[Cartoweb-users] security for a new plugin

giuseppe.derossi at email.it giuseppe.derossi at email.it
Mon Oct 1 03:07:53 EDT 2007


Hi Oliver,
I've solved the trouble by copying the .ini file in the client_conf 
directory.
After that the plugin works so fine. But I understood that the .ini file
should be put in the server_conf dir.
To you, what's right?


Regarding the security, I've used the auth.ini, but I'd like to change and
use the database mode. 
Is there in Cartoweb an embedded way to log the user and their action in
both the ways?

Thanks for your help.


Giu 


	--------- Original Message --------
	Da: Oliver Christen <oliver.christen at camptocamp.com>
	To: cartoweb-users at lists.maptools.org <cartoweb-users at lists.maptools.org>
	Oggetto: Re: [Cartoweb-users] security for a new plugin
	Data: 01/10/07 08:46
	
	> 
> 
> 
> Hi Giuseppe
> 
> if your plugin class name is myplugin, then the config filename must be 
> myplugin.ini
> 
> first try :
> 
> print_r($this->getConfig);
> 
> this should display the content of your plugin .ini file.
> if it doesnt, then verify the filename, because the plugin manager didnt 
> find it.
> 
> secondly,
> the code you copied try to find a 'general.allowedRoles' parameter in your

> .ini file. So be sure you use the same name between the function and the 
> .ini
> 
> regards
> Oliver
> 
> 
> 
> 
> 
> 
> > Hi all,
> > I'm trying to get a plugin available only for a set of users.
> >
> > Performed operations:
> > a) updating the file auth.ini
> >  1) creation of a new user and password
> >  2)  association new user - new role
> >
> > b) updating the file  myplugin.ini in server directory
> >    adding the new role
> >
> > c) changing the cartoclient.tpl :
> > <!-- folder 9 starts here -->
> >    <div id="folder9" class="folder" style="height:550px;">
> >
> >      <br />
> >        {if $myplugin|default:''}
> >
> >        {$myplugin}
> >
> >        {else}
> >          <p>
> >            {t}User not allowed{/t},
> >            {if $auth_active|default:''}
> >             {t}please{/t} {$auth}.
> >            {/if}
> >          </p>
> >        {/if}
> >
> >    </div>
> >
> > d) inserting in myplugin.php the code I see in exportPdf.php:
> >        $insertRoles = $this->getArrayFromIni('general.allowedRoles');
> >        if (!SecurityManager::getInstance()->hasRole($insertRoles))
> >            return '';
> > I've added the code in : drawUserForm(), handleHttpGetRequest($request) 
> > and
> > handleHttpPostRequest($request).
> >
> > e) I though this was enoght but the code needs other two functions:
> > getArrayFromList(), and getArrayFromIni()
> > I've added them but I saw that the instruction 
$this->getConfig()->$name;
> > does not return nothing.
> >
> > The result is that the plugin is not accessible by all users (allowed or
> > not).
> >
> > I think the file myplug.ini has not been red.
> > Please, can anyone suggest me some piece of info about ?
> >
> > Thanks in advance and best regards.
> >
> > Giu
> >
> >
> >
> >
> >
> > --
> > Email.it, the professional e-mail, gratis per te: http://www.email.it/f
> >
> > Sponsor:
> > Fai squillare la PANTERA ROSA sul tuo cellulare: e' in REGALO
> > Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=6613&d=20070930
> >
> >
> > _______________________________________________
> > Cartoweb-users mailing list
> > Cartoweb-users at lists.maptools.org
> > http://lists.maptools.org/mailman/listinfo/cartoweb-users
> > 
> 
> 
> 
>  
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Hai bisogno di contanti per realizzare i tuoi desideri? Prometeo ti propone
prestiti da 1.500 a 31.000 Euro! Clicca qui per un preventivo immediato.

 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7084&d=20071001




More information about the Cartoweb-users mailing list