I'm using FOSUserBundle and set up a User / Group environment.
I can give Roles to Groups and Users.
Basically I give the Roles to the Group.
Now, I want to revoke some Users in a Group a Role that is inherited from the Group.
Every time I unselect it in the UserAdminView ( SonataUserBundle ) it is rechecked again ( for sure, because it gets it from the Group)
Any Idea how to achieve that?
I thought about a extra field in the Usertable where all Roles that should be Revoked are listed.
Is there an easier opportunity?
What you're asking for is beyond the scope of FOSUserBundle, as far as I know. No matter what, when a user logs in, it's going to load all of the roles assigned to a specific user, and all of the roles in the groups a user is assigned to.
You may try to create a custom field under the User entity called 'denied_roles' or something of that nature. Then create a custom login listener (listening to 'security.interactive_login') that removes the 'denied_roles'.
Related
I'm working on a project where I have to handle unregistered user - users that have been added to the group but still they do not have registered in the app.
What I'm doing now is to create a new child in my 'user' db, putting all the info that i know about this unregistered user.
Of course, it also has an id.
This id will be used to represent that user and so it will be used in a lot of places of the db.
The problem comes when this user tries to register itself. Since when creating a new user it's not possible to force the 'id' that he already had, Firebase will create a new id for him.
Then, in the db I need to change all the references of the 'old id' with the new one.
Is there any better way to do it ?
1) You can use another "fake" table to remap the IDs, that is, instead of changing the old id and its references you can add new instance to your "fake" table when user registered. And when needed using simple service you can find the corresponding id.
2) Secondly, you can do authentication yourself, what I mean is that, you can develop your own registration service and define the id yourself in registration. If system is already big and hard to change. First option would be suitable but will have some cost in terms of time.
I use Drupal 7 and would prefer to do so but if I need to use Drupal 6 I will. I have a Drupal 7 site that I allow "advisors" to create authenticated users. I am an admin on the site so I see and can do everything. All that an "advisor" can do is create and edit authenticated users. Is there a way to make a view that displays the users that the particular advisor has created while the advisor is logged in?
If you don't understand what I'm saying let me put it this way. I am the admin of the site so I can do everything. I created a user role called advisor. There's also an authenticated role for users. Advisors can create authenticated users. So I have Advisor 1. Advisor 1 created 10 users. I also have Advisor 2. Advisor 2 created 3 users. I'd like a page (more than likely built with views - and I've used views before on other sites so I'm familiar with them) - I'd like a page that Advisor 1 could go to once logged in and it would display all of the 10 users that they created. Advisor 1 wouldn't see the users that Advisor 2 create.
Is this possible? Any help on this would be greatly appreciated. Thank you in advance.
I have implemented something similar and I can give you some guidelines.
First of all drupal 7 doesn't store the information of the creator of the users.
So, in order to track this you will need to attach a custom field to the user to keep this information.
In such case you ll have to make sure that every creator can insert only himself in this field and not anyone else or you 'll have to find an automated way to fill it in.
I suggest you use field permission module for setting permissions to this field (users probably should not even have view, creators should not be able to change it etc ) and computed field module for automatically populate the field (eg creator_field) upon creation for example with the uid of the creator.
Finally when creating the view you could add contextual filtering by using the logged in user on the creator_field.
You should also have a look at Organic Groups. I haven't use it but might be helpful
Hope it helps.
Updated
Add
global $user;
$entity_field[0]['value'] = $user -> uid;
to the Computed Code (PHP) in the computed field settings and store the value as integer in "Database store settings". Then in your view you should add a view of user with contextual filter of creator_field. In the contextual filter settings you must set "provide default value" -> "User ID from logged in user" in the "WHEN THE FILTER VALUE IS NOT IN THE URL" section.
This could be done relatively easily in Drupal 7 by adding a field to the user profile that points back to the user creator (using the Entity Reference module). Profile2 could offer a shortcut to making this field available on a profile, though if this is the only customization that you need to add to your profiles, it would be cleaner to do this in a custom module.
