I want to control access for unregisteres/unlogged users using Acl - i've setup it , tested it's working i can create new groups , users, add user to group and setup group premissions for specific controller actions
I've created usergroup called unregistered and user called temp but have no idea how to assign (map) unlogged person who entered the page to that user and group ?
Why would you specify the default allow rule in the ACL structure?
Suppose you want to allow anonymous access to the following actions: register, about, someotherpage
And you want to control access via ACLs to: edit, reply, profile
In the Auth component, you can set the Auth::allow property, which specifies different controller actions that you want to allow everyone (logged in and non-logged in users alike) access to. So, in your controller (can either be AppController to apply globally, or SpecificController to apply only to that controller), specify (usually in the Controller::beforeFilter() method):
$this->Auth->allow = array( 'register', 'about', 'someotherpage' );
Then Auth will only restrict access to the other pages. This should be much simpler than what you were trying to do, assuming that I read you question correctly.
HTH!
You're on the right track - you have defined an "anonymous" user and group. The next step you need to do is to automatically log in any anonymous user as the "anonymous" user (it sounds stupid, but trust me). That way you can set up the ACL permissions in the tables just as if they were a registered user.
#Travis Leleu - The tables for auth already exist, to define the permissions for registered users/groups, so why have a second, separate table for non-registered, anonymous users?
Related
I'd like to restrict access to a view based on the CURRENT users role. Not the author. For example, if a user has the authorized user role then they can see the content of the view. If a user is anonymous then they are shown the No Results Behavior of the view. I can't believe there is no way to do this. I know there is the Access settings, but I don't want the anonymous user given an access denied message.
One method I can think of:
Use hook_views_query_alter(). Check if the current user belongs to the set of roles you are interested in. If he doesn't, add a condition which is always false, such as 0 = 1. To see how to add such a condition in code, see the example on this page: http://api.drupal.org/api/views/views.api.php/function/hook_views_query_alter/7. The resulting view will not have any result on adding this condition.
Neerav Mehta.
Drupal Development
I am using CakePHP 1.3 and a layout which includes a dropdown of organizations a user has access to administer, so I'm trying to populate that dropdown with organizations that contain the userid that is logged in, but I want to populate it before the user sees anything so they can use it in the header. The dropdown needs to appear on every page once logged in. I tried adding the query to pull these organizations in the appcontroller, but userid was not yet available to use in before filter. Where or how should I do this? Should it be in session or is there a better construct to use? Element?
In my app it's no problem to use the user_id from within the beforeRender (if you are using the Auth-Component).
You can use it with $this->Auth->user('id').
I would do it like this: Check in the AppController if the user is logged in. If he is, pull your wanted information from the database (or whereever you get your information from) and store it in a variable called $dropdown for example.
If the user is not logged in, $dropdown will be false.
You now make this variable available to the view with $this->set(compact('dropdown'))
Now in your layout (this is important to you have it on every page) you can easily do a check if $dropdown is false or not. If not, you can work with your variable and show the user your wanted dropdown.
I want to access
id of current logged user
name of current logged user
group_id of current logged user
group_name of current logged user
across the view files, to switch menus and tabs on and off according to group_id.
How can I achieve this with minimum sacrifice of performance?
Thanks
If you use the AuthComponent, it'll store the record of the currently logged-in user in the Session under the key Auth. You can access this anywhere through the session component or helper:
$this->Session->read('Auth.User.name')
Even if you're not using the AuthComponent, the Session is the best place to store information about the current user.
Otherwise and in general, the Configure class is usually a good place to store this kind of global information:
Configure::write('User', array('id' => $id, ...));
Configure::read('User.id');
What I always do is create a AppHelper and create a method for this.
Off course this is similar to deceze's answer but it reduces some code you need to write ;)
function user($key) {
$user = $this->Session->read('Auth.User');
if (isset($user[$key])) {
return $user[$key];
}
return false;
}
Then you can call the id of the user by $this->Html->user('id');
Perhaps you could set the variables you want in your AppController (extended by all sub controllers). You should then be able to access them from all views, though be careful to name them uniquely.
CakePHP book - App Controller
In GAE, can you look up a User with the User object's user_id?
In other words, is there something equivalent to:
from google.appengine.api.users import User
user = User.get_by_id(user_id)
I don't think so.
... they certainly wouldn't just give you access to every holder of a google account!
The idea is that you store user ids as properties in your datastore, once they've logged in to your app.
There is a property type called UserProperty
http://code.google.com/appengine/docs/python/datastore/typesandpropertyclasses.html
So, you can query your list of users from your own datastore definition.
hth
This seems to be the only post on the internet regarding this and since I was looking for a solution, I thought I'd post what I found here.
What amir75 said about using the UserProperty is fine for storing the User object itself returned by the google.appengine.users module.
But if you need to lookup a User by the user_id field instead of the default email field, usually something like user = User(email = 'validmail#gmailorgapps.com')
You can use this to query by user_id. user = User(_user_id = 'validuserid') The valid user_id is something that you got earlier from calling user.user_id()
I'm not sure what amir75 is referring to about having access to all google accounts since the User object returned will only have the email address and nickname, and that too only if the user authorizes the application to access that information.
My use case for this is I want people to sign up on the site, but they need an administrator to confirm them for using the site. The form used by the administrator for confirming the users can use email id as the field to identify the checkbox for confirming the user, but given that it might change, the user_id seems to be a safer field to use.
i am planing to set a permission on my event index page, which just allow certain user to view which had set when i add the event. After user click into my event, the event controller will 1st check the user id and check the event database which control the user can see which event in his calendar. The permission is added when user create a event and share to other user. Beside, how can i find the current user id to compare with my event database which is the accurate 1?
any suggestion for me to did this function?
i need to know the code and concept how i get the current user id to compare with all the event database, and allow the current user see the certain event.
thanks alot for your information.
The recommended approach for getting logged in user data is via the AuthComponent itself:
// in any controller
$userId = $this->Auth->user('id');
See Accessing the logged in user in the Auth section of the CakePHP Book.
Use sessions to save and read data for a user between pages.
Within Controllers:
// store a user id in the session
$this->Session->write('User.id', $userId);
// read a user id from the session
$userId = $this->Session->read('User.id');
Within Views:
// read a user id from the session
$userId = $session->read('User.id');
You can use any key you want if you prefer something over "User.id". I simply use this since it is what the AuthComponent defaults to if you are using that.
What you're looking for are ACLs (Access Control Lists). There's an AclComponent built into Cake which you should look into. It works together with the AuthComponent, which will hold the user id. It's a little complicated at first, but worth the hassle.
Also, for a simple approach, have a look at the model and controller settings of AuthComponent::authorize. This allows you to define an isAuthorized() method in your controller or model (your choice) which will store logic that determines access (should return true if access allowed and false if denied).
to see sessions, queries, data, and everything else that is passed from page to page in cake use this amazing little helper http://thechaw.com/debug_kit