Search Results

Search found 8023 results on 321 pages for 'admin topics'.

Page 51/321 | < Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >

  • Does Security Trimming work with Web Forms Routing?

    - by Slauma
    In my web.config I have configured a SiteMapProvider with securityTrimmingEnabled="true" and on my main master page is an asp:Menu control bound to an asp:SiteMapDataSource. In addition I have configured restricted access to all pages in a subfolder "Admin" (using another web.config in this subfolder). If I put a sitemapNode in Web.sitemap... <siteMapNode url="~/Admin/Default.aspx" title="Administration" description="" > ... only users in role "Admin" will have the menu item related to that siteMapNode. So this is working fine and as intended. Now I have defined a URL route in Global.asax to map the physical file to a new URL: System.Web.Routing.RouteTable.Routes.MapPageRoute("AdminHomeRoute", "Administration/Home", "~/Admin/Default.aspx"); But when I use this route-URL in the SiteMap file... <siteMapNode url="Administration/Home" title="Administration" description="" > ... it seems that security trimming does not work: The menu item is visible for all users. (Access to the page is still restricted though, so selecting the menu item by non-Admin users does not navigate to the restricted page.) Question: Is there any setting I've missed so far to make security trimming working with URL routing in ASP.NET 4.0 Web Forms? Did I do something wrong? Is there any work-around? Thank you for help!

    Read the article

  • Kohana PHP - Multiple apps with shared model

    - by Josamoto
    I'm using Kohana 3 to create a website that has two applications, an admin application and the actual site frontend. I have separated my folders to have the two applications separated, so the hierarchy looks as follows: /applications /admin /classes /controller /... /site /classes /controller /.... My question is, how I need to go about creating a shared /model folder. Essentially, both the admin and site itself operates on the same data, so the database layer and business logic remains more or less the same. So to me, it makes sense to have a single model folder, sitting outside of the two application folders. Is it possible to achieve the following hierarchy: /applications /model --> Where model sits in a neatly generic location, accessible to all applications /admin /classes /controller /... /site /classes /controller /.... Thanks in advance!

    Read the article

  • Forms Authentication & Virtual Directory

    - by benclaytonfranklin
    Hi, We're having trouble getting Forms Authentication to work with a virtual directory in IIS. We have a main site, and then a microsite setup within a virtual directory. This mircosite has its own admin system within an "Admin" folder, which has authentication on it but currently it is not kicking in and the admin section is browsable by anyone. The web.config with the admin folder has the following: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings/> <system.web> <authorization> <deny users="?"/> </authorization> <customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Error.aspx"/> </system.web> </configuration> Could anyone give me any clues as to why this might not be working? Cheers!

    Read the article

  • Coldbox Security Interceptor

    - by faheem
    Hi I am new to coldbox and working on a guestbook messaging forum. does anyone know how I can apply some rule in coldbox to show edit and delete for specified users of admin or user in the edit page. I am not sure how to specify this as I already have my rules here as shown in securityRules.xml: SecurityRules.XML <?xml version="1.0" encoding="UTF-8"?> <!-- Declare as many rule elements as you want, order is important Remember that the securelist can contain a list of regular expression if you want ex: All events in the user handler user\..* ex: All events .* ex: All events that start with admin ^admin If you are not using regular expression, just write the text that can be found in an event. <whitelist>ehSecurity\.dspLogin,ehSecurity\.doLogin,ehSecurity\.dspLogoff</whitelist> --> <rules> <rule> <whitelist>^entries,ehSecurity\..*,registry\..*</whitelist> <securelist></securelist> <roles>admin</roles> <permissions>read,write</permissions> <redirect>ehSecurity.dspLogin</redirect> </rule> <rule> <whitelist>^entries,ehSecurity\..*,main\..*,^registry</whitelist> <securelist></securelist> <roles>author,admin</roles> <permissions>read</permissions> <redirect>ehSecurity.dspLogin</redirect> </rule> </rules>

