[Cartoweb-users] security for a new plugin

Oliver Christen oliver.christen at camptocamp.com
Mon Oct 1 03:14:37 EDT 2007 

Hi Giuseppe

.ini file accessed from the client part are to be placed in client_conf and 
.ini files accessed from the server part are to be placed in 
server_conf/yourproject/
so it really depends from where you want to access the file.

about security, I believe you can only use one system at once. If you want 
to use both, you will need to modify the auth plugin. But I would advice you 
to only use one, it will be much easier to maintain.

regards
Oliver

> Hi Oliver,
> I've solved the trouble by copying the .ini file in the client_conf
> directory.
> After that the plugin works so fine. But I understood that the .ini file
> should be put in the server_conf dir.
> To you, what's right?
>
>
> Regarding the security, I've used the auth.ini, but I'd like to change and
> use the database mode.
> Is there in Cartoweb an embedded way to log the user and their action in
> both the ways?
>
> Thanks for your help.
>
>
> Giu
>
>
> --------- Original Message --------
> Da: Oliver Christen <oliver.christen at camptocamp.com>
> To: cartoweb-users at lists.maptools.org <cartoweb-users at lists.maptools.org>
> Oggetto: Re: [Cartoweb-users] security for a new plugin
> Data: 01/10/07 08:46
>
> >
>>
>>
>> Hi Giuseppe
>>
>> if your plugin class name is myplugin, then the config filename must be
>> myplugin.ini
>>
>> first try :
>>
>> print_r($this->getConfig);
>>
>> this should display the content of your plugin .ini file.
>> if it doesnt, then verify the filename, because the plugin manager didnt
>> find it.
>>
>> secondly,
>> the code you copied try to find a 'general.allowedRoles' parameter in 
>> your
>
>> .ini file. So be sure you use the same name between the function and the
>> .ini
>>
>> regards
>> Oliver
>>
>>
>>
>>
>>
>>
>> > Hi all,
>> > I'm trying to get a plugin available only for a set of users.
>> >
>> > Performed operations:
>> > a) updating the file auth.ini
>> >  1) creation of a new user and password
>> >  2)  association new user - new role
>> >
>> > b) updating the file  myplugin.ini in server directory
>> >    adding the new role
>> >
>> > c) changing the cartoclient.tpl :
>> > <!-- folder 9 starts here -->
>> >    <div id="folder9" class="folder" style="height:550px;">
>> >
>> >      <br />
>> >        {if $myplugin|default:''}
>> >
>> >        {$myplugin}
>> >
>> >        {else}
>> >          <p>
>> >            {t}User not allowed{/t},
>> >            {if $auth_active|default:''}
>> >             {t}please{/t} {$auth}.
>> >            {/if}
>> >          </p>
>> >        {/if}
>> >
>> >    </div>
>> >
>> > d) inserting in myplugin.php the code I see in exportPdf.php:
>> >        $insertRoles = $this->getArrayFromIni('general.allowedRoles');
>> >        if (!SecurityManager::getInstance()->hasRole($insertRoles))
>> >            return '';
>> > I've added the code in : drawUserForm(), handleHttpGetRequest($request)
>> > and
>> > handleHttpPostRequest($request).
>> >
>> > e) I though this was enoght but the code needs other two functions:
>> > getArrayFromList(), and getArrayFromIni()
>> > I've added them but I saw that the instruction
> $this->getConfig()->$name;
>> > does not return nothing.
>> >
>> > The result is that the plugin is not accessible by all users (allowed 
>> > or
>> > not).
>> >
>> > I think the file myplug.ini has not been red.
>> > Please, can anyone suggest me some piece of info about ?
>> >
>> > Thanks in advance and best regards.
>> >
>> > Giu
>> >
>> >
>> >
>> >
>> >
>> > --
>> > Email.it, the professional e-mail, gratis per te: http://www.email.it/f
>> >
>> > Sponsor:
>> > Fai squillare la PANTERA ROSA sul tuo cellulare: e' in REGALO
>> > Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=6613&d=20070930
>> >
>> >
>> > _______________________________________________
>> > Cartoweb-users mailing list
>> > Cartoweb-users at lists.maptools.org
>> > http://lists.maptools.org/mailman/listinfo/cartoweb-users
>> >
>>
>>
>>
>>
> --
> Email.it, the professional e-mail, gratis per te: http://www.email.it/f
>
> Sponsor:
> Hai bisogno di contanti per realizzare i tuoi desideri? Prometeo ti 
> propone
> prestiti da 1.500 a 31.000 Euro! Clicca qui per un preventivo immediato.
>
> Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7084&d=20071001
>
>
>

More information about the Cartoweb-users mailing list