I create User with FOSUserBundle, and when user created I create also a profile
User And Profile
I'd like that whenever the user changes the page, actually check that the user is navigating is authenticated and has also the profile
for now in my Controller i do
$user = $this->getUser();
if (!is_object($user)) { //i have to add || null !== $user->getProfile()
throw new AccessDeniedException('This user does not have access to this section.');
}
But I would not repeat this code in all controllers, and I would also check if the user has a profile, otherwise redirect to the home page
you can use JMSSecurityExtraBundle to add annotation for each action:
/**
* #Secure(roles="ROLE_USER, ROLE_FOO, ROLE_ADMIN")
*/
or without using of the bundle:
if (false === $this->get('security.context')->isGranted('ROLE_ADMIN')) {
throw new AccessDeniedException();
}
its more simple. Maybe theres another solution to make it for all your controller but i don't know it.
You can use the request listener :
http://symfony.com/doc/current/cookbook/service_container/event_listener.html#request-events-checking-types
Just add your magic and redirect through the event to the homepage
Related
How can i create a page without creating an actual page? I want to create websitelink.com/username where username will be the username of every user on my site. I want a profile page of every user and they can view other profile too. User dont have admin privileged. Thank you. I dont want to use plugin because I need to customize the view. I also want to view user profile even not logged in.
You can create custom page template and then write a code to get user by username. So your link will be like websitelink/users/{username} username will be dynamic.
<?php
/**
* Template Name: User Profile Page
**/
// Getting the username from the url
$link = $_SERVER['PHP_SELF'];
$link_array = explode('/',$link);
$loginname = end($link_array);
// Getting user info by wordpress default function
$user = get_userdatabylogin($loginname);
if($user){
echo $user;
}
$user will have all the info which you will need.
I am building a Silverstripe site that allow users to sign up to something. I have a few pages that in the CMS I set the page visibility to "Logged-in users" this is great but the default action is to redirect to /Security/Login. Is there a simple way of change the redirect for normal pages to goto etc /Account/Login and leave the default /Security/Login for CMS users?
Thanks
With the help of another plugin, I used this bit of code
public function onBeforeSecurityLogin()
{
$backUrl = $this->owner->getRequest()->getVar('BackURL');
if (!strstr($backUrl, '/admin/')) {
if (Controller::curr()->class != 'Account') {
$link = 'account/login' . '?BackURL=' . urlencode($backUrl);
return $this->owner->redirect($link);
}
}
}
And I also extended the Security Class to create my own handler and form for logins
You can set ?BackURL=/Account/Login in your links, or in the Session.
Alternatively set the config variable, E.g:
Security:
login_url: Account/Login
How to redirect user to a particular page after the user is successfully registered into the site?
Here drupal_goto() does not work. We need to work with the form redirection. How can this be achieved?
// include the Url namespace in your custom module
use Drupal\Core\Url;
// Add CUSTOM SUBMIT HANDLER FOR REGISTRATION
$form['actions']['submit']['#submit'][] = '__tmp_registration_submit';
function __tmp_registration_submit(&$form, FormStateInterface $form_state) {
// set relative internal path
$redirect_path = "\user\uid\payment-history";
$url = url::fromUserInput($redirect_path);
// set redirect
$form_state->setRedirectUrl($url);
}
Maybe a bit heavy, but you could also use the Rules module.
What I want to do if when a user loging check if he/she has all fields (user fields) complete in the database.
I can check when they loging those fields and then redirect to the profile view, but once they are in the profile view they still can see the menu, so they can easily go to others options and since they are already loging I cannot check it anymore in this way.
So I though that maybe using the controller Event listener I can check that, so I check is the controller is different to the accountController(which have the view to edit profile) and if is different I can check the fields.
The problem with that approach is in the accountController and in other controller they are twig {%render....%} that fires again the controller event and that give me infinity calls.
What approach would better? Thanks
Your idea of using the controller event (kernel.controller) to check for the fields is correct. In your event handler, you just need to check whether the request is the master request...
use Symfony\Component\HttpKernel\HttpKernel;
class FieldUpdater
{
/**
* Updates user's fields
*
* #param \Symfony\Component\HttpKernel\Event\FilterControllerEvent $event
*
* #return void
*/
public function onCoreController(FilterControllerEvent $event)
{
//if this isn't the main http request, then we aren't interested...
if (HttpKernel::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
// update fields
}
}
This way you won't end up with this being fired on every call to {% render ... %}
We have certain users in our member list that have a role "vendor" attached to them. All such members are to be redirected to a certain page upon login. How can this be accomplished?
There is more than one way to skin this cat...
This is my preferred Drupal 7 method:
function hook_user_login(&$edit, $account) {
$edit['redirect'] = 'node/123';
}
For Drupal 7
Action --> admin/config/system/actions - Redirect to URL
then enable your trigger module
Trigger --> /admin/structure/trigger/node
if your are trying to login redirect just follow this(select user tab in the page)
go to --> admin/structure/trigger/user
then
Trigger: After a user has logged in
choose an action -->Redirect to URL and assign.
Then clear the cache.
It will work for you!
You can define actions and triggers in Drupal:
Action(admin/settings/actions)
- Redirect to a specific page
Trigger (admin/build/trigger/user)
- After user has logged in
Try this.
EDIT (see comments):
Create a small module to check on a user's login process what role he has and then redirect if neccesary.
drupal_goto => redirect-function in drupal
hook_user =>triggers on user operations
And for the user's roles:
GLOBAL $user;
$roles = $user->roles;
$vendor = in_array('vendor', $roles);
$vendor then holds a true/false value will decide to redirect or not.
If you don't know how to do this, just post here and I'll write the module for you. But this would be a good practice for writing future drupa modules for you perhaps. :)
There are 2 ways in DRUPAL 7
1) Using action and trigger
see this http://drupal.org/node/298506
2)if using custom module
function YOURMODULE_user_login(&$edit, $account) {
if (!isset($_POST['form_id']) || $_POST['form_id'] != 'user_pass_reset' || variable_get('login_destination_immediate_redirect', FALSE)) {
if(in_array('THE-ROLE-WANTED-TO-REDIRECT',$account->roles)):
drupal_goto('PATH');
else: drupal_goto('user/'.$account->uid);
endif;
}
}
You can use Rules
Events: User has logged in.
Condition: User has role
Actions: Page redirect
There are modules that do this (besides Trigger+Actions), such as LoginDestination: http://drupal.org/project/login_destination. This Drupal forum post has a bit more info about it as well.
following condition for hook_user
if($op =='login') drupal_goto("your path");
This can be achieved by using a combination of content access and login toboggan modules. You'll be able to restrict pages and prompt user to login to access them.
First set the conditions in form preprocess (for example I want to redirect only users that logged in using the form at node page)
function YOURMODULE_form_user_login_alter(&$form, &$form_state, $form_id)
{
$pathArguments = explode('/', current_path());
if (count($pathArguments) == 2 && $pathArguments[0] === 'node' && is_numeric($pathArguments[1])) {
$form_state['nodepath'] = current_path();
}
}
than define redirect:
function YOURMODULE_user_login(&$edit, $account)
{
if (isset($edit['nodepath']) && !empty($edit['nodepath'])) {
drupal_goto($edit['nodepath']);
}
}