    Read the article

  • MySQLi Prepared Statement Query Issue

    - by Benjamin Flak
    I'm relatively new to MySQLi prepared statements, and running into an error. Take this code: $user = 'admin'; $pass = 'admin'; if ($stmt = $mysqli->query("SELECT * FROM members WHERE username='$user' AND password='$pass'")) { echo $stmt->num_rows; } This will display "1", as it should. This next piece of code though, returns "0": $user = 'admin'; $pass = 'admin'; if ($stmt = $mysqli->prepare("SELECT * FROM members WHERE username=? AND password=?")) { $stmt->bind_param("ss", $user, $pass); $stmt->execute(); echo $stmt->num_rows; } Any ideas why?

    Read the article

  • RewriteRule on special querystring

    - by marc
    My URLS the page names example: ?Contact- or ?Product- some have a longer querystring example: ?Contact-&go=Admin domain.com/?Contact-&go=Admin I would like a RewriteRule to use domain.com/Contact/Admin thanks

    Read the article

  • error while using cancan in ruby: "uninitialized constant CanCan::Rule::Mongoid"

    - by Ran
    here is my controller: class AdminController < ApplicationController before_filter :require_user authorize_resource :class => false def index end def users_list end end here is my Ability class: class Ability include CanCan::Ability def initialize(user) if user.admin? can :manage, :all else can :read, :all end end end when trying to access "/admin/users_list" (with an admin user or without) i get the following error: uninitialized constant CanCan::Rule::Mongoid any thoughts?

    Read the article

  • Custom dynamic error pages in Ruby on Rails not working

    - by PlanetMaster
    Hi, I'm trying to implement custom dynamic error pages following this post: http://www.perfectline.co.uk/blog/custom-dynamic-error-pages-in-ruby-on-rails I did exactly what the blog post says. I included config.action_controller.consider_all_requests_local = false in my environment.rb. But is not working. My browser shows: Routing Error No route matches "/555" with {:method=>:get} So, it looks like the rescues are not fired. I get the following in my log file: ActionController::RoutingError (No route matches "/555" with {:method=>:get}): Rendering rescues/layout (not_found) Is there some routing interfering with the code? I'm not sure what to look for. I'm running rails 2.3.5. Here is the routes.rb file: ActionController::Routing::Routes.draw do |map| # routing van property-url map.connect 'buy/:property_type_plural/:province/:city/:address/:house_number', :controller => 'properties' , :action => 'show', :id => 'whatever' map.myimmonatie 'myimmonatie' , :controller => 'myimmonatie/properties', :action => 'index' map.login "login", :controller => "user_sessions", :action => "create", :conditions => {:method => :post} map.login "login", :controller => "user_sessions", :action => "new" map.logout "logout", :controller => "user_sessions", :action => "destroy" map.buy "buy", :controller => 'buy' map.sell "sell", :controller => 'sell' map.home "home", :controller => 'home' map.disclaimer "disclaimer", :controller => 'disclaimer' map.sign_up "sign_up", :controller => 'users', :action => :new map.contact "contact", :controller => 'contact' map.resources :user_sessions map.resources :contact map.resources :password_resets map.resources :messages map.resources :users, :only => [:index,:new,:create,:activate,:edit,:profile,:password] map.resources :images map.resources :activation , :only => [:new,:resend] map.resources :email map.resources :properties, :except => [:index,:destroy] map.namespace :admin do |admin| admin.resources :users admin.resources :properties admin.resources :order_items, :as => :orders admin.resources :blog_posts, :as => :blog end map.connect 'myimmonatie/:action' , :controller => 'users', :id => 'current', :requirements => {:action => /(profile)|(password)|(email)/} map.namespace :myimmonatie do |myimmonatie| myimmonatie.resources :messages, :controller => 'messages' myimmonatie.resources :password, :as => "password", :controller => 'users', :action => 'password' myimmonatie.resources :properties , :controller => 'properties' myimmonatie.resources :orders , :only => [:index,:show,:create,:new] end map.root :controller => "home" map.connect ':controller/:action' map.connect ':controller/:action/:id' map.connect ':controller/:action/:id.:format' end ActionController::Routing::Translator.translate_from_file('config','i18n-routes.yml')

