I want to create 2 more roles in boonex except (admin and normal user) and want to manage privacy setting and accessabilty of site according to role.
Please help
Go to Admin panel> Tools> Membership Settings>
There you can create new membership level, set privacy for each level.
You will need to check page access module to ensure that they have access to each page in Navigation menu.
Also if you uninstall a module for an update, you will need to check membership settings for the memberships that are create again.
If you want to assign Admin duties, download deanos Tool, which is free in Boonex market.
If you are assigning Moderator duties that will be done on that groups page, manage fans in action block
Related
I have a functioning rails app with devise Admins and Users, and I want to create a secure way that will only allow users with specific IDs to become authorized to become admins. Currently, I have a static link that is not very secure that will make the current user an admin(website.com/make_admin), but I want to find the most secure method to turn specific users into administrators (I am open to all options that could accomplish this). What would be the best way for me to do this?
I'd recommend adding an admin field to the user form to select if they're an admin user, but do a check in the update/create actions on your users controller to check if the current_user (if using Devise) is another admin user (or whatever role type they need to be to update other admin permissions).
You would also probably want to do a check to make sure they can't set themselves as admin=false, otherwise you could end up with no admin users left on the site and no-one with permission to change this. That said, depending on the app you could always just manually manage admin users - my company will do this depending on the client and their needs.
You can use Rolify to give roles to the user's and CanCanCan for access control.
You can assign roles to user either from rails console or you can generate a view for it, and restrict it to admin and assign roles to each individual user.
You could add an admin boolean to your user model, and update it through the rails console
rails g migration add_admin_to_users admin:boolean
Shiro plugin giving access to user for particular actions.
https://grails.org/plugin/shiro
I am working on a grails application for the first time and I now want to protect some pages to be viewed only by admins, and give some permissions to other users.
As this reference page(https://grails.org/plugin/shiro) suggests :
You will need to define roles and their permission
def adminRole = new ShiroRole(name: "Administrator")
adminRole.addToPermissions("printer:*:*")
adminRole.addToPermissions("admin")
…
adminRole.save()
Now suppose you want to add few pages URL to admin role.
You can call addToPermissions for that, in above code "printer:*:*" means that all the resources under printer will be accessible to admin profile.
You can create multiple roles with different permissions and attach them to different user which will help you to segregate the pages for different roles.
I am using TFS 2015. I make one user as Readers in project settings but still the user is able to create and update work-items/bugs. So, I am confused what I need to do in order to allow a user to just view the work-items/quires/stories but not add/edit any item.
The Readers group setting does not restrict ability to edit or create work items. You can do that in area path security settings Set permissions and access for work tracking. So you may create new group (in example Disallow Access Group). Then open security setting for the root area.
Deny needed permissions
In your case you have to enable View work items in this node
If you have the user only in the Readers TFS group of the given team project, the user will not be able to able to add/edit work items.
This can happen if you have altered the group membership, so that Readers are member of the Team (the team created by default or a new team), which is default a member of Contributors. This way readers TFS Group get inherited from Contributors permissions.
Verify the Readers group has below as permissions (default)
and it is not something like below
The other possibility is your user has collection level permissions so the project permissions are inherited to allow by default.
I have a webapp build with rails. Nothing complicated so far. Now I would like to restrict some areas for the user. I would like to implement two roles, User and Admin. Clearly the admin can do much more, like use DELETE in some of the controller methods. But there is even more. The user should be able to set some settings. For example he can set his profile to private, so only his friends can see his content. I am not sure how to build all of this with rails.
I did some research and found those two:
https://github.com/elabs/pundit
https://github.com/ledermann/rails-settings
Maybe a combination of those two would get me to the way I want the app to be?
If the app is going to be used used by real users i would go for the devise gem(https://github.com/plataformatec/devise) It allows user to create accounts, retrieve lost passwords etc. By default it allows users to edit their "profile"(rather their personal data), it should be easy to add a checkbox to toggle public/private profiles.
In conjunction with cancancan(https://github.com/CanCanCommunity/cancancan) you can assign roles to users, without having two different classes(Users and Admins for example).
I am having a little difficulty understanding when a person should configure JIRA permissions using groups and when they should use project roles. I have read the online documentation, however, the difference between the two seems subtle.
A group seems simple enough. Group users into a named bucket. Assign the group to one or more permissions within a permission scheme to enable access to functionality for any users within the group. Assign the permission scheme to a project to apply the permissions to that project.
A project role seems very similar. It does all of the above except that you can also add groups to project roles. It seems that a project role also allows a project administrator to add their own users to a project instead of requiring a system administrator.
However, I am not sure how I can leverage this. Here is an example of what I want to achieve.
Have multiple projects created in JIRA.
All of our managers, developers, etc. have the same permissions across all projects.
Our clients have access only to their projects.
I think that the best way to accomplish this is to:
Create an employees group to which I add all of our employees.
Create one or more project roles to which I add the appropriate clients.
Assign permissions to the Default Permissions Scheme using the employees group.
Copy the Default Permission Scheme to a new project specific scheme, e.g., client-scheme
Assign the client-scheme to the client specific project.
However, it seems that I am not leveraging project role membership. How does this come into play?
What is the best practice for using JIRA groups and project roles? What is the different between the two?
We are advising to work with roles as it has a couple of advantages
a. You can setup the complete configuration based on roles.
For instance you might have a workflow transition 'validated' which can only be executed by someone who is a tester.
You have the choice to add a transition condition 'user is in group tester' or 'user has the role tester'.
If you are working in an organisation where users have different roles in different projects, choosing the first transition condition (user is in group tester) will not work (or you would need a new workflow for each project)
The same applies for notifications.
You can configure a notification on the 'issue resolved' event, specifying that the 'users in group tester' get notified or 'users who have the role tester'.
When using roles, adding someone to a project is very simple - just check what role the person has in the project, add them in the project configuration (view members) and you are done. He will have the right permissions, get the right notifications ...
b. Configuration
When you use roles for configuration, you don't need system administration rights to add someone to a project. The project lead will be able to add the user. No need to bother the system admin.
Looking at your description, I would have
A project role 'employee'
A project role 'customer'
A group 'employees'
configure the project role such that the group employees is a default member of the project role employee
This way you can use the same permission scheme for all projects. When adding a new project, you just need to add the client specific userid to the client role.
When a new employee start, you add him to the employees group.
The day that you have a specific, ultra secret project, where only a couple of employees need to have access, you can remove the group 'employees' from the role 'employee' and add the specific users to the role.
Hope this helps
Francis
Historically, JIRA had groups first. Then roles came along and are the recommended way to control authorization in most cases.
~Matt
Groups are global. Roles can be thought of as per-project (local) groups.
Roles are much better: else with a large number of projects you quickly end up with a proliferation of Groups and permission schemes (one per project).
You lose nothing by using role-based permission schemes, since you can add a Group to a role.
But you gain a lot of flexibility. Eg you'd currently have the Employee role be filled with your Employees group for every project, but as your company and complexity grows, you can have different Employees per project, without having to change the permission schemes