Config so that users can delete only their own entries?, posted by Dennis Seitz on Wed Apr 15 17:57:19 2009
|
I've tried
Deny_Delete = All
Allow Delete = $author
and just
Allow Delete = $author
But either users can delete anyone's entries, or they can't delete any entries.
Am I missing something? If not, can you add the capability to allow users to delete, but only their own entries?
Thanks as usual for a great piece of code! |
Re: Config so that users can delete only their own entries?, posted by Stefan Ritt on Thu Apr 16 08:34:03 2009
|
| Dennis Seitz wrote: | I've tried
Deny_Delete = All
Allow Delete = $author
and just
Allow Delete = $author
But either users can delete anyone's entries, or they can't delete any entries.
Am I missing something? If not, can you add the capability to allow users to delete, but only their own entries?
Thanks as usual for a great piece of code! |
You cannot put $author into any Allow or Deny option, only explicit login names (not "full" names). What you want however is
Restrict Edit = 1
which lets only the original author either delete or edit entries. If you use that option, you probably want as well
Preset Author = $long_name
Preset on reply Author = $long_name
Preset on duplicate Author = $long_name
Locked Attributes = Author
So a user cannot pretend to be somebody else. You also need a valid "admin user = ..." statement. Note that the admin user always can delete/edit entries. If no admin user is defined, everybody has automatically admin rights, so Restrict Edit has no effect. |
|
Re: Config so that users can delete only their own entries?, posted by Dennis Seitz on Sat Apr 18 00:33:53 2009
|
Thanks for reminding me of that, it will do fine. A suggestion: Separate Restrict Edit into Restrict Edit and Restrict Delete or some functional equivalent. Then we have the choice to restrict one or the other or both. Is that worth doing?
| Stefan Ritt wrote: |
| Dennis Seitz wrote: | I've tried
Deny_Delete = All
Allow Delete = $author
and just
Allow Delete = $author
But either users can delete anyone's entries, or they can't delete any entries.
Am I missing something? If not, can you add the capability to allow users to delete, but only their own entries?
Thanks as usual for a great piece of code! |
You cannot put $author into any Allow or Deny option, only explicit login names (not "full" names). What you want however is
Restrict Edit = 1
which lets only the original author either delete or edit entries. If you use that option, you probably want as well
Preset Author = $long_name
Preset on reply Author = $long_name
Preset on duplicate Author = $long_name
Locked Attributes = Author
So a user cannot pretend to be somebody else. You also need a valid "admin user = ..." statement. Note that the admin user always can delete/edit entries. If no admin user is defined, everybody has automatically admin rights, so Restrict Edit has no effect. |
|
|
ROptions value changed in the edit page, posted by Gabriele Sirri on Wed Apr 15 11:43:14 2009
|
When ROptions items contain the same substring and this substring is also an ROptions item (ex: notdone,
done), the value of the entry could change in the edit page.
It depends on the item order in the config file.
If Options is used (instead of ROptions), it works as expected.
Is it a bug?
Examples :
#Insert "notdone" as new entry. When you try to edit the entry, the displayed value is "done".
[test_bad]
Attributes = Author, Category
ROptions Category = notdone, done
#No problem if you change the item order
[test_good]
Attributes = Author, Category
ROptions Category = done, notdone |
|
Re: ROptions value changed in the edit page, posted by Stefan Ritt on Wed Apr 15 12:56:18 2009
|
> When ROptions items contain the same substring and this substring is also an ROptions item (ex: notdone,
> done), the value of the entry could change in the edit page.
> It depends on the item order in the config file.
>
> If Options is used (instead of ROptions), it works as expected.
>
> Is it a bug?
>
>
> Examples :
>
> #Insert "notdone" as new entry. When you try to edit the entry, the displayed value is "done".
>
> [test_bad]
> Attributes = Author, Category
> ROptions Category = notdone, done
>
> #No problem if you change the item order
>
> [test_good]
> Attributes = Author, Category
> ROptions Category = done, notdone
Thanks for reporting this bug. I fixed it in SVN revisoin 2193. |
Long cookie content is not handled properly., posted by Simon Patton on Tue Apr 14 22:51:15 2009
|
I discovered the infinite loop in 2.7.5 which can happen when a cookie's content is longer that the cookie array
designed to hold it. I also note that this issue has been addressed in 2.7.6, but the solution does not appear
to be correct and it can end up completely confusing the cookie extraction.
