Is it possible to rename the id of a Plone user?
Sometimes people have good reasons to change their user name, e.g. because of marriage. In the profile the name information can be changed easily, but the user id is written in some places, and the user name (which might not match the current name of the person anymore) can irritate group members.
I found this basic information about member manipulation, but there is nothing said about whether or not this would be at all supported.
The user manager plugin stores 3 attributes, the User ID, the login name and the password.
login name and password can be changed, the User ID is immutable.
The Login ID is only for internal usage, in your case you can go to ZMI -> acl_users > source_users > {SELECT USER} and change the login name.
You need to do it thru the ZMI, afaik there's no Plone UI for this purpose.
Update
According to the discussion I guess the wish of renaming a plone user should solve a problem I also know very well.
Example use-cases:
An employment gets replaced by another one.
Marriage, different userid for example als in AD/LDAP environment.
The userid is commonly used, like windows auth name, or similiar and thus needs to be changed.
This is how I usually solve this problem:
Create new user with the new ID
Copy all local roles from the old to the new user (Code example)
Remove all permission of the old user (Code Example)
Copy group membership (I got no script for this purpose since Plone has a good group membership form).
Change Ownershipt with plone.app.changeownership (This includes the Creators field).
The linked code is a package we usually install to solve exact the mentioned problems. If Plone would have a feature "Rename UserID" it would be likely that it would proceed those 4 steps.
Related
I'd like to start a website that provides users with photos editing/storing experience. The initial idea is that the user has his own account where we store the edited photos and some settings. I'm am a WordPress web developer and when I try to consider how to build such a website in WordPress I don't really understand how to provide such a services without having access to user photos. My idea was to create a custom post type and save it with the user as an author. But as an admin of the website, I will have access to all the created/saved photos and I would like to build it in a way that I don't have it. Is it possible?
I've used previously the app to write a diary that saved the data to my Google Drive and if I understand correctly, it never had access to my files.
So my question is: what are the best practices to build such a resource? Is it normal to have access to all of your user photos if you provide such a platform?
In your case, as you will use WordPress and you are the developer you will always have access to the data of everything.
You will always have a way of knowing which data is from user or which data belongs to another user.
You have two options to do this, but this will take some development work:
1 - You must recreate the way WordPress works where the user is not related to an email and not private data that can relate to the user.
Example: You ask the user to register only that only asks for a hash that can be any word, number, or any other information and a second field would be the password.
With this in the backend you get this two information and do some kind of hash I'll give the example using md5 but do not use it.
After that join these two data and this will be the user.
and to login the user needs to repeat this information and will be within the platform. With this you will be able to maintain the anonymity of the user and will not know who the user is.
In this option you will have for each hash and password a different user :)
But I recommend not using wordpress if you choose this option. You can use a framework like CodeIgniter for example which is super simple.
2 - The second way would be to use the normal wp User, not worrying about who the user is and their information. But one way to keep photo information "anonymous" is to generate a unique hash with each user and have some way of relating the user to it.
Example: When uploading a file to edit it will generate a passkey, you must warn the user that when they want to edit this photo or view they will need to type it into an input. With this you will not know which information is from which user. but it requires extra work for the user
This way you will always have anonymity of user information. I hope I helped you somehow.
I am developing an app for my college and there are different types of users called students ,teachers , hod's
etc. When they login, how do I know a teacher logged in, or a student logged in? Is there any function in firestore for role based signups and signins?
I was thinking that when a teacher signs up, I will add a tag end of her uid.username that if username is 'DANIEL' while signup, I will add a tea for teachers and stu for students at the end of the name what they provided.
So when they login i will get the uid and do the string manupulations and get the last three letters so that i can know who logged in so that i can show different UI to Different types of users
Is there any best way to do like this ?
while singning up user enters his username example:"daniel"
i will update that username in uid.username like this "daniel-stu"(if student signed up),"daniel-tea" if techer signsup.
Storing this information in the user's display name can work. You can read it back from there next time, and take action in your application's client-side code. But note that this means that any user can change their role, since they can also call the same code to update their profile. If that is not a concern for your app, then this approach sounds like it would work.
