I've setup several areas in the dashboard.config file of my umbraco site to extend the admin. However, not all users should have access to these tabs. Is there a way to restrict access? I can only see how to restrict access from a particular section (e.g. Settings or Developer).
well yes, its not possible to block certain tabs from the users section
you can workaround that yourself in the usercontrols on the dashboard itself.
in the page_load of your usercontrols you can request the current user
and do something with it...
example: you could create a new usertype to give them access...
User u = User.GetCurrent();
if(u.UserType.Id != <the id of your new usertype>)
{
pnlNoAccess.visible = true;
}
there is a better solution beeing worked on,
codeplex work item for this issue
yet still it has no target for release.
Related
I have a project and i want my ASP.Net to be able to have same capabilities like windows insider. For example i want to give some of the users the new features and functionality to test same like share point allows to deploy new feature to some of the users. Is there any platform available that i can use or i will have to modify my application to have this capability?
E.g. the Sharepoint today has this capability that we can select some users and then provide them access to have new feature and version or outlook allows you to see new features but user has capability to turn it of.
There is one strategy:
You can do something like request forwarding.
You can install another web application with new features.
Then when user comes to your site you can ask them whether they want to see old application / new application.
If they select new, then on server side, you can redirect user to new web setup.
Once you aware that most of the people are going to new web tier, you can then shutdown old servers.
Obviously there will be other factors, like
is this only UI level change or you have some data store and that is
also going to change.
If it requires change in underlying database, then how are you going
to make sure that new application gets data from old database
You will have to think through and decide strategy best applicable for your solution.
I know this does not provide direct solution to your question, but this should given enough information on your question so that you can get started with some approach.
One option is to use an Authorize Attribute on a new controller defined for the new feature and add users who you want to have access to a role.
For example you could put users A, B and C into the Role "CanUseNewFeature" and just put a conditional if on the view something like:
#if(User.IsInRole("CanUseNewFeature")
<a href="yourlink" /> Check out new feature! </a>
and the controller
[Authorise(Roles ="CanUseNewFeature")]
public class NewFeatureController : Controller
I have an application which is centered around data per 'team'. A user belongs to a team and if they log in they only see that team's data.
However, I now have super users who essentially belong to more than one team. These users should be able to log in to the system and then immediately choose which team they are interested in. From then on they will essentially view/create data against that selected team. They should also have the option to go and change what team they are viewing at any time.
I've established that the user would like to be able to have multiple tabs open and be viewing a different team in each tab.
I'm struggling to work out the best way to accomplish this with .NET MVC while keeping it as stateless and testable as possible.
I've been reading up on the different ways to persist data - session state and cookies seem to get a bad rep in MVC. TempData, ViewBag seem to focus on just persisting data for one request.
I wouldn't have thought that this is an uncommon requirement in an application - are there known patterns for dealing with this in MVC which I have missed?
So far I'm trying to create a partial view which I can show on each page to let the user see what team they are viewing the site as, and change it from there.
Any advice is appreciated!
If you want to let your superuser view multiple teams data then you'll want to pass the team information in on the request, on the query string or as something that looks like a restful url:
/blueteam/members
In fact it would be extra work to track this in a stateful manner as you'd have track user, team, and ui element when a superuser can view multiple team data at once.
I'd say passing the information in on every request is a pretty standard approach to your situation.
The tricky part of the stateless approach is decorating all your internal application links with the team information without too much extra work. Relative links can be your friends here. So a link to the bug page for a team might be to simply "bugs", picking up the team name higher in the uri path. If you are creating something that looks like a one page application it's easy enough to store the team info on the client.
If you don't want team members to see data for other team members, you can set up guard functions that check for team membership for certain classes of users before rendering a view.
I am using Durandal, knockout to create a Single Page Application. I need to do following (two pretty simple things):
Show/hide widgets that are only for administrator, based upon the user's authorization,
Change menu options based upon whether user is authenticated or not (for anonymous show - login/sign up and when authenticated show "Welcome .." .
If this was a regular MVC4 application I would have done it using
#if (User.Identity.IsAuthenticated) { ... } check in razor views, but with views in durandal this is ruled out.
