We are creating a back end admin system and want to allow users in roles such as finance and membership to have access to certain areas. Ideally we would like to show only areas that you have access to in the navigation.
Using umbraco 4.7+ and razor. We are using the Microsoft role provider.
I was wondering if anyone knows how I could access the currently logged in users role?
DynamicNode has two methods that will be your friends here, HasAccess() and IsProtected(). Here's an example of how to filter and show nodes that the user only has access to. Here's another one.
Using those methods you shouldn't need to have to get the roles of the currently logged in user, but that's not hard to do as well. Roles.GetRolesForUser() returns an array of the currently logged in user's roles. For more information, refer to the documentation.
Related
The document shows that the r_fullprofile member permission is needed to get the user's organizations field.
I can not find in the document way to get the r_fullprofile permission.
I have already created new developer application.
Question:
How to get permission to fetch user's organization data via API call.
As per my understanding, I have only seen basic and lite profile member permissions.
Currently LinkedIn provides only 3 type of products, which are given below
and the scopes are provided based on these products.
For you requirement, you can opt for the marketing developer program, which will give the permission r_organization_admin
and using this permission, you can use following endpoint to get user's organizations along with roles.
We also did similar things in our app, where we list down user's organizations and user can select them to share their posts from our app.
i want to provide role based route access e.g there is two types of user 1.Admin and 2.normal user.
if normal user try to access admin pages through url then user will redirects to dashboard page and same case for admin.
This is quite a lot of code you're asking for.
One thing you need to look into is Route Guards which let you protect access to routes based on your own written criteria:
https://angular.io/guide/router#milestone-5-route-guards
You also need to pick a way to manage your roles and users. A popular way for Ionic is to use Firebase:
https://firebase.google.com/
A great tutorial for setting this all up is over at AngularFirebase.com (currently rebranding to Fireship.io).
It's a long tutorial, and you will need to follow an additional tutorial for setting up the login system as well, but it will get you to where you want to be.
Role Based Authorization With Firestore and Angular
Is there a way to provide generic permissions for users to run reports stored in the Report Manager? I can see how to provide access on an individual user basis via Manage -> Security -> New Role Assignment, by adding the User's Windows login name and assigning them to the Browser role for the report. (Report Manager already knows the domain name).
However, we don't want to be continually having to manage this for each new user. I want anyone under that domain name to have access without needing to configure it. I had hoped that just adding the domain name as a 'user' to the Browser role for that report would do it, but to no avail.
You can add any domain group that has been set up, not just individual users, or you can simply add all domain users, i.e. MYDOMAIN\Domain Users to the Browser role, which seems to be what you're after.
However, I would recommend creating a generic user group like MYDOMAIN\SSRSReportUsers or something like that and adding this group to the browser role instead of MYDOMAIN\Domain Users, as adding all users to the Report Server seems like it doesn't give you many options to manage this in any sort of granular way.
Is it possible to restrict access of Site public pages for a few Users through configuration?
Now by default in liferay anybody can access the Public pages [that is the reason they are named Public Pages :-) ] of any Site whether Open, Restricted or Private.
In our system we force login to access even Public pages, but once logged-in the User can see the public-page of any Site if he has the URL for it.
To make the requirement more clear:
I have 3 users in the system, User01, User02, User03.
I have 3 Sites - Site01 (open), Site02 (restricted), Site03 (private)
These Sites have only one User respectively.
All these 3 users can see public-pages of all three Sites. So now what I want is that only User02 should be an exception, that is User02 should not be able to access the Public-pages of Site01 and Site03.
Is this possible through configuration? Or will it require changes in liferay code (possibly through hook)?
Even if we can limit access to Public-pages for all Users who are not member of that Site that will also work?
Any ideas or help is much appreciated. Thanks.
Here are few steps to achieve this:
You can remove view permission from guest role(or all role as per your requirement) to specified page(here from public pages as per your
requirement) from manage permission tab of page.
Create a new role(which will allow view permission) and from manage permission of page assign this role view permission.
Now assign these newly created role to users to whom you want to have view access to pages
For your last question
Even if we can limit access to Public-pages for all Users who are not
member of that Site that will also work?
This can be achieved by removing VIEW permission for Guest role for each of Public pages of site.
HTH,
Thanks,
In an ASP.NEt MVC application, how is it possible to display some conditional data to a layout page?
My application allows a user with a role of "Admin" to view the other user's pages and data from the same application. When the Admin views the pages of another user he/she needs to see the information of the user like his name/role/etc whose data he/she is viewing ( this information comes from the DB) . This info needs to be shown in all the pages when an Admin User is logged in and ONLY when an ADmin is logged in. i.e, if a user who is not Admin enters these details should not be shown as it is not relevant.
The issue iam facing in my attempts is that the Admin user does not login to the user's page, instead I have to achieve this feature of switching to the users view by clicking on a list/grid of users. This takes me to the home page of the user (and i get the inforamtion displayed since i set it in viwbag) .Question is, how do i set this value in the subsequent user pages of this session. Trying to avoid filling this viewbag value in every controller/action.
Please help!
PS: The information that needs to be displayed in the layout is based on the user's ID that the Admin selects from the grid. It commes from the DB.
You could write the user id to a cookie and use a action filter to check for this cookie on requests done by the admin user