Menu
▾
▴
openinteract-help
|
From: <Tho...@be...> - 2001-12-11 15:48:19
|
Hi there. Is it possible to set the other forms secure like the search_form as = done below ? Greets. Thomas -----Urspr=FCngliche Nachricht----- Von: Chris Winters [mailto:ch...@cw...] Gesendet: Freitag, 7. Dezember 2001 14:20 An: Tho...@be... Cc: ope...@li... Betreff: Re: [Openinteract-help] Security in CommonHandler * Tho...@be... (Tho...@be...) [011207 07:55]: > Is it possible to make the search_form page from the Classified > package secure ? If I edit the security of the object and the > handler nothing happens. > > Everyone can see the search_form :-( Sure. In OpenInteract/Handler/Classified.pm you currently have: %OpenInteract::Handler::Classified::security =3D ( DEFAULT_SECURITY_KEY() =3D> SEC_LEVEL_NONE, create =3D> SEC_LEVEL_READ, edit =3D> SEC_LEVEL_READ, remove =3D> SEC_LEVEL_WRITE, ); Set it to: %OpenInteract::Handler::Classified::security =3D ( search_form =3D> SEC_LEVEL_READ, DEFAULT_SECURITY_KEY() =3D> SEC_LEVEL_NONE, create =3D> SEC_LEVEL_READ, edit =3D> SEC_LEVEL_READ, remove =3D> SEC_LEVEL_WRITE, ); OR, if you want to ensure that people have access to execute any operation: %OpenInteract::Handler::Classified::security =3D ( DEFAULT_SECURITY_KEY() =3D> SEC_LEVEL_READ, remove =3D> SEC_LEVEL_WRITE, ); Re-deploy this and restart the server, and you should be good. Chris --=20 Chris Winters (ch...@cw...) Building enterprise-capable snack solutions since 1988. _______________________________________________ openinteract-help mailing list ope...@li... https://lists.sourceforge.net/lists/listinfo/openinteract-help |
|
From: <Tho...@be...> - 2001-12-13 07:19:15
|
Yeah thats right, but the form security does not work. If I set security level at edit to write, user who have read level can = see the form ! Only after clicking "Modify" the message "Task is forbidden" appears. I saw I have to set "show" to write but then all is secure, the user = should only see the Detailform not the editform, so that=20 /Classified/show/?edit must be writelevel and /Classified/show/?classified_id=3Dxx must be level read. is that possible ? greets. THomas -----Urspr=FCngliche Nachricht----- Von: Chris Winters [mailto:ch...@cw...] Gesendet: Dienstag, 11. Dezember 2001 17:23 An: Tho...@be... Cc: ope...@li... Betreff: Re: [Openinteract-help] Security in CommonHandler * Tho...@be... (Tho...@be...) [011211 10:57]: > Is it possible to set the other forms secure like the search_form as > done below ? Sure thing -- each 'task' can be listed in the package 'security' hash of your handler and assigned a minimum security level. So the following security specification: %OpenInteract::Handler::Classified::security =3D ( search_form =3D> SEC_LEVEL_READ, search =3D> SEC_LEVEL_READ, show =3D> SEC_LEVEL_READ, create =3D> SEC_LEVEL_WRITE, edit =3D> SEC_LEVEL_WRITE, remove =3D> SEC_LEVEL_WRITE, ); Means that: /Classified/search_form/ --> requires 'read' access to the handler /Classified/search/ --> requires 'read' access to the handler /Classified/show/ --> requires 'read' access to the handler /Classified/create/ --> requires 'write' access to the handler /Classified/edit/ --> requires 'write' access to the handler /Classified/remove/ --> requires 'write' access to the handler Using: %OpenInteract::Handler::Classified::security =3D ( DEFAULT_SECURITY_KEY() =3D> SEC_LEVEL_READ, ); Means that the minimum security for any task not specified is 'read'. And if a task isn't specified in the package security hash and there's no default set by you, then OpenInteract assumes 'write' access is required to run the task. Hope that makes sense, Chris --=20 Chris Winters (ch...@cw...) Building enterprise-capable snack solutions since 1988. |
|
From: Victor P. <ope...@ha...> - 2001-12-13 08:10:17
|
Hi,
I think you can do this by overriding _show_customize().
You can see an example in the Weblink handler. Basically, you set
MY_OBJECT_FORM_TEMPLATE to return the un-editable template, then in
_show_customize() compare the access levels. If the user has the proper
access level
(>=3DSEC_LEVEL_WRITE), set the $params->{template_name} to be the editabl=
e
template.
