Login user with temporary roles?

Next topic

Author	Message
Marco Rogers	Monday 03 January 2011 12:46:54 pm I have a scenario I'm not sure how to solve. I have a site that has various restrictions on it including network access. If you access the site from a certain location, you can bypass login and get a guest account. You do this by entering your email and some other user info so we can locate your account. However, instead of logging you in with a guest account, we would like to log you in with your own account with restricted privileges. This is handy so we can still track who you are when you take various actions. Rather than doing permission checks everywhere, it would be better if we could temporarily change the roles assigned to the user for the duration of their session. I've looked eZRole::assignToUser but that will actually permanently add the guest role to the user. Is there a way to temporarily assign roles? :Marco
Peter Keung	Tuesday 04 January 2011 6:56:15 am Sounds like the solution is to create a new user account on the fly (in a user group that has the desired permissions) and then log that user in. http://www.mugo.ca Mugo Web, eZ Partner in Vancouver, Canada
Marco Rogers	Tuesday 04 January 2011 12:12:10 pm This doesn't work because we want the temporary account to still be connected to the real user. I was thinking of some feature where a temporary user object would have a reference back to the official user. But that involves custom ezuser objects and such. I was hoping it could be simpler. All I need is temporary privileges.

Author

Message

Monday 03 January 2011 12:46:54 pm

I have a scenario I'm not sure how to solve. I have a site that has various restrictions on it including network access. If you access the site from a certain location, you can bypass login and get a guest account. You do this by entering your email and some other user info so we can locate your account.

However, instead of logging you in with a guest account, we would like to log you in with your own account with restricted privileges. This is handy so we can still track who you are when you take various actions. Rather than doing permission checks everywhere, it would be better if we could temporarily change the roles assigned to the user for the duration of their session.

I've looked eZRole::assignToUser but that will actually permanently add the guest role to the user. Is there a way to temporarily assign roles?

:Marco

Peter Keung

Tuesday 04 January 2011 6:56:15 am

Sounds like the solution is to create a new user account on the fly (in a user group that has the desired permissions) and then log that user in.

http://www.mugo.ca
Mugo Web, eZ Partner in Vancouver, Canada

Marco Rogers

Tuesday 04 January 2011 12:12:10 pm

This doesn't work because we want the temporary account to still be connected to the real user. I was thinking of some feature where a temporary user object would have a reference back to the official user. But that involves custom ezuser objects and such. I was hoping it could be simpler. All I need is temporary privileges.

eZ debug

Timing:	Jan 31 2025 01:27:11
Script start
Timing:	Jan 31 2025 01:27:11
Module start 'layout'
Timing:	Jan 31 2025 01:27:11
Module start 'content'
Timing:	Jan 31 2025 01:27:11
Module end 'content'
Timing:	Jan 31 2025 01:27:11
Script end

Main resources:

Total runtime	0.0273 sec
Peak memory usage	4,096.0000 KB
Database Queries	3

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0046	588.1328	151.2109
Module start 'layout'	0.0046	0.0041	739.3438	220.6953
Module start 'content'	0.0087	0.0167	960.0391	997.7266
Module end 'content'	0.0255	0.0018	1,957.7656	33.9766
Script end	0.0273		1,991.7422

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0030	11.0625	14	0.0002
Check MTime	0.0012	4.2182	14	0.0001
Mysql Total
Database connection	0.0005	1.7996	1	0.0005
Mysqli_queries	0.0021	7.7458	3	0.0007
Looping result	0.0000	0.0445	1	0.0000
Template Total	0.0013	4.7	1	0.0013
Template load	0.0010	3.7081	1	0.0010
Template processing	0.0003	0.9469	1	0.0003
Override
Cache load	0.0007	2.4796	1	0.0007
General
dbfile	0.0027	9.9883	8	0.0003
String conversion	0.0000	0.0296	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs