1

Topic: Roles Manager Question

I love the Roles Manager plugin. Than you for writing it! 

I am using the Roles Manager plugin to give certain 'visitors' access to a particular page on the site.  One has to send an email to the webmaster to request an account and password.  Then the webmaster sends off the information to the user.

I am using it currently the following way: 
- 'visitor' Role:  Page View enabled only
- 'user editor' Role: Admin view, User View, User add, User delete and User edit enabled.

Now the following problems arose:
1) The 'user editor' sees the pages tab.  Is it possible to hide it in this user role?

2) When the 'user editor' adds new users, the 'roles' section is enabled, which means the 'user editor' can create accounts with more power than his own...  Is is possible to disable the 'roles' section and have all users he adds be 'visitors' by default?   

3) Is there a way to add an automated email to every newly created user?  Where would I need to implement this feature?  I can write the email php myself just need to know where it is being triggered...

Thank you again for this plugin and any possible guideance.

Best,

Th0m

Last edited by th0m (2011-06-21 22:18)

Thumbs up

2

Re: Roles Manager Question

EDIT: don't use the code in this post

The following 'solutions' are a little ugly and may need a little further testing and be aware if you update in the future you will lose the changes, also they might not work with 0.8.0.

So after the disclaimer...

1.

To hide the 'Pages' tab, you need to edit the 'backend' view ( found under '/wolf/app/layouts/'), so first of all, back it up (ie: save a copy backend.ORIG.php). Edit the backend.php you'll be using and replace:

    <li id="page-plugin" class="plugin"><a href="<?php echo get_url('page'); ?>"<?php if ($ctrl=='page') echo ' class="current"'; ?>><?php echo __('Pages'); ?></a></li>

found around line 128, for:

<?php if (AuthUser::hasPermission('page_view')): ?>
          <li id="page-plugin" class="plugin"><a href="<?php echo get_url('page'); ?>"<?php if ($ctrl=='page') echo ' class="current"'; ?>><?php echo __('Pages'); ?></a></li>
<?php endif; ?>

This will hide the tab from being displayed but it's still 'active' and it can be accesed, so we need to do another change.

By default the backend interface is routed to the 'Pages' tab, unless you change the settings. But this setting affects all users, so I think, in your particular case, it's not an option to change it. We'll be forcing a redirect to the 'User' tab since it's all the role is supposed to do.

Sidenote: If you haven't made a plugin for the site your currently developing, you should consider it.

Anyway, there're two sections available for the 'user editor' (hidden 'Pages' and 'User'). To force redirecting any call to 'Pages' will be using the Observer system.

So in your plugin you put the following:

<?php

if (!defined('IN_CMS')) { exit(); }

Plugin::setInfos(array(
    'id'    => 'roles_control',
    'title'    => __('Roles Control'),
    'description'    => __('Some description.'),
    'version'    => '0.1.0',
    'license'    => '...',
    'author'    => 'me',
    'type'    => 'backend'
));

if (Plugin::isEnabled('roles_control')) {
    // If you need the Controller uncomment the line below
    //Plugin::addController('roles_control','Roles Control','',false);

    $user = AuthUser::getRecord();
    $roles = $user->roles();
    // Check if the current user has only the 'user editor'
    if( AuthUser::hasRole('user editor') && count($roles) == 1 ) {
        define('ROLE_LIMITED', true);
    }

    Observer::observe('dispatch_route_found','forceUserTab');
}

function forceUserTab($uri) {
    // If the user has the 'user_editor' role
    // and is going to the pages section
    // send him to the 'Users' section
    if(ROLE_LIMITED && preg_match('/page/', $uri) )
    redirect( get_url('user') );
}

* I put the whole thing in case you don't have a custom plugin, if you have one omit the Plugin::setInfos.


2.

Now to disable certains roles from the user 'edit' view, we can do the following:

First backup the '/wolf/app/views/user/edit.php' because we'll be introducing a few lines.

Open the 'edit' view and around line 58 (inside the foreach loop), introduce:

<?php
    // If you want to exclude more roles, add them to the array
    $omit_roles = array('administrator','developer','editor');
    if( ROLE_LIMITED && in_array( $role->name, $omit_roles ) )
    continue;
?>

so you'll have something like this:

<?php $user_roles = ($user instanceof User) ? $user->roles(): array(); ?>
<?php foreach ($roles as $role): ?>
<?php
    // If you want to exclude more roles, add them to the array
    $omit_roles = array('administrator','developer','editor');
    if( ROLE_LIMITED && in_array( $role->name, $omit_roles ) )
    continue;
?>
        <span class="checkbox"><input<?php if (in_array($role->name, $user_roles)) echo ' checked="checked"'; ?>  id="user_role<?php echo $role->name; ?>" name="user_role[<?php echo $role->name; ?>]" type="checkbox" value="<?php echo $role->id; ?>" />&nbsp;<label for="user_role-<?php echo $role->name; ?>"><?php echo __(ucwords($role->name)); ?></label></span>
<?php endforeach; ?>

3.