But the code is worth a thousand words, check out the Weblink package.
-Victor
> -----Original Message-----
> From: ope...@li...
> [mailto:ope...@li...]On Behalf
> Of Tho...@be...
> Sent: Wednesday, December 12, 2001 11:09 PM
> To: ch...@cw...
> Cc: ope...@li...
> Subject: AW: [Openinteract-help] Security in CommonHandler
>
>
> Yeah thats right, but the form security does not work.
>
> If I set security level at edit to write, user who have read level can =
see
> the form ! Only after clicking "Modify" the message "Task is forbidden"
> appears.
>
> I saw I have to set "show" to write but then all is secure, the
> user should
> only see the Detailform not the editform, so that
>
> /Classified/show/?edit must be writelevel and
> /Classified/show/?classified_id=3Dxx must be level read.
>
> is that possible ?
>
> greets.
> THomas
>
>
> -----Urspr=FCngliche Nachricht-----
> Von: Chris Winters [mailto:ch...@cw...]
> Gesendet: Dienstag, 11. Dezember 2001 17:23
> An: Tho...@be...
> Cc: ope...@li...
> Betreff: Re: [Openinteract-help] Security in CommonHandler
>
>
> * Tho...@be... (Tho...@be...) [011211
> 10:57]:
> > Is it possible to set the other forms secure like the search_form as
> > done below ?
>
> Sure thing -- each 'task' can be listed in the package 'security' hash
> of your handler and assigned a minimum security level. So the
> following security specification:
>
> %OpenInteract::Handler::Classified::security =3D (
> search_form =3D> SEC_LEVEL_READ,
> search =3D> SEC_LEVEL_READ,
> show =3D> SEC_LEVEL_READ,
> create =3D> SEC_LEVEL_WRITE,
> edit =3D> SEC_LEVEL_WRITE,
> remove =3D> SEC_LEVEL_WRITE,
> );
>
> Means that:
>
> /Classified/search_form/ --> requires 'read' access to the handler
> /Classified/search/ --> requires 'read' access to the handler
> /Classified/show/ --> requires 'read' access to the handler
> /Classified/create/ --> requires 'write' access to the handler
> /Classified/edit/ --> requires 'write' access to the handler
> /Classified/remove/ --> requires 'write' access to the handler
>
> Using:
>
> %OpenInteract::Handler::Classified::security =3D (
> DEFAULT_SECURITY_KEY() =3D> SEC_LEVEL_READ,
> );
>
> Means that the minimum security for any task not specified is
> 'read'. And if a task isn't specified in the package security hash and
> there's no default set by you, then OpenInteract assumes 'write'
> access is required to run the task.
>
> Hope that makes sense,
>
> Chris
>
> --
> Chris Winters (ch...@cw...)
> Building enterprise-capable snack solutions since 1988.
>
> _______________________________________________
> openinteract-help mailing list
> ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openinteract-help
>
|
|
From: Chris W. <ch...@cw...> - 2001-12-11 16:01:41
|
* Tho...@be... (Tho...@be...) [011211 10:57]: > Is it possible to set the other forms secure like the search_form as > done below ? Sure thing -- each 'task' can be listed in the package 'security' hash of your handler and assigned a minimum security level. So the following security specification: %OpenInteract::Handler::Classified::security = ( search_form => SEC_LEVEL_READ, search => SEC_LEVEL_READ, show => SEC_LEVEL_READ, create => SEC_LEVEL_WRITE, edit => SEC_LEVEL_WRITE, remove => SEC_LEVEL_WRITE, ); Means that: /Classified/search_form/ --> requires 'read' access to the handler /Classified/search/ --> requires 'read' access to the handler /Classified/show/ --> requires 'read' access to the handler /Classified/create/ --> requires 'write' access to the handler /Classified/edit/ --> requires 'write' access to the handler /Classified/remove/ --> requires 'write' access to the handler Using: %OpenInteract::Handler::Classified::security = ( DEFAULT_SECURITY_KEY() => SEC_LEVEL_READ, ); Means that the minimum security for any task not specified is 'read'. And if a task isn't specified in the package security hash and there's no default set by you, then OpenInteract assumes 'write' access is required to run the task. Hope that makes sense, Chris -- Chris Winters (ch...@cw...) Building enterprise-capable snack solutions since 1988. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X