    Read the article

  • row specific class

    - by stimpie
    How do I create a Zend_Db_Table which returns a different class for each row.? Example UserTable has id,name and type Type contains class names (admin,client,etc...) The classes admin, client are all subclasses of user If I call fetch I need to get a admin or client object depending on the corresponding value in the db.

    Read the article

  • Auto filling polymorphic table on save or on delete in django

    - by Mo J. Mughrabi
    Hi, Am working on an project in which I made an app "core" it will contain some of the reused models across my projects, most of those are polymorphic models (Generic content types) and will be linked to different models. Example below am trying to create audit model and will be linked to several models which may require auditing. This is the polls/models.py from django.db import models from django.contrib.auth.models import User from core.models import * from django.contrib.contenttypes import generic class Poll(models.Model): ## TODO: Document question = models.CharField(max_length=300) question_slug=models.SlugField(editable=False) start_poll_at = models.DateTimeField(null=True) end_poll_at = models.DateTimeField(null=True) is_active = models.BooleanField(default=True) audit_obj=generic.GenericRelation(Audit) def __unicode__(self): return self.question class Choice(models.Model): ## TODO: Document choice = models.CharField(max_length=200) poll=models.ForeignKey(Poll) audit_obj=generic.GenericRelation(Audit) class Vote(models.Model): ## TODO: Document choice=models.ForeignKey(Choice) Ip_Address=models.IPAddressField(editable=False) vote_at=models.DateTimeField("Vote at", editable=False) here is the core/modes.py from django.db import models from django.contrib.auth.models import User from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes import generic class Audit(models.Model): ## TODO: Document # Polymorphic model using generic relation through DJANGO content type created_at = models.DateTimeField("Created at", auto_now_add=True) created_by = models.ForeignKey(User, db_column="created_by", related_name="%(app_label)s_%(class)s_y+") updated_at = models.DateTimeField("Updated at", auto_now=True) updated_by = models.ForeignKey(User, db_column="updated_by", null=True, blank=True, related_name="%(app_label)s_%(class)s_y+") content_type = models.ForeignKey(ContentType) object_id = models.PositiveIntegerField(unique=True) content_object = generic.GenericForeignKey('content_type', 'object_id') and here is polls/admin.py from django.core.context_processors import request from polls.models import Poll, Choice from core.models import * from django.contrib import admin class ChoiceInline(admin.StackedInline): model = Choice extra = 3 class PollAdmin(admin.ModelAdmin): inlines = [ChoiceInline] admin.site.register(Poll, PollAdmin) Am quite new to django, what am trying to do here, insert a record in audit when a record is inserted in polls and then update that same record when a record is updated in polls.

    Read the article

  • How to change granted role temporarily to achieve "view the site as" someone else

    - by Roy Chan
    Hi Gurus, We are using 2.x spring security right now. I am asked to build an admin tool so that the ROLE_ADMIN can change to any user in the site and view the site as that person (each person on the site may see different stuff depending on the role which is dynamically granted base on the database) and of course the admin should be able to switch back to admin without logging in. Is there a build in function, if not how should I do this? Thanks in advance!

    Read the article

  • Which CMS plugins for Wordpress should I use?

    - by abeger
    I'm looking into setting up a very simple site (static pages and an image gallery) with Wordpress for a non-web-savvy client, so I'd like to simplify the Editor role's admin interface as much as possible. Looking through Wordpress's plugin directory, I found several plugins that "CMS-ify" the admin side of things, hiding menu options and the like. Are there any "admin-cleaning" plugins you'd recommend? Are there any other plugins I should look into?

