Is there a crosswalk of SharePoint add-in permissions description to their *actual* rights granted?

I’m a Sharepoint Farm Admin, and am in charge of permission reviews for requested Sharepoint add-ins. In the past, we have judged certain app requests as too permissive and denied them based on the description-only from the request itself.

My issue is our group does not fully agree upon what each description means. Therefore our assessments are inconsistent.

Example 1: “Let it access basic information about the users of this site”

(1) What basic information? userid, displayname, email, but not what…manager?

(2) Microsoft loosely switches between calling site collections “sites” and site/subsite “webs”. So will that mean users of the site collection or the subsite level?

I understand about policies UserOnly AppOnly, User+App; but since we only have access to the text description in the App Store, when is which policy applied?

Example 2: “Let it create or delete document libraries and lists in this site collection.” (DOCUSIGN FOR SHAREPOINT)

The implication is that is User+App based on other “Let it…” permissions. But because it is for signing documents, doesn’t feel right that it would require the USER to have list management rights to function as expected.

Will i be granted ESTA Visa after getting rejected thrice on different nationality?

I had applied for B1/B2 on my previous nationality but it got rejected Thrice. I had planned on visiting my mother as she lives there. my last refusal was 3 years back. Now i have gained an European nationality and i am thinking of applying for ESTA visa so i can visit my mother. I have doubts if it will be accepted because ill have to disclose about my previous refusals. what should i do? because if i dont disclose my previous refusals i fear i might be rejected permenantly.

Does this mail mean that I’ve been granted Visa?

Successful outcome I’ve examined some mails from decision making centers on the net, but mine is the only one that tells ‘the outcome of your application has been successful and dispatched.’ Does that mean visa approved or it’s just another way of telling the decision has been made, go and collect your passport and see the result? I wonder if I can learn the outcome of visa from those mails lately. Cuz as far as I know, we cannot learn it till we get the passport.

InternalAuthenticationServiceException: A granted authority textual representation is required

Разрабатываю приложение на Spring Boot. В качестве БД выступает Neo4j сущности имеют следующий вид:

User

@NodeEntity public class User implements Serializable {  @Id @GeneratedValue private Long id;  private String name;  private String login;  private String password;  private List<Role> role;  @Relationship(type = "ACTED_IN",         direction = Relationship.UNDIRECTED) private Set<Project> projects;  @Relationship(type = "ACTED_IN",         direction = Relationship.UNDIRECTED) private Set<Task> tasks;  public Long getId() {     return id; }  public void setId(final Long idUser) {     this.id = idUser; }  public String getName() {     return name; }  public void setName(final String nameUser) {     this.name = nameUser; }  public String getPassword() {     return password; }  public void setPassword(final String pass) {     this.password = pass; }  public Set<Project> getProjects() {     return projects; }  public void setProjects(final Set<Project> pr) {     this.projects = pr; }  public Set<Task> getTasks() {     return tasks; }  public void setTasks(final Set<Task> task) {     this.tasks = task; }  public String getLogin() {     return login; }  public void setLogin(final String log) {     this.login = log; }  public List<Role> getRole() {     return role; }  public void setRole(final List<Role> r) {     this.role = r; } } 

Role

@NodeEntity public class Role implements Serializable {  @Id @GeneratedValue private Long idRole;  private List<String> roles;  private String name;  @Relationship(type = "ACTED_IN",         direction = Relationship.UNDIRECTED) private Set<User> users;  public Long getIdRole() {     return idRole; }  public void setIdRole(final Long id) {     this.idRole = id; }  public List<String> getRoles() {     return roles; }  public void setRoles(final List<String> rUser) {     this.roles = rUser; }  public void addRole(final String role) {     if (this.roles == null) {         roles = new ArrayList<>();     }     roles.add(role);     this.name = role; }  public String getName() {     return name; }  public void setName(final String rName) {     this.name = rName; }  public Set<User> getUsers() {     return users; }  public void setUsers(final Set<User> usr) {     this.users = usr; } } 

UserService

@Service public class UserService implements IService<User> {  private final RoleRep repRol;  private final UserRep rep;  private final BCryptPasswordEncoder encoder;  @Autowired public UserService(final RoleRep repRole,                    final UserRep repo,                    final BCryptPasswordEncoder enc) {     this.repRol = repRole;     this.rep = repo;     this.encoder = enc; }  @Transactional @Override public void createUser(final User user, final String pass) {     Role role = new Role();     role.addRole("ROLE_USER");     repRol.save(role);     user.setPassword(encoder.encode(pass));     user.setRole((List<Role>) repRol.findAll());     rep.save(user); } } 