Finally to send the email, there's an Event triggered every time a user is succesfully added, so you need to add the following to the custom plugin index:

    Observer::observe('user_after_add','emailNewUser');
    ...
    function emailNewUser($name) {
        // retrieve the user data
        // and send the email
    }

leaving our index plugin:

<?php

if (!defined('IN_CMS')) { exit(); }

Plugin::setInfos(array(
    'id'    => 'roles_control',
    'title'    => __('Roles Control'),
    'description'    => __('Some description.'),
    'version'    => '0.1.0',
    'license'    => '...',
    'author'    => 'me',
    'type'    => 'backend'
));

if (Plugin::isEnabled('roles_control')) {
    // If you need the Controller uncomment the line below
    //Plugin::addController('roles_control','Roles Control','',false);

    $user = AuthUser::getRecord();
    $roles = $user->roles();
    // Check if the current user has only the 'user editor'
    if( AuthUser::hasRole('user editor') && count($roles) == 1 ) {
        define('ROLE_LIMITED', true);
    }

    Observer::observe('dispatch_route_found','forceUserTab');
    Observer::observe('user_after_add','emailNewUser');
}

function forceUserTab($uri) {
    // If the user has the 'user_editor' role
    // and is going to the pages section
    // send him to the 'Users' section
    if(ROLE_LIMITED && preg_match('/page/', $uri) )
    redirect( get_url('user') );
}

function emailNewUser($name) {
    // retrieve the user data
    // and send the email
}

Last edited by andrewmman (2011-06-22 09:09)

Thumbs up

3

Re: Roles Manager Question

Wow!  Super thorough! Thank you so much. smile

OK.  I found the first part in the backend view no problem

Second step plugin: I failed.  Sorry but I never wrote a plugin before so I assume I'm doing some basic wrong.  These were my steps:

1) Add your code into a index.php file located in a folder : [...]/plugins/roles_control/
2) Go into the Admin settings and hit enable roles control
3) Admin settings reloads.  But the front end crashes.  No error messages even with debug turned on.

This is what I've added into the index page:

------------------
<?php

if (!defined('IN_CMS')) { exit(); }

Plugin::setInfos(array(
    'id'    => 'roles_control',
    'title'    => __('Roles Control'),
    'description'    => __('Some description.'),
    'version'    => '0.1.0',
    'license'    => '...',
    'author'    => 'me',
    'type'    => 'backend'
));

if (Plugin::isEnabled('roles_control')) {
    // If you need the Controller uncomment the line below
    //Plugin::addController('roles_control','Roles Control','',false);

    $user = AuthUser::getRecord();
    $roles = $user->roles();
    // Check if the current user has only the 'user editor'
    if( AuthUser::hasRole('usereditor') && count($roles) == 1 ) {
        define('ROLE_LIMITED', true);
    }

    Observer::observe('dispatch_route_found','forceUserTab');
}

function forceUserTab($uri) {
    // If the user has the 'user_editor' role
    // and is going to the pages section
    // send him to the 'Users' section
    if(ROLE_LIMITED && preg_match('/page/', $uri) )
    redirect( get_url('user') );
}

?>
--------------------

What am I doing wrong?  The above is all I've added...  are there any other elements required to make a plugin work?

Last edited by th0m (2011-06-22 05:17)

Thumbs up

4

Re: Roles Manager Question

Oh I just realized that I'll have another question.  Hope you don't mind smile

4) I'm trying to get a javscript library to work that auto fills the password fields with some random text when one signs up a new user.   In the confirmation email to the user, is there a variable in the WolfCMS core that holds the password that will be sent to the server?  I'd like to send out 1 additional email holding the password to login.  How can I grab that information?

Thank you again!

Th0m

Last edited by th0m (2011-06-22 05:16)

Thumbs up

5

Re: Roles Manager Question

I've done some further testing and there're too many side issues, instead of modifying the core user manager and all the 'patches', you should create your own 'visitors' manager.

Start from a copy of the Skeleton plugin and reference the core's user manager, the basic functionality is very similar.

To create a plugin like this, you'll need a Visitor model which interacts with a database table, the VisitorManagerController where you'll declare the 'actions' to add/edit/delete the users (only visitors) and the 'views':

  • an index

  • a sidebar

  • an 'edit' view where you display the form to add/edit visitors.

  • documentation?

I'll leave the code of the previous posts, but don't use it.

Last edited by andrewmman (2011-06-22 09:07)

Thumbs up

6

Re: Roles Manager Question

Hi  andrewmman

oh man that's too bad.  I don't think I'll have the time to figure this out and write it all.   

Here are a few thoughts that might (or might not?) make this request simpler (I hope!!!):

- On a second note we could default all logins to users tab since I am the only administrator and there's only one users editor.  So I don't mind having to click 'pages' everytime when I log in if that saves me some programming time.  smile 

- Also it is OK if the user editor can theoretically access the pages tab.  I'd just like it to be hidden...  I dont' think the person with 'user editor' access will try to mess anything up.  The issue is just he could be accidentally hitting another role  since now there's so many of them (administrator,editor, user editor,....)... 

...I'm basically now just trying to see if there's something we're overseeing that could make my requests less labor intense...  but still work I guess only for this particular project.  I don't mind some restrictions to the admin side (myself only) as long as the 'user editor' role is slightly more 'secure' (only one default role and hidden pages tab).


Also:  Will the email plugin work for request #3 though if I try that?  Should I try to stick together a plugin for the email response only?

Sorry to bother you with all this.  I really appreciate all your input and I love your product.

Thank you!

Th0m

Thumbs up

7

Re: Roles Manager Question

The thing is besides giving the editor the chance to create user with roles with more 'power' than him, he can also edit users with those roles. That's why I recommend developing a plugin that won't mess with the other users.

You'll have an independent table for the 'visitor' users, you can store anything you want (not limited with the wolf's user table), etc...

Thumbs up