    Read the article

  • Spree customize/extend user roles and permissions

    - by swapnil
    I am trying to specify some custom roles in Spree for example role 'client' and extend the permissions to access the admin section for this role. This user will be able to access only those Product created by that user. Concept is letting a user with role 'client' manage only products and other certain Models. To start with I added CanCan plugin and defined a RoleAbility Class in role_ability.rb Just following this post : Spree Custom Roles Permissions class RoleAbility include CanCan::Ability def initialize(user) user ||= User.new if user.has_role? 'admin' can :manage, :all elsif user.has_role? 'client_admin' can :read, Product can :admin, Product end end end Added this to an initializer : config/initializers/spree.rb Ability.register_ability(RetailerAbility) Also extended admin_products_controller_decorator.rb :app/controllersadmin_products_controller_decorator.rb Admin::ProductsController.class_eval do def authorize_admin authorize! :admin, Product authorize! params[:action].to_sym, Product end end But I am getting flash message 'Authorisation Failure' Trying to find some luck, I referred following links A github gist for Customizing Spree Roles : https://gist.github.com/1277326 Here's a similar issue what I am facing : http://groups.google.com/group/spree-user/browse_thread/thread/1e819e10410d03c5/23b269e09c7ed47e All efforts in vain... Any pointers of what is going on here highly appreciated ? Thanks in advance.

    Read the article

  • notications pop up in user side

    - by user2931015
    i try to show notification as a pop up. like when admin login and through his account he send notification to user i add this html in admin form like this.. <asp:Button ID="notic" runat="server" Text="Send" onclick="Button1_Click" /> <br /> <input class="add_message" type="text" value="type your message" name="add_message"></input> <input type="button" value="add message" onclick="sNotify.addToQueue($('.add_message').attr('value'))"/> Then when admin click on button then notification send to users account like when any user login then he/she able to see pop ups in user form I call this java script in page load like this .. ClientScript.RegisterStartupScript(GetType(), "Javascript", "javascript:sNotify.addToQueue($('.add_message').attr('value'))();", true); it works like when i login as a admin and click on button then notification in his own page .. but i want to show this notifications in user form. so how to solve it?

    Read the article

  • Non-string role names in ASP.NET MVC?

    - by MikeWyatt
    ASP.NET MVC has good support for role-based security, but the usage of strings as role names is maddening, simply because they cannot be strongly-typed as enumerations. For example, I have an "Admin" role in my app. The "Admin" string will now exist in the Authorize attribute of my action, in my master page (for hiding a tab), in my database (for defining the roles available to each user), and any other place in my code or view files where I need to perform special logic for admin or non-admin users. Is there a better solution, short of writing my own authorization attribute and filter, that would perhaps deal with a collection of enumeration values?

    Read the article

  • Testing InlineFormset clean methods

    - by Rory
    I have a Django project, with 2 models, a Structure and Bracket, the Bracket has a ForeignKey to a Structure (i.e. one-to-many, one Structure has many Brackets). I created a TabularInline for the admin site, so that there would be a table of Brackets on the Structure. I added a custom formset with some a custom clean method to do some extra validation, you can't have a Bracket that conflicts with another Bracket on the same Structure etc. The admin looks like this: class BracketInline(admin.TabularInline): model = Bracket formset = BracketInlineFormset class StructureAdmin(admin.ModelAdmin): inlines = [ BracketInline ] admin.site.register(Structure, StructureAdmin) That all works, and the validation works. However now I want to write some unittest to test my complex formset validation logic. My first attempt to validate known-good values is: data = {'form-TOTAL_FORMS': '1', 'form-INITIAL_FORMS': '0', 'form-MAX_NUM_FORMS': '', 'form-0-field1':'good-value', … } formset = BracketInlineFormset(data) self.assertTrue(formset.is_valid()) However that doesn't work and raises the exception: ====================================================================== ERROR: testValid (appname.tests.StructureTestCase) ---------------------------------------------------------------------- Traceback (most recent call last): File "/paht/to/project/tests.py", line 494, in testValid formset = BracketInlineFormset(data) File "/path/to/django/forms/models.py", line 672, in __init__ self.instance = self.fk.rel.to() AttributeError: 'BracketInlineFormset' object has no attribute 'fk' ---------------------------------------------------------------------- The Django documentation (for formset validation) implies one can do this. How come this isn't working? How do I test the custom clean()/validation for my inline formset?