UserDetail

@Service public class UserDetail implements UserDetailsService {  private final UserRep rep;  @Autowired public UserDetail(final UserRep repo) {     this.rep = repo; }  @Override @Transactional(readOnly = true) public UserDetails loadUserByUsername(final String s)         throws UsernameNotFoundException {     User user = rep.findByLogin(s);     if (user == null) {         throw new UsernameNotFoundException(s);     }     Set<GrantedAuthority> authorities = new HashSet<>();     for (Role role: user.getRole()) {         authorities.add(new SimpleGrantedAuthority(role.getName()));     }     return new org.springframework.security.core.userdetails.User(             user.getLogin(), user.getPassword(), authorities); } } 

Exception вылетает здесь

authorities.add(new SimpleGrantedAuthority(role.getName())); 

Я подозреваю что проблема здесь в том что по каким-то причинам значение из метода getName() не передается.

Можете ли подсказать в какую сторону копать чтобы решить проблему?

Do I add my skill check modifier to the roll of 15 granted by Glibness?

While affected by Glibness, a creature can replace any Charisma roll with a 15:

Until the spell ends, when you make a Charisma check, you can replace the number you roll with a 15.

It’s not clear to me from this wording whether the 15 replaces the roll before or after adding any modifiers. For example, if my modifier for a Charisma check is +5 and I choose to take the 15 from Glibness, is the resulting Charisma roll a 15 or a 20?

Apache2 “Require all granted” generates “denied” after mod_wsgi upgrade with Django 1.11

The behavior I’m seeing looks like Apache2 "Require all granted" doesn't work, but (1) the hints there didn’t help, and (2) there seems to be some interaction with mod_wsgi & Django in my case. Details below.

Last week, I had a working copy of Django 1.11 running on a (Ubuntu 16) machine with Python 2.7. The machine has two vhost files: one for the Django site running on :3060, and one for an unrelated static facade running on :80.

My goal is to upgrade our Django site to Python 3 (3.6 specifically).

After upgrading the python interpreter in the Django app venv and pulling up our site code to comply with 3.6, mod_wsgi wouldn’t run the site with the enclosed 3.6 interpreter, instead using the system 2.7 interpreter. This failed, since django is only installed to the venv. That turns out to be expected behavior; mod_wsgi can’t run with a different python interpreter than it was compiled with. Fine.

I installed a Python 3.6 version of mod_wsgi into the app venv using pip install mod_wsgi, and modified the apache2 config /etc/apache2/mods-available/wsgi.load to pull that version of mod_wsgi.so instead of the system one.

Now, most of the site loads, but I can’t get Django’s /static/ to work (403: Access Forbidden). Bizarrely, I get the same when I try to load :80. My working hypothesis is that both problems have the same cause, so that if I can fix the :80 site, the static URLs at :3060 will work too.

If I switch back to system mod_wsgi, :80 gets a 403.

If I turn off the Django vhost, :80 loads successfully.

If I leave the Django vhost disabled and switch to the venv mod_wsgi, :80 loads successfully.

So, something is horked with Django. Conf and log excerpts below. What else should I be checking here? Why did this ever work with 2.7?


/etc/apache2/sites-available/myApp.conf (Django site):

Listen 3060 WSGIScriptAlias / /path/to/myApp/apache/wsgi.py WSGIPythonHome /path/to/myApp/venv WSGIPythonPath /path/to/myApp <VirtualHost *:3060>     DocumentRoot /path/to/myApp/mySite     ServerName example.com      ErrorLog $  {APACHE_LOG_DIR}/myApp-error.log     CustomLog $  {APACHE_LOG_DIR}/myApp-access.log combined      <Directory /path/to/myApp/apache>         <Files wsgi.py>         Require all granted     </Files>     </Directory>      <Directory /path/to/myApp/mySite/static>         Require all granted     </Directory>      Alias /static/ /path/to/myApp/mySite/static/  </VirtualHost> 

/etc/apache2/sites-enabled/000-default.conf (facade site):

<VirtualHost *:80>     ServerAdmin webmaster@localhost     DocumentRoot /var/www/html      ErrorLog $  {APACHE_LOG_DIR}/error.log     CustomLog $  {APACHE_LOG_DIR}/access.log combined </VirtualHost> 

/path/to/myApp/apache/wsgi.py:

import os import sys  from django.core.wsgi import get_wsgi_application  os.environ["DJANGO_SETTINGS_MODULE"]= "myConfigPackage.settings"  import django django.setup()  application = get_wsgi_application() 

/etc/apache2/apache2.conf:

