How do I assign a specific role from drupal core(D7) upon automatic registration with Simple FB Connect? I currently am using auto role assign and have a custom registration for 2 roles, One is a basic role with limited permissions and the other an advanced role with more edit/creation permissions. My problem is that the simple FB connect link works great but is registering people for the wrong roles. How can I choose the role that is being assigned based on the url?
Maybe something in template.php that would allow the following url to be placed on my facebook buttons?
/user/simple-fb-connect?registration=1&role=my_custom_role
YOu can use use hook_user_insert and check for the url and assign desired role,
function module_name_user_insert(&$edit, $account, $category)
{
if($_SERVER['REQUEST_URI'] =="url")
{
//add code to assign desired role;
//assuming rid of custom role is 1
$account->roles[1]='custom_role';
}
}
I encourage you to take a look at the rules module: https://www.drupal.org/project/rules/
This module allows you to create automated tasks based on events. What you want to do is:
Download and enable rules module: https://www.drupal.org/project/rules/
You'll need to enable rules UI as well
Go to rules configuration: example.com/admin/config/workflow/rules
Create a new rule
The rule event should be something like: "User registers a new account connected to Facebook"
The rule action should be something like: "Assign role to user"
Interface should be pretty straight forward.
Here's some additional resources:
Rules Handbook
https://www.drupal.org/documentation/modules/rules
Related
I was being searching to password protect apiglity admin ui without using htpasswd, but i did not got any information about. Can anybody help me out with this?
Thanks in advance
You don't need password protection for ApiGility UI. Access should only be allowed in the Dev environment.
php public/index.php development enable <- to enable the UI
php public/index.php development disable <- to disable the UI
If you consist of having password protection for it. Then you can add an event to the Application Module.php that check if the identified user is allowed to access that resource.
Edit - If you do want to protect something by password
The following code should be placed in the Module.php file. (In many cases under the Application module).
It call the event manager and attach action to the Dispatch event.
Every time the application reach the dispatch phase it will fire this event.
The action is passed as a call back so you can attach function, classes ans etc. In this example I passed a new class that have access to the MvcEvent ($e).
For example, that class can check if a user is logged in. If it is not then redirect him to /login.
public function onBootstrap(MvcEvent $e)
{
$eventManager = $e->getApplication()->getEventManager();
$eventManager->attach(MvcEvent::EVENT_DISPATCH, array(new UserAccessChecker($e), 'getResponse'));
}
For the purpose of auth You should further investigate ACL & RABC
I'm absolutely new of Symfony, and I'm trying to implement a registration form that works only with invitation
but that can redirect two different forms for two different roles.
In practice if I send an invitation for an USER_TYPE1 role the client can only register like USER_TYPE1, if I send an invitation for an USER_TYPE2 the client can only register like USER_TYPE2 (and, of course, assigns the corrispondent role).
Is it possible?
thank you in advance for your help
UPDATE:
I want two different form because one user will be allowed to update file, but will also have to set his position and other important settings. The second user will only allow to download the files uploaded by the first kind of user, and his profile needs completely different information.
I do not have enough reputation to ask for details, but one thing that is not clear in your question is: why do you need 2 different forms? In your question, you mention 2 different roles, but why do you need 2 different forms? If you really need 2 different forms, then you should first:
- create a new form type
- create a new view (twig)
Like Boris suggested, I would keep some kind of token for every invitation sent, and associate an email address, and a role to it. Then modify your registration route so you can pass a token in there, like this:
register:
pattern: /signup/{token}
defaults: { _controller: MyBundle:Registration:signup }
In the registration action of your controller, you created the correct form type and display the appropriate twig, depending on the ROLE associated to the token you just got. And when handling a POST, you check the Token again to see if it matches the email address, and assign the proper ROLE when creating the User.
public function signupAction($token) {
// 1. Get the Token entity matching the $token variable
// 2. Create the correct form type
// 3. Display the correct twig for GET, assign correct ROLE to new User for POST
}
But you can't use FOSUserBundle as-is. You will have to overwrite the registration process. You can read the FOSUserBundle documentation about that.
What's certain is that, for every invitation you send, you should keep a token with a matching email address and ROLE (the role you want to give to that person).
