I'd like all my wordpress posts to be editable by all users, guests included.
does anybody know if this is possible?
I already tried all the "wiki" plugins but without success.
it's absolutely possible. However, there are certain step that require manual programming.
The step is:
create an edit page in non admin area
do the editing there (you can mimic admin's edit page or you just display the body only)
upon saving, you can, either create new user programmatically and assign that user as the editor (this, off course will require another table or another mechanism) or leave the editor as post's previous owner
Related
My website runs under Django 1.6 and I'm using the very nice Django admin two box multi-selector widget for some of my site forms. I've just discovered, however, that the two box selector only appears in my forms for users who have staff/admin status. Everyone else sees the not so nice one box selector that requires scrolling and holding down the control key to find select multiple items.
I don't want to give all of these users access to the entire admin site. Is there a way to fix this? I can't seem to find where the check for admin rights is being made. It seems like this widget is pretty popular and I don't see similar questions, so I feel like I'm missing something.
Thanks for your help.
Since I still don't have any clear direction on this, I took the alternative action of adding code to assign is_staff=1 when users are given access to the forms that use the multi-select control and remove those rights when access is removed.
Django has an authentication and authorization scheme baked in ('django.contrib.auth') as well as modelforms to generate forms for easy input of data into the database.
I'd like to be able to record who created a record, leveraging django.contrib.auth, with the explicit purpose of limiting editing of that same record to just that user and/or people with an "edit" permission. I know that I could use the #user_passes_test decorator to restrict access to editing my record in some fashion, but I don't know what I would compare the request.user.name to in order to determine if the current user originally created that record.
How much of this do I need to roll on my own? Do I need to capture the name author, save it to the model, and then read it - or is there something already in the framework that would do this for me?
And, if I was to attempt to save the author in a field, how would I go about doing that in such a way as to not let the user edit their own credentials?
There are a couple of apps to do something similar, please check https://www.djangopackages.com/grids/g/model-audit/
About the last questions, to prevent the user not to edit its own credentials, you can mark the field with editable=False so it wont appear in the admin or ModelForms.
I'm new to Sharepoint and I try to create application pages (via visual studio).
I want to see the design of the pages without the administrator header and the left column. I want to see the page only without anything else to summarize.
Of course I tried to log-in with a read only user but i can't figure out how to remove those for the non-admin.
Is-it a permission setting? Or is it a template setting? Or something else?
Sorry if the question is stupid.
For the header, I have done this before by putting a control on the page which checks to see if the current user is an admin or not and if they are not an admin, the following CSS is added to the page
div#s4-ribbonrow
{
display: none;
}
Not sure if it is the best solution but I created a custom master page with code-behind to show/hide the unwanted parts depending on the rights.
Maybe some others solutions would be quicker but I had to create a master page for design reasons anyway.
Scenario:
I have an administration-application which manages the user accounts for another application. Now I would like to place an user-specific-link (e.g. Click here to login with user1) in the administration-application allowing the admin to directly log in with the user in a separate browser window or tab (target="_blank").
Problem:
When the admin clicks two or more links and opens two tabs with tab1=user1 and tab2=user2, the last clicked tab overwrites the session-variables of all other tabs. Sure... that's how sessions work, but I wonder if there is a way to let the admin manage multiple user interfaces with one session in multiple tabs? But I don't see a possibility to identify a specific tab in the browser so that I could say "in tab1 is user1 and in tab2 is user2 logged in ...
Question:
Has anyone done something similar and likes to share the basic idea of solving this?
EDIT:
One possible solution could be to add an parameter to the URL with the userid and hand it through to every page, right?
As your edit points out, the way to do this is with a url variable that specifies who the user should be.
There are a number of security issues with this approach tho.
I'm assuming that your initial link is doing some sort of security check to make sure that the initial "log in" of the user is an authorized request. You'll need to do a similar thing for this method. If your initial request is something like http://example.com/page.cfm?userid={id}&authtoken={encryptedtoken} I would then put that userid into the session scope as a valid userid that the admin can impersonate. The more links they click on the more users they can impersonate. On subsequent requests you check the requested userid against the allowed list in the session and either allow or deny the impersonation.
You'll also need to update all the links on the site so that they include the userid in them. The easier way to do this is to cheat and user jQuery or such to rewrite all internal urls with the userid appended. You would conditionally include that javascript based on the above check.
Lastly you'll likely want to prevent these urls that include the userid from appearing in search engines, if it's not a fully locked down site. You'll either need to use canonical urls to remove the userid, or set x-robots headers to tell search engines not to index the urls where the userid has been specified; or both.
That's the most primitive method of getting different "sessions" for multiple users in the same browser. However you'll then bump into issues if you're using the session scope for anything meaningful, because each tab will try overwriting the other. You'll need to overwrite the normal site session variables on each request, or you'll need to create different structures in the session scope for each userid that is used. How much of a problem this is depends on your application.
It's a do-able thing, but probably a lot more work then you were hoping for.
The other option is to get the admins to use Google Chrome with multiple profiles and copy and paste the login url into different profile windows. A slight inconvenience for them, but a lot less work for you.
In the last year we've had a couple of incidents where a user accidentally unpublished the 'Home' item (which is the root item in our site), before publishing it to our 'Live' database, which removed it from the site.
What is the best way to prevent important content from being unpublished from a production Sitecore web site?
Your "easy" security options are to either protect the Home item itself from editing, or to restrict access to publishing options. Using standard Sitecore security, disable write access on Home for a particular user role, or disable read access on the Publishing Restrictions chunk or button in core (/sitecore/content/Applications/Content Editor/Ribbons/Chunks/Publish Restrictions/Change).
If you really don't need anyone besides admins editing the Home item, you can also Protect the item from the Configure ribbon.
If you'd like to just disable publishing restrictions on Home, that could be more complicated. Your best approach would likely be to extend the SetPublishing command. The following is untested:
Extend Sitecore.Shell.Framework.Commands.SetPublishing
Override Execute(CommandContext)
Check context.Items[0] to see if it's your home page (GUID or Template ID check if multi-site). If so, abort. If not, call base.Execute(context). (You could also add a check for Sitecore.Context.User.IsAdministrator if so desired.)
Replace item:setpublishing command in Commands.config.
Reference Sitecore.Shell.Framework.Commands.SetPublishing in your favorite decompiler as needed.
You can also just mark the home item as protected. You can double-check but I believe that prevents any mod/del of an item. In the Configure tab, see Protect Item button