What is the url to edit other users profile - symfony

I can't figure out though how to edit another users profile.
If i'm logged in as an admin I want to be able to edit other users profile.
What's the url for that ? Can someone please point me to the right direction ?

I didn't see anything about what you're looking for....
Every time I've to working with it, I just use the User Manager as it's told in the official documentation...
Here is the specific documentation
Maybe should you think to create your own views :
List of Users
Edit of one User
And a Form mapping your User class.
Here is an extract of how to modify user only with UserManager:
$userManager = $container->get('fos_user.user_manager');
$user = $userManager->findUserByEmail($email);
$user->setUsername('John');
$userManager->updateUser($user);

Related

FOSUserBundle: User doesn't get roles of group

I am using symfony 2.5 and trying to check if a user has a specific role. The tables are set up correctly in the database and the data is correct inserted:
In the database exists a user test#example.com with a mapped group admin which has defined the roles a:1:{i:0;s:10:"ROLE_ADMIN";}
I don't know why the roles aren't read correct. The debug-toolbar tells me, that i am only authenticated as ROLE_USER.
Code:
$securityContext = $this->container->get('security.context');
$securityContext->isGranted('ROLE_ADMIN');
if ($securityContext->isGranted('ROLE_ADMIN')) {
echo 'crazy coding magic happens here';
}
I have found this question (Symfony 2 FOS UserBundle users doesn't get group's role) which seems to be related to my question, but i am not satisfied with the answer, because i don't want to check the group-access but the role-access. In my case group permissions could change in the future.
Thanks for your help!
Okay - it seems i have found the solution by myself.
The problem is that you have to sign off the logged in user and sign in again to recognize changes in the group-role-mapping.
The code above is correct and after the is user is logged in again the correct roles are assigned.

how can a wordpress wesite show the visitor's name when he visit the website ? like welcome <visitor name>>

If someone visit my website then how can I show them their name when they visit and show them a welcome message like welcome Atul. My website is created in WordPress.
Your visitor need to be registered on your website. This is the only way WordPress can find his information. To know more about displaying information of USER read this article "http://codex.wordpress.org/Function_Reference/get_currentuserinfo"
To allow this to happen the user of the site will have to be registered as otherwise there is not a method to find their name. When they are logged in by default it will say something like "Welcome, Woolnut". There are some small plugins that can change the welcome message for you but you will need to get the user to log in before you have access to name for them. If they are logged in already and you want to display their username / name then take at look at this >> link, it may be of use!
Edit
Turns out my link is the same one as the other answer! (Is probably the best link however...)
A slightly better way is to call wp_get_current_user instead, like so:
$user = wp_get_current_user();
if ( 0 !== $user->ID ) {
echo $user->display_name;
}
This is a wrapper for the get_currentuserinfo that actually returns the user to you directly instead of just setting a global variable. It returns a WP_User object with the information of the current user in it.
If the user is unknown or not logged in, then the function will return a WP_User with the ID set to zero, so you can check for that and also handle unknown users.

Registering new users via OAuth2 : what to set as user identifier for future log ins?

I have managed to successfully configure this. The problem is, when I change the lines below :
//I have set all requested data with the user's username
//modify here with relevant data
$user->setUsername($username);
$user->setEmail($username);
$user->setPassword($username);
into the information I want to retrive, such as real name, email, my generated password etc, when I click the Login button for Facebook per say, I am asked again if I want to connect with my local testing site.
From what I understand, in the documentation I linked above, this :
$user = $this->userManager->findUserBy(array($this->getProperty($response) => $username));
is the line that checks if the user exists or not, and the initial code by itself, sets either facebook_id or twitter_id (this is how I save them) as a new User *username*. If I change the line
$user->setUsername($username); //same as facebook/twitter _id
into
$user->setUsername(setProperUsername()); //sets a proper unique username
Then everytime I try to login I get the "Register" message. So, I have a general idea of how it works but I am having a hard time understanding some things:
1. When I have registered with Facebook and I login with twitter, I register again, no knew row is created, but missing twitter_id fields are updated/populated, username stays intact. How come HWI/FOSUB knows I am the same person when my previous data were from Facebook not Twitter?
2. If there is a global way of knowing I am the same person, what data from the $response object should I use as a key to identify already registered users?
After testing a lot with this, I have the answer if anyone runs into this type of situation
Check your default_target path, make it so it is /profile, /account etc, don't default to login again. Also, if a user is already logged in, do not make him access your login page. This was why my data was being updated. I was basically logged in with my Facebook account and registering with my Twitter account too.
No, there is no global way of knowing I am the same person. The $response object sent me a unique ID for that specific user according to the provider policy. You might use this to identify already registered users and log them in.

Avoid "user cross access" in Symfony

I am currently working on a project based on Symfony 1.4. I am using the sfDoctrineGuardPlugin to authenticate my two kinds of users : users and admins. For each module and each action in a module, I am using credentials to prevent unauthorized actions execution.
But I am facing a problem : if an user wants to edit a project, for example, the URL will look like frontend.php/project/edit/id/1. Here, we suppose that the project #1 belongs to him. Now, let's suppose that project #2 does not belong to him. If he types the URL frontend.php/project/edit/id/2, he will have access to the edit form, and will be able to edit a project that does not belong to him.
How can I prevent that behaviour ?
I would like to avoid verifying the ownership of each editable model before displaying the edit form... But can I do differently ?
Do you have any good practice or advices to prevent this behaviour ?
Thanks a lot !
Since you will have to check in the projet to know if the current user is allowed to edit the project, I don't think you will have other way than verifying before the edit, in the action part. Why don't you want to do it this way?
This check can be done inside the preExcute function:
public function preExecute()
{
$request = $this->getRequest()
if ($request->hasParameter('id'))
{
$project = Doctrine_Core::getTable('Project')->find($request->getParameter('id'));
$user_id = $this->getUser()->getGuardUser()->getId();
$this->forward404If(
$project->getUserId() !== $user_id,
'User #'.$user_id.' is not allowed to edit project #'.$project->getId()
);
}
}

how to send an activation code to the user in create user wizard?

I wanted to verify the user who is registering on My Website(using Create User Wizard ) by sending them a code on their E-Mail ID given at registration time...and they will have to use that code to activate his account.
could u please help me with this
Thanks
I found an article that walks through doing something very similarl. The only difference I see between the way they did it and what you are doing is that they included the code in a URL that the user just clicks and you want to have them type it in a box.
Link: http://www.aspcode.net/Requiring-email-verification-for-new-accounts.aspx
or https://web.archive.org/web/20211020153319/https://www.4guysfromrolla.com/articles/062508-1.aspx

Resources