If I delete a user in redmine, what exactly will be deleted and what will stay?
Will the issues that user created be deleted as well?
If you delete a user, there will be a security question if you really want to do it and that it cannot be undone.
Then after deletion, all issues the user made are still there but marked as posted anonymous.
So if you also want to delete all posts by this user, you should do this before deleting the user.
Related
I'm viewing my admin site, but in the Add Groups page, I can still see the available permissions that I have deleted before. and in my models.py I haven't configured any of these table yet.
Does this mean I didn't clear my database thoroughly? Is there any way to delete all of these, just leave the permissions I have in this list?
Thank you!
Update:
I dropped my database created a new one, and re-built my data model. I can't view my previous group now :)
I dropped my database and my previous database user (Don't know if a new user is necessary), and created a new one. Then all my previous groups in this list disappeared. :)
I'm trying to delete a consent purpose that I created. I understand that I cannot delete a consent purpose if there are users associated with it.
I have already deleted all the users from the database, but when I print all the consents with the REST API there is a register of a user (but the database is empty).
How can I delete the user record that no longer exists in the database but is still related to consent?
How can I clean all the data related with the consents?
How can I revoke all the consents?
Am I missing something?
WSO2 IS v5.10.0
WSO2 Doc - https://docs.wso2.com/display/IS590/apidocs/Consent-management-apis/index.html#!/operations#Consent#consentsGet
I have been trying the WSO2 REST API to solve this issue, but without success.
When I try to delete a purpose with the WSO2 REST API - {"code":"CM_00079","message":"Bad Request","description":"Purpose Id: 29 is associated with one or more receipt(s)."}
Here you had to face this issue because of deleting users directly from the database/user store. It's not recommended to delete users directly from the database. If you use user deletion REST API/SOAP API, in addition to clearing user data from the userstore, it will invoke different user deletion pre-listeners/post-listeners and clear out the other associates/bindings to the deleting user which are stored in different tables/different DBs.
Clearing the consent recipient data is such a case and there are many more (eg: deleting the user from assigned roles).
Since you have removed the user directly from DB, the consent associated with the deleted user has not been cleared.
To delete the consent data of the user, clear the records in the following tables stored in Identity DB in the same order(due to foreign key constraints):
CM_SP_PURPOSE_PURPOSE_CAT_ASSC
CM_SP_PURPOSE_PII_CAT_ASSOC
CM_SP_PURPOSE_ASSOC
CM_RECEIPT_SP_ASSOC
CM_RECEIPT
Then try the REST API request to delete the consent purpose.
I want to be able to allow certain staff users the rights to add other users and staff but what seems weird to me is that 1) a staff member can just change their own privileges to superuser or just make a new user and grant superuser privileges to them. 2) delete a superuser or revoke their superuser status
Some staff users should be able to modify/create/delete users but they should not be able to delete super users nor assign permissions to themselves or other users that they do not have the permission themselves.
This has always been logic I have incorporated into my user systems that I've written in PHP and I was just wondering if there was a way to change these settings in Django as I really like Python/Django (I'm just beginning to learn it) and can see myself migrating away from PHP. But part of the beauty for me lied in the admin panel and if that is something that cannot be changed, that's kind of cringe-worthy.
It reminds me of a restaurant POS system that I used to use when I was a GM. As the GM, I had powers that shift managers did not have. However, the shift managers could add a fingerprint to my profile (theirs) and then just log in as me and do anything they wanted to. I always felt this was a severe security breach and even took disciplinary action on an employee for doing this. It also allowed the shift managers to create new employees with titles that were above theirs which created the same problem as they could just create a new GM or Area Manager, login, do whatever they wanted, and see all kinds of things that they shouldn't (like their colleagues' salaries), and then hide (not delete) the user. (this is how he got caught)
If anyone has a fix or any ideas and suggestions, I'd love to hear them and keep learning this exciting new language. Thanks in advance!
Django admin is a basic CRUD system, it is not recommended to use in that way. Django views (your custom views) give you more power to control the process.
First of all, Django Permissions might be a good start point. Create Groups for user types and assign desired permissions for each group. Do not give permission for non-superusers to change group or permissions.
Second thing is using Django Signals to check data before saving it. For example, a pre_save signal for User creation can be used to check if is_superuser, is_staff values of the user are set by non-superuser. You can add added_by value to the user model and verify your checks using this value.
Also, using custom forms for Django admin is also possible and might be the simplest solution for it. Just make a custom form for creating and editing users and verify changes in the form directly before allowing the view to save anything. It is also possible to inform user that they don't have access for changes they made and also notify the management about the attempt.
(amazing, I have not found such a question yet!)
I deleted part of my users in the db, and accidentally also the AnonymousUser-instance.
How do I restore him? (well... him or her, for the sake of political correctness :-P)
I do need an instance of him in the db, right? (so far, by quickly browsing my site, I have not run into issues). What would be the problems without him, by the way?
But there is no AnonymousUser.objects-manager to create one. And save() is not implemeted anyway, like the docs say. So do I drop the users table and migrate? Will it help and/or can I proceed differently?
Thanks a lot :)
Anonymous user is an instance of django.contrib.auth.models.AnonymousUser and is created on the fly when the auth backend does not found any authenticated user in session and it is not stored in the database, hence save is not implemented on this and id is always None as the doc states.
Update after comment
django-userena uses django-guardian to manage per object permissions, and django-guardian will create this user automatically listening to signals.post_migrate signal. So simply run migrate command and you should have your so called anonymous user back (This is not an instance of django.contrib.auth.models.AnonymousUser it is an actual user instance of your user model).
You can disable this behavior altogether depending on your needs, check django-guardian docs.
How do I manage users of our tikiwiki?
The tiki process on the server is ran under my name. I am the user of the tikiwiki, but I am not sure I am an admin user.
Most likely not but question one is: How do I find that out?
(my Admin Menu is empty)
Some user contacted me saying her account is "Locked". It so happened that there is no one else to restore it, but me.
Can anyone help where to look? I only used my tikiwiki account to limited extent. Just wrote couple of articles. But never administered.
There is always a built in user in Tiki called "admin" and that is in a group called "Admins" which has permission to do everything, so it sounds like your user isn't in that group.
If the admin user was set up with a valid email account (and you know it and have access to it) then you can get the password reset and a link to make a new one will be emailed to that address. If you can access the installer or the database then there are various other options on how to recover the admin login here: https://doc.tiki.org/Lost+admin+password
Once you have done this and can administer the Tiki again you should add your usual user to the Admins group.
To unlock another user's account you will need to either access the user admin list (once you have admin login again) or if you can get to the database you should be able to clear the relevant field in the database directly using phpmyadmin or similar as a last resort (ask again if you need this much detail).