I have configured request tracker4 to be an interdepartmental helpdesk solution. The current setup is that users will login to RT using LDAP. Once logged in there account is automatically created. However, their account is created with no privileges.
To fix this I have been having to go to Tools-->Configuration-->Select then put in the users DN name and clicking add I then have to check the box "Let this user be granted rights (Privileged)" I have also tried setting Set($AutoCreate, Privileged); but no luck.
I looked at the user accounts in the sqlite database and noticed that when new user logs in they are indeed created in the database. But with no privileges.
709|tuser3|*NO-PASSWORD*|||||||tuser3|||||||tuser3||tuser3|||||||||||||1|2013-03-08 13:47:38|1|2013-03-08 13:47:38
791|Mayra|*NO-PASSWORD*||||Mayra#**************||Main Office|Mayra Hernandez|||||||Mayra||Mayra||**************|||||||||||1|2013-04-03 21:46:36|1|2013-04-03 21:46:36
797|sdrakeford|*NO-PASSWORD*||Autocreated when added as a watcher||sdrakeford#**************|||Sophia C. Drakeford|||||||sdrakeford||sdrakeford|||||||||||||1|2013-04-04 13:18:58|1|2013-04-04 13:18:58
827|Robert.Troy|*NO-PASSWORD*||||Robert.Troy#*******************||Main Office|Robert Troy|||||||Robert.Troy||Robert.Troy||***************|||||||||||1|2013-04-04 16:11:58|1|2013-04-04 16:11:59
Am I missing something, because usually these things are quite obvious.
The $AutoCreate option takes a hashref with all of the default options you want to pass to the User Create method. Try something like:
Set($AutoCreate, {
Privileged => 1
});
(As an aside, it's generally not recommended to run a production instance on sqlite. You might want to consider converting to MySQL or Postgres.)
I'm using devise/omniauth to do facebook authentication and works great. However, I would like to add a flow where an existing (non-facebook) user has ability to connect his account with facebook. This would require different facebook permissions. so i can't seem to find two things
how to use devise/omniauth to request facebook connect without logging out current user
request different extended permissions from user (different from those specified in the devise configuration file)
any ideas? thanks
Answer to 1 is pretty easy: just add a if path into the omniauth_callbacks_controller::process_callback method like this
# If a user is signed in then he is trying to link a new account
if user_signed_in?
if authentication.persisted? # This was a linking operation so send back the user to the account edit page
flash[:success] = I18n.t "controllers.omniauth_callbacks.process_callback.success.link_account",
:provider => registration_hash[:provider].capitalize,
:account => registration_hash[:email]
else
flash[:error] = I18n.t "controllers.omniauth_callbacks.process_callback.error.link_account",
:provider => registration_hash[:provider].capitalize,
:account => registration_hash[:email],
:errors =>authentication.errors
end
redirect_to edit_user_account_path(current_user)
This is what I do in my application and it works fine.
Regarding question 2 I do not know how to support 2 different facebook authentication configurations however I have hard time seeing how that is useful to users since they need a consistent experience across both path: "sign in using facebook" and "link your account to facebook".
(If you still want to pursue this path one idea I would explore is to create a new facebook application with its independent keys and configuration...)
Hope this help.
One simple way to implement multi-tier permissions is to use Facebook Javascript SDK(in addition to omniauth, if you want). You can simply specify different "scope" parameter, which specifies permissions required, at each call you want. What I'm doing is making omniauth provide a basic set of permissions, then, after the user has connected through omniauth(and thus stored their data in our DB), if further permissions are needed, we show them JS-based buttons which provide expanded sets of permissions. If you want to check what particular permissions a user has granted to you, you can simply use me/permissions API call.
We have implemented custom roleprovider. This provide us to restricts access to parts of our site using roles. Now we have situation when two users have role Administrator. But one user1 can add comments, and user2 can not add comments(user1 and user2 have role Administrator).
What the best way to solve this problem?
Can we add roles like it Administrator.AddComment and put it in controller action?
How about using a Commentors role:
[HttpPost]
[Authorize(Roles = "Commentors")]
public ActionResult Create(Comment comment)
{
...
}
Add a 'SuperUser' role. The purpose of the roles are to group common access/privileges. I think you need to add a new role.