In our intranet application, if a user is not authenticated, I use the CFNTAuthenticate tag.
But, normally the user is already authenticated and I'm able to retrieve his username with mid(cgi.REMOTE_USER, 8, 13). How can I retrieve his group memberships (or at least if he is member of a specific group) without having him to type his password (as he is already authenticated, single sign-on)?
I hope I was able to provide all required information for a simple answer from your side (in the hope there is a simple answer).
You can use any Active Directory account to retrieve group memberships for other users. I have a ColdFusion-specific domain account for looking up group information. That account doesn't need any special permissions in Active Directory.
Checking a direct group membership is simple. Use this as the LDAP query (<cfldap>):
(&(samAccountName=#userAccount#)(memberOf=#distinguishedNameOfGroup#))
If turns up empty the user is not member of that group.
Important: The values of userAccount and distinguishedNameOfGroup must be escaped before you can use them in a filter. See the Special Characters chart on the MSDN page that explains the search filter syntax.
Checking a nested group membership (i.e., user is in a subgroup of the group you want to check) is comparatively complicated.
Related
Is it possible to get the following information using Facebook Api:
Does the user belong to a specific group?
Has the user posted a certain news on their personal page?
If so, which methods should be used and which permissions will be required? Thanks in advance
Does the user belong to a specific group?
Theoretically via https://developers.facebook.com/docs/graph-api/reference/user/groups/ - but not sure what permissions that would actually need; docs say, “Returns an empty data set if the User is not a member of a Group, or has not granted the app any Group-level permissions.”, but the only permissions left with “group” in their name currently are groups_access_member_info and publish_to_groups - you’d have to test if either of those work for this purpose.
Has the user posted a certain news on their personal page?
You can only go through their posts, and then look at the content to see if it matches what you are looking for; there is no way to search for specific keywords, links or anything like that. Requires permission from the user to access their posts of course.
(But if you think of using that to force users to post a certain thing to get access to any content, or reward them in any way for posting something specific, please be aware that that is absolutely not allowed. https://developers.facebook.com/docs/apps/examples-platform-policy-4.5)
Is it possible in django to create permission to control (view/add/delete/change) user accounts only from specific group or e. g. having flag is_staff set to false? How can I do it?
For example, users from 'operators' group can manage users from 'clients' group and cannot control (even view) staff user accounts in admin interface.
Yes, it's possible to do that. You can specify groups of users and assign particular rights to them. It's quite well described in the docs - please see here: https://docs.djangoproject.com/en/1.8/topics/auth/default/#permissions-and-authorization
Hope that helps!
I'm a bit unsure what to use Django user groups for.
I have an application where every user belongs to a different organisation. The organisations don't have anything to do with read/write permissions. It's just a way to separate groups of users. Every organisation needs some additional fields, like a name, URL, and email address. New organisations will be added to the system over time.
Within every organisation, users can have different permissions for moderation and administration, for which I (also) want to use user groups.
My question: Should I use Django's user groups to define the organisations, or should I just make an 'Organisation' model with a relation to the user?
Nope. User groups are made for different reasons. You CAN use them to define organisations but I think you should think bit further ahead:
will the organisation require more fields than just name?
perhaps you will need permissions in the future to define users roles within organisations?
I'm sure you can come up with more things to think of. But if you answered yes to one of those questions then just create your Organisation model.
1) You need to add group from django admin side under group table.
2) And while creating new user, assign specific group to user using user_obj.groups.add(group_id). Or Let user select group at frontend.
and then user_obj.save()
in Group table, you can create organization
OR
You can create individual organization table and assign assign user to specific organization.
I have an application written in Oracle Apex 4.2
Different users have access to different pages. Apex's built in Access Control function ( ADMIN, EDIT, VIEW) takes care of what pages different users can see.
A separate requirement though is that some users can see certain pages and not edit them and other users can edit those pages.
I know that at the item level there is a Read Only option. I can hard code a user name ie
:APP_USER like 'Betty Boop%'
How can I set an item to be read only based on the Access Control group that a user belongs to (ADMIN,EDIT,VIEW)
I know that there is a utility: APEX_UTIL.CURRENT_USER_IN_GROUP
but if I do something like READ ONLY PL/SQL Expression
APEX_UTIL.CURRENT_USER_IN_GROUP('VIEW')
It doesn't do anything.
It seems that APEX_UTIL.CURRENT_USER_IN_GROUP doesn't know that the groups created by Apex Access control are groups - I need to code something? Create a function? Create a group table?
I'm not understanding how to do this
thanks
To use APEX_UTIL.CURRENT_USER_IN_GROUP you need to create user group(s) as an workspace administrator first: Administration->Manage Users and Groups->Groups->Create User Group.
Then you need to assign the group(s) to your application users: Groups->User Group Assigments. You should read documentation for more details.
And, after that you will be able to check an assignment of particular group to current application user with the APEX_UTIL.CURRENT_USER_IN_GROUP function.
I want to use the Django default auth system to manage users and groups. Is there an existing Django app/module that adds users to groups by invites? I.e. some existing user of the group sends an invite with a secret key in a URL, and another user that clicks on the URL joins the group.
I can write one, but figured I ask before doing that.
Thanks.
I am not sure if this will solve all your problems but do take a look at Pinax. They have features to support user invitation and user groups.