In order to register, users have to select a their account name created by my moderators. That means that a moderators have to create an account name before the user registers.
To do so, I made a first entity, let's call it "Member", that has a field "account". Then I added to this entity the boolean field "bound" that is set to false by default.
What I want to do is to set this field "bound" to true when someone registers after he selected his account name and fill the FOSUserBundle required fields (username, passwords, email...).
I tried to follow the documentation of "overriding controllers", but I'm getting an error (You have requested a non-existent service "fos_user.registration.form".) and this is where I'm stucked.
Using controller events can maybe help me, but I do not know which is the best solution.
If anyone has a solution to my problem, I'll be really grateful.
You should used the controller event to hook after the registration process, and more specifically the
REGISTRATION_COMPLETED event (if I remember correctly).
Related
When I register new users, can I use custom claims to set a flag for the created user? For ex. I want to set flag 'disabled' to False when the user is enabled and
to True when I block him.
I have read in many places people saying "don't save other information rather than user role in Custom claims" but why wouldn't it be a good idea to set this flag in Custom Claims? I understand Custom Claims doesn't hold much data but a flag wouldn't be a problem I guess.
I don't see anything wrong with it. Can someone help me out with a clarification?
I try to manage the access rights for users to edit or view different articles.
Articles can be created dynamically and the rights should be editable for every article.
In my case, I have a User object and multiple other objects (Article, and more...).
I need to check if a User can read or write any kind of object.
I actually see there is a method Voters, but they only can manage User groups?
Can somebody help me?
A Voter can decide almost anything - usually it's based on a user's permission, but it doesn't have to be - I've used one as a 'feature flag' check, with a value fetched from a configuration, or database entry to show something - or not, as an example.
The page on voters has an example on viewing, or editing a database record (a Post entity, via a $this->denyAccessUnlessGranted('edit', $post);.
In your instance, the voter would be passed the 'attribute', the object (Article, etc) you want to check on, and gets the current user from a service. If that user has the appropriate permission to read/edit/delete the Article or other object, it returns true.
I've created an action programmatically and added a VBO to a view in order to execute the action on one or more users. The action itself simply removes a few roles and adds a new role to the selected users. I call user_save from within the action to save the changes to the roles.
If I look at the user_roles table in the database while the action is running, I can see the role ids for the specific user, changing to the new role in realtime. However, when the VBO is complete, it seems to revert back to the original user object so that none of the old roles have been removed and the new role hasn't been added. It has to be something happening after my action is executed, but I can't imagine what it is.
Oddly enough, if I run the VBO a second time, it seems to work.
My action is defined in hook_action_info as type "user" and triggers is an array with "any" as the only parameter.
If I call the action directly using actions_do, it works perfectly the first time.
Any ideas?
I suggest to use a few users to test the VBO and also implement hook_user_update with dpm (devel module) and debug_backtrace. This could give a hint of what is happening, it's a weird behaviour that you will discover only debugging.
If you have more info please append it to your question so everyone could help.
Hope that helps.
I've created a User custom class in my Bundle. It inherits from the BaseUser class of FOSUserBundle.
In my class, I've defined several attributes which are entities of my Bundle, like Adress, Avis etc.
I have defined the formType of all my forms with data_class User.
It allows me to retrieve interesting user information like username (!) and displaying it in my forms.
BUT when I validate my forms it asks me to fill the plainPassword field of User class as it is a mandatory attribute.
First I wanted to retrieve the password from database to fill it in the form before displaying it but it seems impossible as a security measure.
So I've tried to stock it in the session (ugly I know) after registration but it seems not possible to force the form data with a value (surely because it is a password type field)...
So question is : what would you do ?
But what is the purpose of retrieving it?
You want to modify any of user's data like username or email?
Remember you can have /profile 'module' in FOSUser Bundle, which is used for modifing for example username and email.
For changing password you have separate 'module' change password (I don't remember path). Maybe that's what you are looking for? Of course that way user can edit only his own data. These modules are ready to use by deafault (you have to provide routing for them).
If you want for example, that admin modifies the other user's data that can be interesting for you:
In case of password, take a look at column in db called 'salt', which is used for encoding password in db. If you try to save password in db without salting it won't work - so I think if you want to change the password in db by some custom action - you have to set plain password and the it will be automatically encoded.
If you want to fill some form's fields by default read something about forms in Symfony, Fields types and something about their additional features and remember that password field require individuall approach.
I would not store the users plain password anywhere, let alone display it in the browser.
Playing with plain text passwords like you are doing is major security threat to your application, and any and all users using it.
The default User class in FOSUserBundle has two fields for the password, password and plainPassword. That plain password is filled in by the form, then, in the controller, the password field is generated by whatever encryption method you have configured for the firewall. The new user is then added to the database and the plain password field is cleared and never used again.
If you are trying to set up a forgot password solution, I would recommend emailing the user with some kind of unique key (as a URL parameter), ask them to confirm then give them the opportunity to update their password.
I made an extended user schema in my Plone 4.3 site with the collective.example.userdata.
My problem is when I try to display my new fields in author.cpt page.
I used to get my user object with the getMemberById from membershiptool and then use getProperty on the userobject but it requires a "manager" permission.
Maybe a solution would be to extend the getMemberInfo with my new fields but I don't know how to do such a thing.
Anyone ?
Thanks
I had the same problem and ended up monkey patching Products.PlonePAS.tools.membership.MembershipTool.getMemberInfo so it supply more data to the caller. The method getMemberInfo can be called with/from the Anonymous role.