    Read the article

  • Zend redirect problem

    - by John
    I'm trying to redirect to http://localhost/site/public/admin/login from http://localhost/site/public but for some reason, it keeps redirecting to http://localhost/admin/login The code I am using is: $this->_response->setRedirect('/admin/login')->sendResponse(); This is really frustrating me, and any help would be grealy appreciated

    Read the article

  • Wordpress - Plugin - Administration - ?

    - by Goran
    Hi, I'm building a Wordpress plugin and I added a menu page which serves for management of "Vendor" entities that are kinda similar to the existing User entities. I have a list page similar to Users List, with Edit button for every record and when I click on the "Edit" button I should be taken to the "Edit Vendor" (which does not have its submenu item in the admin menu) page for that vendor. Everything is stored in the "plugins/wp_vendors" folder. Question: What URL should I use for opening that Edit page? How should a slug be registered for the Edit Vendor page? PS. Vendor List is added to the admin menu with add_menu_page('Vendors', 'Vendors', 8, 'C:\wordpress\wp-content\plugins\wp-vendors\vendors-list.php'); And I can open the List page with http://localhost/wp-admin/admin.php?page=wp-vendors/vendors-list.php Can anyone help me on this?

    Read the article

  • Servlet Security question about j_security_check, j_username and j_password

    - by Nitesh Panchal
    Hello, I used jdbcRealm in my web application and it's working fine. I defined all constraints also in my web.xml. Like all pages of url pattern /Admin/* should be accessed by only admin. I have a login form with uses standard j_security_check, j_username and j_password. Now, when i type Admin/home.jsf it rightly redirects me login.jsf and there when i type the password i am redirected to home.jsf. This works alright but problem comes i directly go to login.jsf and then type password and username. This time it again redirects me to login.jsf. Is there any way through which i can specify which page to go when successful login is there? I need to specify different different pages for different roles. For Admin, it is /Admin/home.jsf for general users it is /General/home.jsf because login form is shared between different type of users. Where do i specify all these things? Secondly, i want to have a remember me checkbox at the end of login form. How do i do this? By default, it is submitted to j_security_check servlet and i have no control over its execution. Please help. This doesn't seem so hard but looks like i am missing something.

    Read the article

  • Django URL Conf Returns Incorrect "Current URL"

    - by natnit
    I have a django app that is mostly done, and the URLs work perfectly when I run it with the manage.py runserver command. However, I've recently tried to get it running via lighttpd, and many links have stopped working. For example: http://mysite.com/races/32 should work, but instead throws this error message. Page not found (404) Request Method: GET Request URL: http://mysite.com/races/32 Using the URLconf defined in racetrack.urls, Django tried these URL patterns, in this order: ^admin/ ^create/$ ^races/$ ^races/(?P<race_id>\d+)/$ ^races/(?P<race_id>\d+)/manage/$ ^races/(?P<text>\w+)/$ ^user/(?P<kol_id>\d+)/$ ^$ ^login/$ ^logout/$ The current URL, 32, didn't match any of these. The request URL is accurate, but the last line (which displays the current URL) is giving 32 instead of races/32 as expected. Here is my urlconf: from django.conf.urls.defaults import * from django.contrib import admin admin.autodiscover() urlpatterns = patterns('racetrack.races.views', (r'^admin/', include(admin.site.urls)), (r'^create/$', 'create'), (r'^races/$', 'index'), (r'^races/(?P<race_id>\d+)/$', 'detail'), (r'^races/(?P<race_id>\d+)/manage/$', 'manage'), (r'^races/(?P<text>\w+)/$', 'index'), (r'^user/(?P<kol_id>\d+)/$', 'user'), # temporary for index page replace with welcome page (r'^$', 'index'), ) urlpatterns += patterns('django.contrib.auth.views', (r'^login/$', 'login', {'template_name': 'races/login.html'}), (r'^logout/$', 'logout', {'next_page': '/'}), ) Thank you.