I want to avoid putting sensitive business logic in javascript - user need not know what kind of options could have been available to him if he was an administrator.
What's the best way to achieve this in Durandal & Knockout? I have been coding so far using classic ASP.NET and lately using ASP.NET MVC. Developing SPA using Durandal is a new game for me...If anyone can give me only steps/pointers to do this that will help a lot too..thanks in advance!
The way I do it.
My menus are build inside a menubar.js file. The menuItems are observableArrays([]) initially and I subscribe to a topic "user-logged-in".
When the user logs in, I get the user's permissions/roles and store them locally in storage. and then send out notification "user-logged-in" with the user data.
My menubar recieves the notification, checks the permissions/roles and adds various menu items appropriately.
the shell.html has a view composition for the menubar.js. So if there are menuitems, it shows up, else it does not. so when the user logs in, the menuItems are populated and at this point the menu items show up.
When the user logs out, I clear the local storage cache and send out a message "user-logged-out".
The menubar.js recieves this message and clears it's menu items, essentially clearing the menu on the menubar.htm
You can essentially do the same for the widgets and use a visible binding to a property which hides or shows for a particular permission/role.
Also important is router.guardRoute. read up on this so that people cannot directly go to a route without logging in.
Hope that helps
I am looking into OFBiz HR module, there leave functionality is implemented perfectly. But i am not understand few points. Even if i login as demoemployee i can apply leave for Admin.
This sould not be the case.
Please verify the following steps:
Logged in as demoemployee: (uid: demoemployee, pwd:ofbiz)
Navigate to HR --> Human Resources --> Leave
Click on "New Leave" button
Select partyid as "admin" The Administrator, and other fields... and click on "Create".
The leave has been created for admin.
I want to know how to restrict employee to apply his/her own leaves.
Is ofbiz can be used for Employee-Self-Service functionalities like updating his own details/viewing his own salary details, updating his own leavs....
Thanks,
Chandrasekhar K.
Usually OFBiz OTTB components are pretty generic and will not apply to everyones use case and some customization is required, this is also the case with HR module.
I am looking into OFBiz HR module, there leave functionality is implemented perfectly. But i am not understand few points. Even if i login as demoemployee i can apply leave for Admin. This sould not be the case.
demoemployee is part of HUMANRES_EMPLOYEE group which has VIEW and CREATE permissions, that's why with this user you can view and create leaves. But notice that you don't have UPDATE permission for example, so you cannot update and approve the leave. Usually in this case the leave is still not valid, only entered in the system…
I want to know how to restrict employee to apply his/her own leaves.
To restrict the users from creating leaves for other users, you have to override the humanResManagerPermission service and apply your custom logic (logged in user partyId should be the same as leaving party Id)
Is ofbiz can be used for Employee-Self-Service functionalities like updating his own details/viewing his own salary details, updating his own leavs....
Yes definitely, two approaches:
if there are some screens in HR or Party component close to your requirements customize them
Create a new component, with the spcific screens you want.
In both cases you can/should reuse the existing datamode and services. Most/all of the work will be about creating appropirate UI
Greetings all,
I have a question.
On my MOSS 2007 dev box, I created a new sharepoint site using the Publishing -> Publishing Site template.
Now, On this site, I can create pages, check them in, publish them, etc.
What I want to do is create a scope that I can do searches on. However, one of the filters I want to apply to the scope is to ignore everything which is not published.
Does anyone out there know of a property (which I can use in a metadata property in my shared service which is in turn used in my scope) to determine if a page is in a published status, draft status, any other sort of status?
Does such a property exist?
Thanks in advance for your help.
cmb..
By default, when you view pages in a SharePoint site, and you're not signed in (eg your a anon user) then you will only see the last published version of that page. You won't see the version currently being edited (if it is checked out).
Now, if you want to stop users who are signed in from searching any pages which are not checked in, then have a look at filtering using the 'Approved Status' field. I'm not sure how to do this myself, but that's usually the field you filter on for stuff like views.
Yes, the "Approval Status" field is what you're looking for.
The property you need to map to is "_ModerationStatus" within your SSP search configuration.