I am developing modx manager custom page and cannot check if user is logged in and has access to manager ? So far I tried
$modx->user->get('username');
All i get is (anonymous) even if i am logged in and when i am not logged in.I have also tried sessioncontext etc as well. Am i doing something wrong. Did anyone faced same issue.
You need a custom snippet to manage showing things for people who are logged in or not and the Login Extra to easily access user fields. Then paste this in and call it isAdmin:
<?php
if ($modx->user instanceof modUser) {
if ($modx->user->hasSessionContext('mgr')) {
return true;
}
}
return false;
And then you want to use it like this...
[[!isAdmin:notempty=`
<!-- Do something for people logged in -->
`:default=`
<!-- Do something for everyone else -->
`]]
Code is from Mark Hamstra's blog.
Related
Using Orchard 1.6 Iv created a new role 'FactoryWorker'. When this user logs in from the front end I want them to be navigated to one page only.
OrchardLocal/System/ManufacturedProducts
I have set this page to be a print screen of the order details so the factory worker will know what products to get ready for ship out & they wont be able to navigate as no menu appears, but also need the other pages blocked incase the user decides to enter the URL of a page they arnt allowed access to.
This is the only page I want this particular user to be able to access(after they login), and I have added a logout button, which logs out the user and returns them to the home page.
So iv been looking through editing a role, with permissions and content etc...but this all seems to be applying to forms and content in general. where the user can access any content type etc...
So can someone advise me on how to do this?
thanks for any replies
UPDATE
I forgot to mention that this is not a content type, item or part I am talking about.
I have created my own controller & View & VM which is accessible from the dash board (using the AdminMenu, which brings the admin user to OrchardLocal/System/ManufacturedProducts)
I have looked at Orchard.ContentPermissions Feature but it only seems to allow me to 1)Grant permissions for others or 2)Grant permission for own content
any ideas?
You can use a Request Filter, (I do not know if it is the best way) :
FilterProvider – defines the filter applied to each request. Resembles the way default ASP.NET MVC action filters work with the difference that it’s not an attribute. All FilterProvider objects are injected into the request pipeline and are applied to all requests (so you need to check if the current request is suitable for your filter at the beginning of an appropriate method).
From : http://www.szmyd.com.pl/blog/most-useful-orchard-extension-points
So you could implement something like this
public class Filter : FilterProvider, IAuthorizationFilter {
private readonly IAuthenticationService _authenticationService;
public Filter(IAuthenticationService authenticationService) {
_authenticationService = authenticationService;
}
public void OnAuthorization(AuthorizationContext filterContext) {
//If route is the restricted one
if (filterContext.HttpContext.Request.Url.AbsoluteUri.Contains("OrchardLocal/System/ManufacturedProducts")) {
//Get the logged user
IUser loggedUser = _authenticationService.GetAuthenticatedUser();
if (loggedUser == null)
return filterContext.Result = new HttpUnauthorizedResult();
//Get the Roles
var roles = loggedUser.As<IUserRoles>().Roles;
if (!roles.Contains("FactoryUser")) {
//User is not authorized
return filterContext.Result = new HttpUnauthorizedResult();
}
}
}
}
Note: Untested code!
EDIT: Also you could invert the logic and check if the logged user has the role 'FactoryUser' and restrict its access to every page except the one they should see.
Your module can create a new permission (look at one of the permissions.cs files for examples), then create a role that has only that permission. Have your controller action check that permission (again, many examples found by finding usage of the permissions defined in one of the permissions.cs).
You can use the Content Permissions module. Using this module you can attach a content item permission part to a content type. This part allows you to choose which roles can see the content when you create it.
I have a little question. I am working with NetSuite eCommerce and I need to check something, my site runs a script when user is logged, but sometimes it asks for a login even when still getting NetSuite Attributes. Something like this:
var loginEmail = "<%=getCurrentAttribute('customer','email')%>";
if(loginEmail==null || loginEmail=="") {
$("#cart").hide();
}
else {
$("#cart").show();
}
Do you know a specific NetSuite attribute or tag that I should be calling/using?
User sessions do time out after a period of inactivity, and user sessions are tracked with a cookie.
Try testing with a different browser - ie run NetSuite in FireFox and test the eCommerce functionality in Chrome or Safari, for instance.
Try nlapiGetLogin(). From NetSuite Help:
nlapiGetLogin
Returns the NetSuite login credentials of currently logged-in user.
This API is supported in user event, portlet, Suitelet, RESTlet, and SSP scripts. For information about the unit cost associated with this API, see API Governance.
Returns nlobjLogin
Since Version 2012.2
Example
This example shows how to get the credentials of the currently logged-in user.