A view (Views module) could be configured to output a list of users with the current logged in user as the creator.
You'll also need to add similar logic for user_access to allow/restrict profile editing (if the current user is the user referenced in the profile). A permissions hook also could be useful if you plan to have different admin levels.
The Tokens module should work to insert this value for the new user, by inserting the current user into the field. Or you can do this before the user is saved. It would go a little something like this:
function mymodule_user_presave(&$edit, $account, $category) {
if ($account->is_new) {
global $user;
$created_by = $user->uid;
$edit['created_by'] = $created_by;
}
}
Good luck.
I would like to know the number of users logged for each role into my ASP.NET application
i have an (Admin) role and the (rest) role
i want to know the Number Of Users Online for each one not the entire application what this method did :
Membership.GetNumberOfUsersOnline()
You will need to enumerate the users yourself. If you make use of
Membership.GetAllUsers()
you get a collection of all available users. Then you can loop through each user and check the IsOnline property to see if the user is online. To determine the roles of the user, you can make use of the methods in the Roles class.
For example, if you have two roles admin and rest, and you would like to display how many users are online in each role, you could do something like this:
var adminCount = 0, restCount = 0;
foreach ( var user in Membership.GetAllUsers().Where(u => u.IsOnline) )
if (Roles.IsUserInRole(user.UserName, "admin"))
adminCount++;
else if (Roles.IsUserInRole(user.UserName, "rest"))
restCount++;
// do something with adminCount and restCount
If you have more complicated role structure, or many roles, you could use a map to store the count per role. The logic is up to you what you want to accomplish, this should provide all the pieces necessary to express your custom counting logic.
Question No 1
I am familiar with role management, a particular member in a particular role can do this and access this functionally. What I need to do is Manage individual user, not the role he is in.
For example, lets say I create a role, called "Sales". I setup the role permission what the sales persons can do. Now i want to keep a check on individual user. For example if this is "john", i want to show him the records only he created. If his is peter, I want to show him only that records which he created, not by john or other sales people.
Is there a thing called "User Management" in ASP.NET that we can use? If not we have to create it ourselves and I believe the integration with ASP.NET "Role Management" will not be that smooth.
Question No 2.
I am using control for user login. I want to create a session at this time so I can keep track of which user is signed in so I can show him the records only pertaining to him. How can I do that?
Your Q1 isn't really about Role vs User management (ie: authorizations) at this point. It's about audit tracking within your application.
And the way you do that is you capture the ID of the user who created the record in question with the record, so that later you can filter on that ID.
Pseudo database structure
Table Sales
Field...
Field...
Field...
CreatedByUser int not null, -- Populate this on creation and never change it again
ModifiedByUser int not null - populate this on every row update including insert
See ASP.NET Profile Properties.
Assuming the records in the database correspond to a unique ID for a user, you can store the unique id in a profile property per user.
1) If you want to filter records by the creating user, you need to record in your table the ID of the user who created the record. You can access the name of current user through User.Identity.Name and their ID (provider-dependent) through User.ProviderUserKey.
2) Sessions are created automatically in ASP.NET and provided you have a properly configured MembershipProvider, you can retrieve all the needed user info using the User object as shown above.
It sounds like you are a little unfamiliar with ASP.NET Membership and Roles capabilities, because they are actually set up quite well to accomplish what you are describing. I would recommend checking out this tutorial series:
https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx
You are talking about Authentication and Authorization. For question 1 you and implement a custom authorization provider to allow for user level control http://msdn.microsoft.com/en-us/library/aa479048.aspx For question 2, once you log in and are Authenticated, the session contains a userprinciple object that has the info in it automatically.
Wondering if anyone knows how to create a view that only shows the activity of groups, where the current logged in user, is either the owner OR a member.
thanks :)
You can in views add an argument, and select the logged in user. You can use that to query whatever groups you are talking about.