Mutex file:$  {APACHE_LOCK_DIR} default PidFile $  {APACHE_PID_FILE} Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5  User $  {APACHE_RUN_USER} Group $  {APACHE_RUN_GROUP}  HostnameLookups Off  ErrorLog $  {APACHE_LOG_DIR}/error.log LogLevel debug  IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf  Include ports.conf  <Directory />     Options FollowSymLinks     AllowOverride None     Require all denied </Directory>  <Directory /usr/share>     AllowOverride None     Require all granted </Directory>  <Directory /var/www/>     Options Indexes FollowSymLinks     AllowOverride None     Require all granted </Directory>  AccessFileName .htaccess  <FilesMatch "^\.ht">     Require all denied </FilesMatch>  LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent  IncludeOptional conf-enabled/*.conf IncludeOptional sites-enabled/*.conf 

/var/log/apache2/error.log

with both vhosts configured:

# apachectl -S VirtualHost configuration: *:80                   example.com (/etc/apache2/sites-enabled/000-default.conf:1) *:3060                 example.com (/etc/apache2/sites-enabled/myApp.conf:5) 

when I load :80, I get:

[Thu May 02 14:01:27.651473 2019] [authz_core:debug] [pid 26896:tid 140597918635776] mod_authz_core.c(809): [client my.ip.add.ress:47398] AH01626: authorization result of Require all denied: denied [Thu May 02 14:01:27.651499 2019] [authz_core:debug] [pid 26896:tid 140597918635776] mod_authz_core.c(809): [client my.ip.add.ress:47398] AH01626: authorization result of <RequireAny>: denied [Thu May 02 14:01:27.651504 2019] [authz_core:error] [pid 26896:tid 140597918635776] [client my.ip.add.ress:47398] AH01630: client denied by server configuration: /path/to/myApp/apache/wsgi.py [Thu May 02 14:01:27.682831 2019] [authz_core:debug] [pid 26896:tid 140597910243072] mod_authz_core.c(809): [client my.ip.add.ress:47398] AH01626: authorization result of Require all denied: denied [Thu May 02 14:01:27.682864 2019] [authz_core:debug] [pid 26896:tid 140597910243072] mod_authz_core.c(809): [client my.ip.add.ress:47398] AH01626: authorization result of <RequireAny>: denied [Thu May 02 14:01:27.682869 2019] [authz_core:error] [pid 26896:tid 140597910243072] [client my.ip.add.ress:47398] AH01630: client denied by server configuration: /path/to/myApp/apache/wsgi.py 

with just :80 configured:

VirtualHost configuration: *:80                   example.com (/etc/apache2/sites-enabled/000-default.conf:1) 

when I load :80, I get

[Thu May 02 14:08:05.703757 2019] [authz_core:debug] [pid 31548:tid 140597977384704] mod_authz_core.c(809): [client my.ip.add.ress:47434] AH01626: authorization result of Require all granted: granted [Thu May 02 14:08:05.703779 2019] [authz_core:debug] [pid 31548:tid 140597977384704] mod_authz_core.c(809): [client my.ip.add.ress:47434] AH01626: authorization result of <RequireAny>: granted [Thu May 02 14:08:05.725665 2019] [deflate:debug] [pid 31548:tid 140597977384704] mod_deflate.c(853): [client my.ip.add.ress:47434] AH01384: Zlib: Compressed 171 to 119 : URL /index.html 

When building for Android the camera does not activate when the app launches although permission has been granted

I am using Unity 2018.3.7 and following the Microsoft Azure Spacial Anchors tutorials at this link https://docs.microsoft.com/en-us/azure/spatial-anchors/tutorials/tutorial-share-anchors-across-devices

The project builds and runs on the device but the camera is never active

Is it normal to be granted 1 year as duration of stay for a b1/b2 visitor to the US?

I am currently visiting the US as a tourist.

At the port of entry the visa officer(CBP immigration officer) asked me a couple of questions and then he gave me 12 months as duration of stay in the US.

I went and checked my online i-94, which also reflects the same fact of me being granted 1 year. I came to the US 4th April 2018, the visa officer has given my last date to stay till 2nd April 2020 for this visit.

Does that mean I can stay for almost 12 months and leave. Or do i have to leave around 6 months like everyone else.

Do I need Croatian visa with Multiple entry Schengen with granted stay duration < less than intended stay in Schengen+Croatia

I am planning to travel to Austria, Hungary and Croatia (total 14 days), in the mentioned sequence. I was issued multiple entry Schengen visa (‘C’ visa) by Embassy of Austria with validity covering the entire duration of the trip.

But my visa mentions duration of stay as 10 days, whereas my total duration of intended stay is 14 days, which includes 7 days in Schengen (Austria + Hungary) & 7 days in Croatia.

Do I need separate Croatia visa since my duration of stay in Croatia is less than granted duration of stay (excluding no. of days stayed in Schengen), as per my Visa

Please help. My travel date is approaching near.

Thanks, Ankur