In 2.7.5 the code was:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
While in 2.7.6 is became:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n';)
if (i < (int) sizeof(cookie) - 1)
cookie[i++] = *p++;
else
break;
This leaves 'p' pointing to the middle of the cookie's content and I can not see that this is corrected in the loop (sorry if I've missed that).
The solution I used to patch 2.7.5 was the following:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; ++p)
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p;
which simply truncates the contents of the cookie (which is assumed not to be an elogd cookie) but leaves 'p' in the right place to extract the next one. |
|
Re: Long cookie content is not handled properly., posted by Stefan Ritt on Wed Apr 15 09:26:37 2009
|
| Simon Patton wrote: | I discovered the infinite loop in 2.7.5 which can happen when a cookie's content is longer that the cookie array
designed to hold it. I also note that this issue has been addressed in 2.7.6, but the solution does not appear
to be correct and it can end up completely confusing the cookie extraction.
In 2.7.5 the code was:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
While in 2.7.6 is became:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n';)
if (i < (int) sizeof(cookie) - 1)
cookie[i++] = *p++;
else
break;
This leaves 'p' pointing to the middle of the cookie's content and I can not see that this is corrected in the loop (sorry if I've missed that).
The solution I used to patch 2.7.5 was the following:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; ++p)
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p;
which simply truncates the contents of the cookie (which is assumed not to be an elogd cookie) but leaves 'p' in the right place to extract the next one. |
You're absolutely right about that. I incorporated your patch into revision #2192. |
Access Control, posted by Grant Jeffcote on Mon May 12 10:16:21 2008
|
Hi Stefan,
We have a configuration where different sites have their own logbooks all under the same server, these are accessed by relevant parties as you might expect by selecting the appropriate tab at the top of the page.
Everyone has visibility of everyone elses logbook as a guest but we have purposely limited the 'Guest' users view (hiding the text portion etc) for various reasons.
We would now like to allow certain parties to view certain logbooks in their entirety but with a 'Read Only' view, I see this can be done but only using a common password. (Read password = <encoded password>)
At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. Also if they click on the tab for a logbook that they are not a 'User' for they are logged out of their existing logbook forcing them to have to log back on. If they are designated in a 'Read Only' viewers list for that logbook then their existing password would presumably be read from the global password file and they wouldn't be logged out?
I would like to be able to implement a 'Read' access view for some parties but not have a common password (use the password file?) and not force the other party to re-logon to view the other logbook.
Something like the ability to add a "Read user = <user list>" in each logbook as can be done with 'Login User' and 'Admin User' at present would be great.
Could you let me know if this is feasible please?
Many thanks in advance. |
|
Re: Access Control, posted by Yoshio Imai on Tue May 13 16:58:40 2008
|
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
|
Re: Access Control, posted by Grant Jeffcote on Tue May 13 21:56:30 2008
|
| Yoshio Imai wrote: |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
What a great solution, thanks Yoshio, it works a treat. |
|
Re: Access Control, posted by Grant Jeffcote on Thu May 15 17:45:44 2008
|
| Grant Jeffcote wrote: |
| Yoshio Imai wrote: |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
What a great solution, thanks Yoshio, it works a treat. |
Is there any way to give a logged in user a 'Guest' view on certain logbooks?
Unfortunately at the moment if they are not in the 'login users = ' group they are automatically logged out and have to re-log back into their own logbook. |
|
Re: Access Control, posted by Hal Proctor on Tue Apr 14 20:00:08 2009
|
| Grant Jeffcote wrote: |
| Grant Jeffcote wrote: |
| Yoshio Imai wrote: |
| Grant Jeffcote wrote: | | At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. |
I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5
Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5
This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).
Perhaps you can give it a try. |
What a great solution, thanks Yoshio, it works a treat. |
Is there any way to give a logged in user a 'Guest' view on certain logbooks?