If malicious users should not be able to change their role, then you shouldn't set that role from the client-side application code. In that case, you can set the role from a server (or your development machine, or Cloud Functions) using the Admin SDK. Since the Admin SDK runs in a trusted environment, it has expanded privileges and can update the profile of any user. So the Admin SDK could update the display name of the user in the same way you have in mind.
But this still isn't secure, since you're still setting a property that anyone can modify for their own profile. Again... if that is no problem for your app that is fine, but if the use-case requires that you can rely on the property to be correct, we have to keep looking elsewhere.
The Admin SDK can set additional so-called claims on a user profile that client-side code can't modify. Such claims are for things that affect the permissions of the user, such if the user is an admin, or what role/group your users belong to. This sounds quite close to what you are describing, so can also be used. And this time, only your code that runs in a trusted environment will be able to do so.
Finally, you could store the additional information about a user in the database. It's quite common to have a collection (Users or Profiles) in the database, where you store a document for each user (with the document name being User.uid). You create the document when the user first signs in, and update whenever you need to. You can do this from the client-side code (if there is no need to control what gets written), or from code that runs in a trusted environment (such as your development machine, a server you control, or Cloud Functions) if you do need to keep control. A big advantage of this approach is that all users can potentially see the information in this collection, where the client-side Authentication SDK only allows a user to read their own user profile.
For more on this, see:
Adding new data to firebase users (in which I essentially list the same options with fewer words)
Add extra User Information with firebase (store the information in the realtime database)
Associate Firebase Users to Database Records (also using the realtime database for the additional information)
Cloud Firestore saving additional user data
this video explaining custom claims
and many more previous questions on this topic
I'm a new to Drupal but I just want to hack/customize the login function of Drupal 7, like hardcoding. As i have discovered that Drupal 7 login process is handling by user.module and its associated files.
I just wanna know which kinds of values or properties are returning or providing when a user logging/authentication process is done by providing just Username/Password.
The final properties it returns, to provide back to Drupal (along the whole authentication process) that I just noticed so far are:
{uid} of the attempted user
{rid} role id of the user
user email
user is blocked or not
then .. ?
The point is .. what other else?
Can i replace/modify the whole existing authentication process? (as i need)
For example, one of the default auth functions in user.module:
function user_authenticate($name, $password) {
..
return $uid;
}
For example, if i modify (hardcode) that function to connect to my other external database(s) and return {user id}, the Drupal will get one auth requirement {uid}. Then what other else to provide? User Role and .. etc etc ?
Like that .. what other functions and properties else should i touch and provide back to Drupal along the authentication process?
This is not an actual answer but I cannot post this as a comment.
Basically we do not hack core. So looking at the user.module's code will not help you very much than learning the hooks. For an example, It's difficult to get an idea about how to add some magic when a node is created by looking at the code of hook_nodeapi(). But if you check the docs and the return/input arguments, it's much easier to do the job.
I'd start by adding an extra submit handler to login form using hook_form_alter(). I have seen some other threads from you about your use case but unfortunately it's difficult to provide a sample code for you.. You can see how other modules implement extra authentication (e.g: http://bit.ly/LdRcm6). (See how Remember Me module adds a checkbox to login form and twitter module that allows twitter login).
Then, you can have Drupal to authenticate the user as normal, and your new custom functionality in addition the Drupal's authentication.
Drupal can even connect to external databases no matter if it's Drupal or not.
As you can see in many functions, they returns a Boolean value or sometimes, the user ID. user_load() is the function that loads a basic user object.
Remember it's modular. Some modules can include/remove/alter these values using hook_user_load(). user terms module and profile module is a perfect example here. It includes profile field information when other modules require user information.
A single user is not just a set of information. It can be modified during any part of the process. So do that. Use your module to provide information that your external site has.
{uid} of the attempted user
{rid} role id of the user
user email
user is blocked or not
user last login time.
user register date.
...
To see the entire object for your site, enter the following.
<pre>
<?php
$user_account = user_load (1);
print_r($user_account);
?>
</pre>
You can enter this code in a node create page where you have php filter used.
Without hardcoding, you can allow other modules to make use of these values. Even if your source database has no role ID, you can ive them a role ID, a user ID, and such.
