My MODx site allows users to upload files (pdf) through the back end.
However this is only working for users in the Admin role and not in my editor role who receive a "disallowed file type" message.
I can't see anywhere to set permissions, does anyone know where I should be looking?
No worries I found it, I had to add pdf to allowed file types in the user manager.
Related
I have set up a user and assigned him to a role. While I am able to permit or deny access to different pages in the site, assigning access restrictions in Media Library -> Security seems to have no effect. Any idea what I'm missing?
You have to assign them to a role. Configure both 'Permissions' and 'UI personalization' like you can see in the screenshot below.
David
Please check to make sure you do not have any global or higher level permissions set on those users that would override your specific security settings. For instance is a user was set to a role but also has Global Admin rights, the global admin would override all the permissions.
Also have you tested if the users can actually edit those libraries? (add, edit, remove items) or can they just see the media items in there?
I had a similar issue. Disabling the "Manage" permission while leaving "Read" enabled via the Role's Permissions -> Media libraries (Module) resolved it. See my response here: https://devnet.kentico.com/questions/limit-access-to-media-libraries
I'm using Liferay Portal Community Edition 6.2 CE GA3 and the Documents and Media portlet. I created several roles in Liferay, one named "Documents-Admin". What I want is that a user with this role is able to create folders and files etc. and can change the permissions of these so that only specific users/roles have access to them.
So I changed the permissions for this role under Control Panel -> Users -> Roles and granted everything in Site-Administration -> Applications -> Documents and Media.
With this setting, a user with this role is able to open the permissions configurations of folders (even when he's not the owner). But the table only shows the roles "Users" and "Documents-Admin" - but there are 30 more. What do I have to do to see the full list of roles?
In control panel > Roles
Click on Documents-Admin role which you created and select define permissions.
And in that for Role you try giving view permissions or try giving there different permissions.
I want to get started with the Office365 Unified API , so I decided to register a new web app to our azure directory.
In the section: "permissions to other applications" , I select Office365 unified API(preview)
I only get set delegated permission (I don't have all admin powers in our tenant), so I choose the ones I need (user profiles, sign-in , the exact number does not matter).
When I save the configuration I get the message
Could not update the configuration for app ""
Information tells me:
Unauthorized. You do not have sufficient permissions to access this resource.
The strange is , that when I log out and return to the application in the Azure Portal, I do see those modification in the configuration ?!
Finally when I try to call the REST endpoint (with valid Accesstoken etc..) I get this message:
{"error":"invalid_grant","error_description":"AADSTS65001: No permission to access user information is configured for 'f1299649-ea20-4cf6-9cd6-afb69d9b5760' application, or it is expired or revoked.\r\nTrace ID: 69ab1a6c-eeda-4351-8e1e-2b774c19a5a0\r\nCorrelation ID: 968a962e-d851-48bb-ad6f-3f05ea7b8efe\r\nTimestamp: 2015-06-18 20:12:15Z","error_codes":[65001],"timestamp":"2015-06-18 20:12:15Z","trace_id":"69ab1a6c-eeda-4351-8e1e-2b774c19a5a0","correlation_id":"968a962e-d851-48bb-ad6f-3f05ea7b8efe","submit_url":null,"context":null}
So maybe the Azure Portal UI is right the first time and those permissions where never stored with the app ?
the application details in https://portal.office.com/myapps tell me this:
Permissions
This app works with data in your documents. It will be able to:
Read directory data
Sign you in and read your profile
Read all users'basic profiles
Access the directory as you
Read directory data
Sign-in as you and read your profile
What would be the next step to take to get this to work ?
What is your app trying to do (in terms of access to users, groups etc)?
Access the directory as you is a permission that requires admin consent. The portal unfortunately has a bug that it appears as though you have the permission, but that's not true. That's because there are 2 elements here - configuring the permissions your app needs which drives the consent experience AND the consent grant. The portal (under the covers) tries to consent the app for the permissions it requires within the developer tenant. A non-admin in this case has permissions to update the app configuration, but not to consent for those permissions in their tenant.
Hope this helps,
It is impossible to set permissions to Office 365 Unified API for your application even if you are tenant administrator due to error. I have tried it. Remember that whole Unified API is in Preview mode so there will definitely be other errors.
I have added the SEOptimizer add-on to my site, and need to restrict who can access the SEO tab. I'm not sure how to manage permissions for this.
Default add-on permission use the "Modify portal content" permission, so users able to edit the content will see the tab: https://github.com/quintagroup/quintagroup.seoptimizer/blob/5d0ee147f2b094ea8a05849f1d77161a8329bb44/quintagroup/seoptimizer/profiles/default/actions.xml#L14
You can change this behavior by changing the permission related to this action and the permission in the ZCML: https://github.com/quintagroup/quintagroup.seoptimizer/blob/f55624284a7daa6c225801990e6b2e9801b9eeac/quintagroup/seoptimizer/browser/configure.zcml#L95
Change the permission used by the action is simple (you can do it also TTW accessing ZMI and portal_action tool).
Changing the ZCML permission needs a registration of a new ZCML that will override the old registration: See http://docs.plone.org/develop/addons/components/zcml.html#overrides
You probably need to register a new permission, to be given to your "SEO" role.
BTW: this can be a really good change for the original product too: think about open an issue.
I've just installed Apache Bloodhound in my server. It's working fine. But with the default settings, anyone can view the list of tickets. I want to change this so that only logged in users are able to view the tickets.
Is it possible? How can I do this?
Default Trac ticket permissions are TICKET_VIEW for 'anonymous' sessions (everyone) and editing for 'authenticated' users, yes.
You'll want to remove TICKET_VIEW, so only authenticated users will see (and modify) tickets. To accomplish that, any user with PERMISSION_REVOKE (inherited by TRAC_ADMIN and PERMISSION_ADMIN as well) is allowed to navigate to the permission web admin page, can check and submit the 'remove' action. Alternatively you could use the trac-admin command:
trac-admin <path_to_trac_env> permission remove anonymous TICKET_VIEW
where you need to replace the path with you real one, like /var/www/trac_env/myTrac.