Unfortunately at the moment if they are not in the 'login users = ' group they are automatically logged out and have to re-log back into their own logbook. |
I have this same issue. People come and go from one logbook to the other but I still want them to maintain logged in status to the logbook they have rights to. |
|
Simple Math, posted by mike cianci on Mon Apr 13 07:26:39 2009
|
Sorry to bother you. I could see in past Forum entries that the question of "Simple Math" has come up before, although the answers were not all that simple.
Can you do simple math (i.e. attribute A + attribute B = attribute C) in ELOG ?
Thank you for putting up with my questions.
Mike |
|
Re: Simple Math, posted by Stefan Ritt on Tue Apr 14 08:30:42 2009
|
| mike cianci wrote: |
|
Sorry to bother you. I could see in past Forum entries that the question of "Simple Math" has come up before, although the answers were not all that simple.
Can you do simple math (i.e. attribute A + attribute B = attribute C) in ELOG ?
Thank you for putting up with my questions.
Mike
|
No, you can't. The only way is to export a logbook to CSV, then import it in a spreadsheet program, then do the math there. |
|
Re: Simple Math, posted by Erik Iverson on Tue Apr 14 17:57:56 2009
|
| Stefan Ritt wrote: |
|
| mike cianci wrote: |
|
Sorry to bother you. I could see in past Forum entries that the question of "Simple Math" has come up before, although the answers were not all that simple.
Can you do simple math (i.e. attribute A + attribute B = attribute C) in ELOG ?
Thank you for putting up with my questions.
Mike
|
No, you can't. The only way is to export a logbook to CSV, then import it in a spreadsheet program, then do the math there.
|
You can pass numerical attributes to an external command via "Execute new =...". This external command can then do the math and pass the result _back_ to the logbook either as a new entry or as an edit with the command-line client "elog".
For example, given a new entry with (numerical) attributes A and B, if you have
Execute new = add_them.pl $A $B $message id
in your elog.cfg file, then $A and $B will be passed to the add_them.pl perl script. Now have the perl script (or bc, or whatever you want to use) do the appropriate math and submit the result. For example, your perl script might include
$C=$A+$B
$D=$A*$B
elog -a C=$C ... -e "$message id" "Sum as edit"
elog -a D=$D ... "Product as new entry"
|
|
Allow password change ???, posted by Hal Proctor on Fri Apr 10 17:41:25 2009
|
How do you allow users to change password for a given logbook when the user keeps getting prompted for admin password to enter the change password feature?
I have Allow password change = 1 set global and at each logbook hoping that would work.
It allows them to change the password when and only when the user gets past the admin login when clicking CONFIG.
help
|
|
Re: Allow password change ???, posted by Hal Proctor on Fri Apr 10 19:32:33 2009
|
| Hal Proctor wrote: |
|
How do you allow users to change password for a given logbook when the user keeps getting prompted for admin password to enter the change password feature?
I have Allow password change = 1 set global and at each logbook hoping that would work.
It allows them to change the password when and only when the user gets past the admin login when clicking CONFIG.
help
|
Thats what we get for having two people working on the install and configuration. LOL
When first creating and setting up the configs, we had Admin Password = xxxxx entered in each logbook config. Once we created a password list we no longer needed that entry.
This was why each user who had login credentials was being asked to provide the admin password when trying to change their password.  |
|
Re: Allow password change ???, posted by Stefan Ritt on Tue Apr 14 08:48:24 2009
|
| Hal Proctor wrote: |
|
| Hal Proctor wrote: |
|
How do you allow users to change password for a given logbook when the user keeps getting prompted for admin password to enter the change password feature?
I have Allow password change = 1 set global and at each logbook hoping that would work.
It allows them to change the password when and only when the user gets past the admin login when clicking CONFIG.
help
|
Thats what we get for having two people working on the install and configuration. LOL
When first creating and setting up the configs, we had Admin Password = xxxxx entered in each logbook config. Once we created a password list we no longer needed that entry.