    Read the article

  • How to deserialize from json to ActiveRecord objects with associations?

    - by Carmine Paolino
    In my Rails application there is a model that has some has_one associations (this is a fabricated example): class Person::Admin < ActiveRecord::Base has_one :person_monthly_revenue has_one :dude_monthly_niceness accepts_nested_attributes_for :person_monthly_revenue, :dude_monthly_niceness end class Person::MonthlyRevenue < ActiveRecord::Base belongs_to :person_admin end class Dude::MonthlyNiceness < ActiveRecord::Base belongs_to :person_admin end The application talks to a backend that computes some data and returns a piece of JSON like this: { "dude_monthly_niceness": { "february": 1.1153232569518972, "october": 1.1250217200558268, "march": 1.3965786869658541, "august": 1.6293418014601631, "september": 1.4062771500697835, "may": 1.7166279693955291, "january": 1.0086401628086725, "june": 1.5711510228365859, "april": 1.5614525597326563, "december": 0.99894169970474289, "july": 1.7263264324994585, "november": 0.95044938418509506 }, "person_monthly_revenue": { "february": 10.585596551505297, "october": 10.574823016656749, "march": 9.9125274764852787, "august": 9.2111604702328922, "september": 9.7905249446675153, "may": 9.1329712474607962, "january": 10.479614016604238, "june": 9.3710235926961936, "april": 9.5897372624830304, "december": 10.052587677671438, "july": 8.9508877843925561, "november": 10.925339756096172 }, } To deserialize it, I use ActiveRecord's from_json, but instead of a Person::Admin object with all the associations in place, I get this error: >> Person::Admin.new.from_json(json) NameError: uninitialized constant Person::Admin::DudeMonthlyNiceness Am I doing something wrong? Is there a better way to deserialize data? (I can modify the backend easily)

    Read the article

  • php: security question

    - by Syom
    in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is. but now hacker can enter to cms/admin.php, so my security now is awful. i know, that i can use $_SESSION variable. index.php - i can give some value to $_SESSION['error']: $_SESSION['error'] = TRUE, and in admin.php just verify it admin.php if($_SESSION['error'] == TRUE) { my script here... } else header("Location: index.php"); but i want to rich this effect without SESSION. could you give me an idea, how can i do it? thanks

    Read the article

  • URL Rewrite problem. (Many directory)

    - by marharépa
    Hello! I'd like to make a htaccess file, which can make a good structure for my websites. My .htaccess is now: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !\.(jpg|jpeg|gif|png|css|js|pl|txt)$ RewriteCond %{REQUEST_URI} !^/admin/* RewriteRule ^(.*)$ index.php?q=$1 [QSA] (based on Sombat's comment) And I want to make this, with it: for every elements but (jpg|jpeg|gif|png|css|js|pl|txt) if domain.xx/admin redirect to the domain.xx/admin directory and don't make a rewrite at all i mean: let me use domain.xx/admin/index.php?asd=1&asdd=2 else rewrite everything as rule one, to index.php. Thanks for the help.

    Read the article

  • Security question

    - by Syom
    in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is. but now hacker can enter to cms/admin.php, so my security now is awful. i know, that i can use $_SESSION variable. index.php - i can give some value to $_SESSION['success']: $_SESSION['success'] = TRUE, and in admin.php just verify it admin.php if($_SESSION['success'] == TRUE) { my script here... } else header("Location: index.php"); but i want to rich this effect without SESSION. could you give me an idea, how can i do it? thanks

    Read the article

< Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >