initenv
I entered the required infos like project name there.
Then I run the Trac standalone server.
tracd --port 8000 .
inside the directory, where I set up the wiki.
Since this is supposed to be a wiki, which I use locally myself and not for any multiuser setup, I don't need any authentication functionality. How can I deactivate any authentication or need for login for Trac?
I know that I don't have permissions, because I used the quick search field for a page, which could not exist and when the wiki showed no results, it didn't offer a create page button of any kind. According to the StartPage, this means I don't have permissions.
I couldn't find any enable/disable setting for this in the ./conf/trac.ini to do this. It would also be acceptable to find an easy way to create a user, as which I login to Trac, but all the guides from Trac documentation assume prior knowledge of some kind of configuration files and they don't explain those exactly. For example here. Where does that configuration file even go and what kind of syntax does this use? Not really helpful.
You are correct that you need to modify the permissions (authorization). The permissions are stored in the database rather than trac.ini. You need to grant permission using trac-admin utility. See TracPermissions.
trac-admin $env permission add anonymous WIKI_CREATE WIKI_MODIFY WIKI_DELETE WIKI_RENAME
For help, execute:
trac-admin $env permission help
If you wish to setup authentication, see TracStandalone: UsingAuthentication.
As soon as I take away EVERYONE from the root folder (Company Home) in alfresco, some custom webscripts stop working and respond that this folder cannot be found. I would like to give a subset of EVERYONE (eg GROUP_A) permission from the rootfolder down. The "normal" usage of alfresco through Share keeps working when I do just that, only the webscripts give me some trouble. There are answers like this one:
Alfresco openCMIS connect to home folder
But that's just a workaround. Maybe some kind of system user needs to have permissions on the root folder?
I think this is a similar question: Alfresco webscript can't find Company Home folder
The most clear answer is (depends on which version you are) that the webscripts, CMIS & Java code need to know the path of the node you are in.
In Previous Alfresco versions even in Share a user needs to have Consumer rights on the parent folder otherwise the breadcrum would fail to load and other issues.
In 4.2.x if you retrieve a document/folder and you as user don't have rights on one of the parents folders OpenCMIS code breaks. This will/should also happen on some webscripts.
A user needs rights on the template folders within Data Dictionary, so it's good to keep the EVERYONE group on Data Dictionary.
I am not an IT person, using ubuntu 12.10.
I am trying to setup sahana software in openshift. I followed the guidelines from this page. It works fine until the point where I should use administrative interface. I tried every single possible password related to openshift, but none worked. It also only gave me four chances.
The guideline said, "Once your app is up you'll need administrative access to continue. For the admin app to work you need to put your password hash in parameters_8080.py in wsgi/web2py/."
I found the parameters_80.py but have no clear idea what to do with it. I tried to use htpasswd to create a new parameters_80.py but the admin interface still rejected me.
Can someone help me?
Thanks.
I think this thread seems to answer your question https://groups.google.com/forum/#!msg/web2py/DJvC9FMNohE/NykebQn5eUQJ
I'm developing an Alfresco client which uses the OpenCMIS (Apache Chemistry) to upload files into Alfresco. I would like to know if there is a way to make a single file read-only for everyone.
Thanks,
Miretz
In theory, you'll need to use CMIS to alter the Access Controls on the node to change the permissions.
However...
From what you've described, I think your node will have "Inherit Permissions" turned on. This means that you can grant additional permissions with CMIS, via the Access Controls functionality, but you can't remove any permissions that come from the parent. This Alfresco forum thread has more on it. Currently, I believe you'll need to use a tiny bit of Alfresco code (rule JS, Java, WebScript etc) to turn off the "Inherit Permissions" on your node. You can then use CMIS to grant people read access to it, without write (Consumer)
At the moment you can't disable inherited permissions.
So what Can you do?
Get ALL the ACL's of the object you just uploaded/submitted to Alfresco. Set these to Read.
Create a rule/behaviour in the folder-tree where you save documents and disable the inherit permissions.
I have various projects being built and tested periodically on a Hudson server, but I don't want every employee in the company to see published artifacts for every project.
Project-based matrix security seemed at first the key, but after many tests I find that granting overall read permissions is mandatory if you want users to be able to read anything in the hudson server.
So, in the end read permissions are binary: either you grant global read permission or you block everything, am I right?
Haven't it tested with the newest release, but I use the matrix setup. I gave Anonymous the overall read. This way they can see the login screen when they type {{http://servername:port/}} but does not give them access to the jobs. In the jobs themselves I configured the users that should actually see the job. Works like a charm.
UPDATE:
Meanwhile I found out that you can use authenticated instead of Anonymous. This enabled access to Hudson/Jenkins through the links in the Build failed messages. Now everyone gets the logon dialog and after signing in, they are right away at the job run of interest.
After trying to do something similar to you with Hudson's authorization settings, I came to the same conclusion you did.