//Get credentials of currently logged-in user
var login = nlapiGetLogin();
It doesn't say, but my thought is that this would return null if no user is logged in.
Use this code:
<%
var shoppingSession = nlapiGetWebContainer().getShoppingSession();
if (!shoppingSession.isLoggedIn())
$("#cart").hide();
else
$("#cart").show();
%>
In place of
<%=getCurrentAttribute('customer','email')%>
try using
<%=getCurrentAttribute('customer','entityid')%>
I am creating a custom portlet.
And I need to log-out the User from the portal after he performs some operation in my custom portlet. I am extending liferay's MVCPortlet.
In one of MyPortlet's action methods I need to write the code to logout the user and then redirect it to the home page.
Update:
I tried the following which I think logs out the user but does not redirect to the home page after logging out:
actionResponse.sendRedirect(PortalUtil.getPortalURL(actionRequest) + "/c/portal/logout");
Thanks All
Well this may be a very late reply, but it may help somebody
Firstly, you have to validate the session and the re-direct to the logout URL. Otherwise, the session remains and the user is moved to the landing page, even though we redirect to the logout url. So, this is what one should do
HttpServletRequest request = PortalUtil.getHttpServletRequest(actionRequest);
request.getSession().invalidate();
actionResponse.sendRedirect(themeDisplay.getURLSignOut());
Hope this helps.
I also did not find a way to send a specific redirect by using liferay's default logout (/c/portal/logout). So I logged out the user programmatically with the util class AuthenticatedSessionManagerUtil and
afterwards sending a specific redirect location within the response object, e.g. response.sendRedirect(yourLocation)
Note:
With Liferay 7.2 I used AuthenticatedSessionManagerUtil.signOutSimultaneousLogins(userId) instead of AuthenticatedSessionManagerUtil.logout(userId) which did not work for me.
hth
You can redirect to c/portal/logout
more precisely :
actionResponse.sendRedirect("/c/portal/logout/");
Just leaving this here after facing this problem (LR7):
try {
AuthenticatedSessionManagerUtil.logout(request, response);
request.setAttribute(WebKeys.LOGOUT, true);
}
All you have to do is
perform operation: at the end of operation use this:
HttpSession session = PortalUtil.getHttpServletRequest(request).getSession();
session.invalidate();
try {
System.out.println(" redirecting to the required page");
response.sendRedirect(themeDisplay.getPortalURL() + "/page-on-which-to-be-redirected");
} catch (IOException e1) {
e1.printStackTrace();
}
I found this library for creating an ACL (access control list) for mongoose:
https://github.com/scttnlsn/mongoose-acl
It looks like a good module, but I'm a little confused on how to use it for my purpose.
I have a site where anybody (logged in or not) can visit a profile page, like example.com/users/chovy
However if the user 'chovy' is logged into this page, I want to give them admin privileges for editing the details of the account.
If the user is not 'chovy' or is not logged in, they would just see the read-only profile page for 'chovy'.
Can someone give me a concrete example of how I would do this?
That sounds so common, that I don't think you need an ACL. You will need to have sessions, and then you can change how the view looks based upon the current logged in user. An incomplete example would like like this:
// Assumes:
// - You set req.session.user when user logs in
// - The url route has a :name so you can do req.param() to get the name of the page being viewed
db.users.getCurrentUser(req.session.user, gotLoggedInUser)
db.users.getUserByName({name: req.param('name')}, gotUser)
And then pass this to the view, when you do a res.render():
var is_viewing_own_page = currentUser._id.toString() === loggedInUser._id.toString()
And then the view can do something like this (assuming jade):
- if (is_viewing_own_page)
div You are looking at your own page
- else
div You are viewing someone else's page
I want a page has to appear to user after logged in. But if we use that link we can see the page and its content only thing is that it wont be having user data. what to do to prevent this. what can be done in this scenario ?
You can declare a PhaseListener where to redirect to the homepage instead the user is not logged
public void afterPhase(PhaseEvent evt) {
User user =
evt.getFacesContext().getExternalContext().getSessionMap().get(USER_KEY);
if (user == null) {
FacesContext.getExternalContext().redirect("home.xhtml");
}
}
The phase listener can be defined globally, or at view-level with:
<f:view afterPhase="#{bean.afterPhase}">...</f:view>
(in facelets the attribute is called afterPhaseListener)
Use a ServletFilter to check existence of UserData in Session.
If "yes: then forward else forward to error page.
Another option is to use the rendered attribute on tags to check the existence of UserData object.
I'm not familiar with JSF or if it has built in authentication/authorization. But you should be able to apply authentication/access rules directly on your web server.