Login user with temporary roles?

Next topic

Author	Message
Marco Rogers	Monday 03 January 2011 12:46:54 pm I have a scenario I'm not sure how to solve. I have a site that has various restrictions on it including network access. If you access the site from a certain location, you can bypass login and get a guest account. You do this by entering your email and some other user info so we can locate your account. However, instead of logging you in with a guest account, we would like to log you in with your own account with restricted privileges. This is handy so we can still track who you are when you take various actions. Rather than doing permission checks everywhere, it would be better if we could temporarily change the roles assigned to the user for the duration of their session. I've looked eZRole::assignToUser but that will actually permanently add the guest role to the user. Is there a way to temporarily assign roles? :Marco
Peter Keung	Tuesday 04 January 2011 6:56:15 am Sounds like the solution is to create a new user account on the fly (in a user group that has the desired permissions) and then log that user in. http://www.mugo.ca Mugo Web, eZ Partner in Vancouver, Canada
Marco Rogers	Tuesday 04 January 2011 12:12:10 pm This doesn't work because we want the temporary account to still be connected to the real user. I was thinking of some feature where a temporary user object would have a reference back to the official user. But that involves custom ezuser objects and such. I was hoping it could be simpler. All I need is temporary privileges.

Author

Message

Monday 03 January 2011 12:46:54 pm

I have a scenario I'm not sure how to solve. I have a site that has various restrictions on it including network access. If you access the site from a certain location, you can bypass login and get a guest account. You do this by entering your email and some other user info so we can locate your account.

However, instead of logging you in with a guest account, we would like to log you in with your own account with restricted privileges. This is handy so we can still track who you are when you take various actions. Rather than doing permission checks everywhere, it would be better if we could temporarily change the roles assigned to the user for the duration of their session.

I've looked eZRole::assignToUser but that will actually permanently add the guest role to the user. Is there a way to temporarily assign roles?

:Marco

Peter Keung

Tuesday 04 January 2011 6:56:15 am

Sounds like the solution is to create a new user account on the fly (in a user group that has the desired permissions) and then log that user in.

http://www.mugo.ca
Mugo Web, eZ Partner in Vancouver, Canada

Marco Rogers

Tuesday 04 January 2011 12:12:10 pm

This doesn't work because we want the temporary account to still be connected to the real user. I was thinking of some feature where a temporary user object would have a reference back to the official user. But that involves custom ezuser objects and such. I was hoping it could be simpler. All I need is temporary privileges.