This was why each user who had login credentials was being asked to provide the admin password when trying to change their password.
|
I didn't get your point completely, so is this issue now resolved? |
|
Re: Allow password change RESOLVED???, posted by Hal Proctor on Tue Apr 14 15:18:11 2009
|
| Stefan Ritt wrote: |
|
| Hal Proctor wrote: |
|
| Hal Proctor wrote: |
|
How do you allow users to change password for a given logbook when the user keeps getting prompted for admin password to enter the change password feature?
I have Allow password change = 1 set global and at each logbook hoping that would work.
It allows them to change the password when and only when the user gets past the admin login when clicking CONFIG.
help
|
Thats what we get for having two people working on the install and configuration. LOL
When first creating and setting up the configs, we had Admin Password = xxxxx entered in each logbook config. Once we created a password list we no longer needed that entry.
This was why each user who had login credentials was being asked to provide the admin password when trying to change their password.
|
I didn't get your point completely, so is this issue now resolved?
|
Yes we had listed within each individual logbook config "Admin Password = xxxx". this was causing the admin login prompt when users wanted to change their own passwords. The "Admin Password =xxxxx" cannot reside on each logbook config when you use a password list and allow users to change their passwords. |
images in elog in safari, posted by David Jaffe on Thu Mar 26 02:33:59 2009
|
i cannot view images in elog, either as attachments or as icons,
safari 3.2.1 mac os x 10.5.6
Thank you
David |
|
Re: images in elog in safari, posted by Stefan Ritt on Thu Mar 26 07:53:18 2009
|
| David Jaffe wrote: |
|
i cannot view images in elog, either as attachments or as icons,
safari 3.2.1 mac os x 10.5.6
Thank you
David
|
Can you give me some more information? Can you see attachments in the Demo Logbook like here ? What about other browsers? Can you try to start elogd without keep-alives (using the "-k" flag)? |
|
Re: images in elog in safari, posted by Tsuguo Aramaki on Sun Apr 12 21:24:23 2009
|
| Stefan Ritt wrote: |
|
| David Jaffe wrote: |
|
i cannot view images in elog, either as attachments or as icons,
safari 3.2.1 mac os x 10.5.6
Thank you
David
|
Can you give me some more information? Can you see attachments in the Demo Logbook like here ? What about other browsers? Can you try to start elogd without keep-alives (using the "-k" flag)?
|
Hi. I have a same problem... It works well with other browsers, like firefox and internet explorer, but not with safari (with and without keep-alives).
The demo logbook in the link works fine with safari, though.
Thanks.
Tsuguo |
|
Re: images in elog in safari, posted by Stefan Ritt on Tue Apr 14 10:28:11 2009
|
| Tsuguo Aramaki wrote: |
| Stefan Ritt wrote: |
|
| David Jaffe wrote: |
|
i cannot view images in elog, either as attachments or as icons,
safari 3.2.1 mac os x 10.5.6
Thank you
David
|
Can you give me some more information? Can you see attachments in the Demo Logbook like here ? What about other browsers? Can you try to start elogd without keep-alives (using the "-k" flag)?
|
Hi. I have a same problem... It works well with other browsers, like firefox and internet explorer, but not with safari (with and without keep-alives).
The demo logbook in the link works fine with safari, though.
Thanks.
Tsuguo
|
Thanks for reporting this bug. I finally found the reason and fixed it in revision 2191. I made a new release 2.7.6 which contains all the collected bug fixes from the last few months. |
ELOG V2.7.5 Protect Selection page = 1 Crashes Program, posted by Mike on Fri Apr 10 22:54:56 2009 
|
When I try to set
Protect Selection page = 1
in the config file elog crashes. Attached is my config file.
elog 2.7.5 built Apr 8 2009, 16:52:07 revision 130 |
|
Re: ELOG V2.7.5 Protect Selection page = 1 Crashes Program, posted by Stefan Ritt on Tue Apr 14 08:40:12 2009
|
| Mike wrote: |
|
When I try to set
Protect Selection page = 1
in the config file elog crashes. Attached is my config file.
elog 2.7.5 built Apr 8 2009, 16:52:07 revision 130
|
Actually your combination of "bottom text" with "protect selection page" caused the trouble. If fixed the bug in revision 2189. |