Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Page.SecuritySettings

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Page.SecuritySettings

    I wish to add/change page security settings from a webpage.

    From what I understand there is no built in function to directly manipulate Page security from a webpage, and this has to be done in the Alpha 5 software by a developer and then all changed pages republished.

    What I have noticed is the Page.SecuritySettings file in the project files, as well as the Webroot directory, its contents appear to take on the form of elements prefixed by a number, and containing inner elements/attributes. Whether this can be edited using XML, i'm not sure. XML is an area I really need to study up on and only really familiar with at a glance but not any practical sense. Could it be done?

    I wonder if anyone has had any success editing this file (Page.SecuritySettings) from within a webpage and it working for updating page security?

    Otherwise, i would consider creating a texteditor for that file within the web page, and have buttons and such for inserting the group guids at the cursor/caret position. IF it does in fact work for editing page security that is.

    to summarise.
    Does editing the Page.SecuritySettings file in the webroot directly affect the page security settings for a live (published) site?
    Can it be done with XML?
    Tags: None
    #2
    Re: Page.SecuritySettings

    Technically, yes. Its just a text file and you can edit it and it will affect page security. But the problem with your idea is that it probably won't work in practice. Every time you publish anything from Alpha it will overwrite that file, erasing anything you did manually. Second, you'd have edit it precisely, including maintaining its number sequence. Third, you'd have to restart the web server to make your new settings effective. Lastly, it only affects page access, it does not affect security for Menus and components.
    Steve Wood
    See my profile on IADN

    Comment

      #3
      Re: Page.SecuritySettings

      Thanks Steve. That helps alot. I think I may abandon the idea. I have found another very different way to manage security in general that may make that redundant.
      The fun of prototyping when ideas change!

      Comment

        #4
        Re: Page.SecuritySettings

        Could you please explain your another very different way to manage security in general?
        thanks

        Comment

          #5
          Re: Page.SecuritySettings

          Its been a while since I touched on that as i'm working on another project at the moment. But it was a Just-In-Time security implementation using groups-roles multiple-heirarchy setup in our databases in conjunction with alphas security. Its not really as complex as it sounds, though from memory a bit of a learning curve for a junior dev like myself.

          The intention was to make it dynamic as users could be members of more than one group. And that means in one group they may be a super-admin, another group they're one of many moderators, in another they're a personal assisant to an admin, in another a user, and the rest they're just a guest. (ok thats an extremely unlikely example, but you probably get the drift) And by simply changing which group they want access as (via a dropdown post login - though can be done at login), their screens become selective to that.

          It might be hard to visualise exactly why I would want to do that: i.e confuse the hell out of the users. But the case would be that probably 95% of users would be guests in regard to the heirarchy and only a member of one group with their specific role in said group - So their dropdown would only contain 2 items - Default and Their Group of which they're a member. But in the industry we're taylored to its the other 5% that need catering to as well, those important people with fingers in many pies, and their various subordinates for which certain tasks are delegated and certain things they need not, or even should not, have access to.

          And the idea behind that was a user driven content management system. They could generate their own security within their groups, setup their own screens. The project was to see if we could get something like that to work in the alpha framework, with only 2 coders, and worked well it did. We got many months of backend stuff to do though, so its hard to say when this type of JITS will ever be live on our systems.

          Comment

            #6
            Re: Page.SecuritySettings

            It would be pretty easy to control page access on a JIT manner. At the top of each page you have some xbasic that said:

            if (condition) = .f. ' (condition is false, they dont have access)
            response.redirect("unauthorized.a5w")
            end if

            The condition could be reaching in to a table and based on who they are, determing if they have access to this page.

            You'd also want a JIT navigation so you did not present menu items to someone who would not have access. That is similar to above, but if condition=.f., you would omit the navigation link. You would not be able to use Alpha's navigation component, but roll one of your own using xbasic to build an HTML unordered list with just the nodes that the logged in person should be able to access.
            Steve Wood
            See my profile on IADN

            Comment

              #7
              Re: Page.SecuritySettings

              Yeah from memory, the hard part was controlling how to dynamically change grids and which controls were available JIT, I think there were a fair few page/session variables flying about - secure of course.

              Comment

                #8
                Re: Page.SecuritySettings

                With grids or anywhere that Alpha provides a "show/hide expression", you use that feature along with a session variable that contains access information.

                You need a matrix of what that person can/cannot access before they log in. When they log in, you populate a session variable with the ID's of each object they can/cannot access. Like if they can access objects "A1", "A4" and "A6" the session var might be "A1,A4,A6", and the hide/show expression for object A1 would be containsi("A1",session.__protected__accessctrl).

                Since A1 is a value in the session var string, it will evaluate to true, and that control will exist for that user, otherwise the object will not exist for that user.

                That way access to a particular object can be controlled even if that persons secuirty group normally allows access.

                Having to name and maintain a table of all of those objects is a pain though.
                Steve Wood
                See my profile on IADN

                Comment

                  #9
                  Re: Page.SecuritySettings

                  Its been months since i've had a look at that project, might be interesting to dive back into it and rejig my memory to see how I did it and if it can be done more efficiently. I don't recall having to maintain a table of objects for the JIT security, though there was a fair bit of hand written code in the header to sort alot of it out.

                  Comment

                  Previous template Next
                  Working...
                  X