Good luck!
Drupal is an extensible system. There is no need to do "hardcoding" in core modules like the "user" module. You should rather explore the hook system that allows extending the core (and also contributed) modules.
And in case you want to fetch user id's from a different database (I am not clear about this usecase), you can still use the roles, and other user data, from Drupal's database.
We're currently using forms authentication for our intranet site and would like to allow users to authenticate via windows authentication instead. How will this affect current user accounts, profiles and roles. I have seen on the web that I can mix the two authentication types and put roles and profiles in a separate DB, but how do I link up existing role and profile assignments with windows authentication user logins?
I'm not sure if you can do it exactly what you are asking however you could code your way out of this, you could write functionality that requires people who are windows authenticated to enter a credential you already have on file which is unique (say an email address) you could then convert the user account programatically if they responded by clicking a link.
You could create the new account and import the information from the old non windows authenticated account and then delete the old account. All db records that relyon UserId however would need to be changed in this approach as part of migration.
Depends on how integrated you want to be but if it's single sign on that't driving this.
get the user's sid look for it in profiles roles etc (could add sid column to them but a simple sid - userid table would be better.
if they are in there you are good to go.
if they aren't use the forms athentication to identify them and add a mapping from their sid touserid. So they'll get asked once more and thats it.
You'll probably need a similar mechanism anyway, in the event of the sid changing, which can happen after various windows issues. or for say anonymous access for non windows users.
if you don't like sid as an id then some other e.g domain\user name might do it.
windows groups/roles to application roles for full integration is another step, as would
rationalising profile info like full name etc..
it's nice quick start any way without having to trawl through everything that uses user id now and change it.
Finally coming back around to answer the question. We actually kind of scrapped what we had in our Forms Authentication. The Roles work pretty differently with Windows authentication, as does the profile. We used a custom profile provider rather than the built in profile provider. If anyone is interested in what we've done, I put together a series of four blog posts that detail what we did in our environment and some of the glitches we ran into: Part 1, Part 2, Part 3 and Part 4.
I am starting a new ASP.Net MVC 3 app and I'm hoping to be able to use the built in Membership provider.
The issue I have is that my application can be used by various organizations and it is important that the information shown is only applicable to the organization the user is working for.
The no brainer approach would be to insist all users use their email addresses as their username so everyone is unique and can be associated with their respective organizations. The problem is, some users don't have email addresses so there is no reliable way of ensuring unique names and I don't want people to know the Usernames already in use by different organizations. (USernames should only be unique to the Organization, not the entire app)
Ideally, I would want the User to enter their organization name in one field, then their username in another (and then the password!)
So we could have Jane login from one organization.....
Organization Company1
Username Jane
Password ********
and then someone else also called Jane could login from a different organization..
Organization Company2
Username Jane
Password ********
So my question is, what is the best way of modifying the Membership system to allow for this extra field?
I'd go about writing a custom MembershipProvider to suite the requirement.
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
The provider pattern used by membership is designed so that you can extend it. You can inherit from the default provider and from the default membership use class to add the fields you need. This saves you from having to write a provider from scratch. As #mare pointed out, there are potential pitfalls though.
I would overcome these by perhaps having a login form that prompts for organisation, username & password, but behind the scenes combine the org & username & use that as the internal username.
The built-in (default ASP.NET) membership provider does not provide a concept of an Organization/Company/Firm or Department. You will have create your own tables in the database for those with a foreign key to the aspnet_users table to be able to store that additional information (I wouldn't go changing the default aspnet_users table because it might make it incompatible with the current default provider or future ones). You will then need to use the default provider for the default functionality and create a Service class to support the extended functionality. I know, I have done it. It gets complicated and dirty, takes time but it's completely doable.
Most likely you will end up creating your own provider and that starts with the requirement to support Users in Companies. In case you thought that changing the default provider to support that wouldn't be necessary. The requirement about uniqueness within the company is another one you will have to implement.
I think there is a built in option in the membership. look into the APPLICATION field in table my_aspnet_users.
reference here:
http://msdn.microsoft.com/en-us/library/system.web.security.membership.applicationname.aspx