In my project I have two roles/groups: admin and user. Admins can add and edit users, users can only read the data.
How can I achieve that a user can edit its own data (like password, name, ...) but not the others? Since I can only add permissions to roles, I would need a individual role for every user. Is there another way to solve this?
Kind regards
Nils
At the moment you would need to create a dedicated group and role for that single user. We have already encountered the same limitation and are working on a long-term solution. One option would be to allow user roles. This way no dedicated group would be needed.
Related issues:
https://github.com/gentics/mesh/issues/48
https://github.com/gentics/mesh/issues/140
Related
I'd like to start a website that provides users with photos editing/storing experience. The initial idea is that the user has his own account where we store the edited photos and some settings. I'm am a WordPress web developer and when I try to consider how to build such a website in WordPress I don't really understand how to provide such a services without having access to user photos. My idea was to create a custom post type and save it with the user as an author. But as an admin of the website, I will have access to all the created/saved photos and I would like to build it in a way that I don't have it. Is it possible?
I've used previously the app to write a diary that saved the data to my Google Drive and if I understand correctly, it never had access to my files.
So my question is: what are the best practices to build such a resource? Is it normal to have access to all of your user photos if you provide such a platform?
In your case, as you will use WordPress and you are the developer you will always have access to the data of everything.
You will always have a way of knowing which data is from user or which data belongs to another user.
You have two options to do this, but this will take some development work:
1 - You must recreate the way WordPress works where the user is not related to an email and not private data that can relate to the user.
Example: You ask the user to register only that only asks for a hash that can be any word, number, or any other information and a second field would be the password.
With this in the backend you get this two information and do some kind of hash I'll give the example using md5 but do not use it.
After that join these two data and this will be the user.
and to login the user needs to repeat this information and will be within the platform. With this you will be able to maintain the anonymity of the user and will not know who the user is.
In this option you will have for each hash and password a different user :)
But I recommend not using wordpress if you choose this option. You can use a framework like CodeIgniter for example which is super simple.
2 - The second way would be to use the normal wp User, not worrying about who the user is and their information. But one way to keep photo information "anonymous" is to generate a unique hash with each user and have some way of relating the user to it.
Example: When uploading a file to edit it will generate a passkey, you must warn the user that when they want to edit this photo or view they will need to type it into an input. With this you will not know which information is from which user. but it requires extra work for the user
This way you will always have anonymity of user information. I hope I helped you somehow.
Is it possible to manualy update user roles with Symfony2?
In my application, users are able to handle many companies. For each of them, they have different rĂ´les.
At login time, I'd like to give them the roles of their default company and when they switch of company, I'd like to remove the previous roles and add the ones of the new company.
Yes it is possible. But i wouldn't advise you to dynamically remove and add roles on an company switch as it could lead to an security issue. If you want to use the basic role system you could create roles prefixed by company name (this is an bad idea if you have many companies). Or upgrade your security context to use ACLs. Maybe the simplest solution is to create an user for each company with the same credentials (or no creadentials if you manage the user switch) and different roles.
As far as I can see you should consider developing an own role system that meets your multi company requirement.
My app can handle Medics and Patients.
So far everyone can login and perform different tasks on the site.
We want to avoid forcing people that are Medics AND ALSO Patients to create a new User Login and password.
So a Medic which is also a Patient should keep his same login and password but we are thinking that as soon as the person with this dual privilege logs in they should PICK which role (and maybe store in a session variable) he wants to log in as.
Is this recommended or can you please provide me with an alternative?
Please help. thanks in advance
Your suggestion for roleselection after authentication IS a preferred way of working with your users. Your application can perform authorizations based on the role, rather than on the user. It is also important for the user to unmistakenly be aware of the role activated performing certain tasks.
One small suggestion I could give is to be able to switch this role dynamically, at any point in time in your application, without having to re-authenticate or get back to some kind of main page in your app. That fast role switch would really improve its usability. And always have the activated role display somewhere in the screen.
Do Medics have more privileges?
Somewhat like an "Editor" is also a "Registered User".
You wouldn't need an extra logon, you would just need to setup the hierarchy and what tasks/abilities a Medic has over a patient - if that's your scheme.
You should create another role. MedicAdmin for example.
I have a user with the role 'manager'. This user can administer other users, so he can create users. In my system I have two other roles, 'representant' and 'client'. The 'representant' can create users too, but my trouble is that he can create 'manager' users. I want to allow 'representant's to create only other 'representant's and 'client's.
How can I do this? There is some Drupal module that treats this problem?
Thank you.
the Administer Users by Role module might do.
The User Creator module appears to do what you're looking for.
My users access Drupal through SSO and everytime the server authorizes them, it returns a set of permissions (groups/roles), according to which I need to dynamically set the User's forum permissions.
So for example if a User logs in and the SSO says that he has enrolled in a course, I need to give him specific permissions for that course's forum.
Obviously I need a custom module for that, but it's a little hard to start.
I'm thinking of using the ACL module's API, but I can find any documentation or tutorial online. Is there any?
Is there a better way to get around this?
I'd appreciate any help :)
(note: I know there are modules with GUI that have similar functionality but I need to do it programmatically)
We just put something exactly like this into place - we used the Rules module (with the User logged in trigger), checking the LDAP groups that the user is enrolled in, and assigned the role accordingly.
Check out Forum Access. It can restrict users based on their roles.
You could have your roles be something like "CSC221 Student". If a user has this role, they will be able to access the CSC221 forum.
Create a hook_user function ( see http://api.drupal.org/api/function/hook_user ) in your module.
Then using http://drupal.org/project/permissions_api set the appropriate permissions on the user.