#1 2014-05-06 13:43:41

fborges
Member
From: Portugal
Registered: 2014-05-06
Posts: 4

Roles and Permissions for FrontEnd Access

Hi,

First of all congratulations on your work building this CMS, Great Work!!!

This is my first project using ionize and i'm currently using version 1.0.6.

One of my project requirements, is that i need several different roles that will have access to certain pages that i will define in the menu.

So my doubts are:

1. I've created 4 new roles with the level 101, 102, 103, and 104 (frontend acces level should be between 100 and 999 i guess), and assigned them to test users that i've created, and also defined the permissions on the specific pages base on the user role. I want to show this pages in navigation only when the user role has permission for them, how can i implement this?

2. I want to use in the frontend a login by the username and not the e-mail (the core of ionize is using e-mail), so to implement this i've extended the class responsible to process the login, logout, registration, etc ... and overrided the method processdata to use the username instead of the e-mail and it is working, but is this the right way to do it?

3. After the sucess login in the frontend, when loading the pages, i get an error of SQL. I've debuged the app and the error cames from getFromRole php function, where you have in the associative array a parameter iduser=0 (this parameter is used in other functions as weel), since this function is gathering data from de rules table and the field iduser doesn't exists on it, it gives me the error. If i remove this parameter, everything works fine, but is this the right way?

I have other questions that i will place in a new topic because they are not related to roles and permissions.

Thanks and best regrads

Filipe

Offline

#2 2014-05-06 19:39:01

ukyo
Community Manager
From: Marmaris - Turkey
Registered: 2010-05-19
Posts: 734
Website

Re: Roles and Permissions for FrontEnd Access

1 - Can you try to make custom navigation helper for this process, use tree_navigation tag.
2 - You can login with username and email its not metter.
3 - Will be fixed for next release : http://ionizecms.com/forum/viewtopic.php?id=1790


<ion:ukyo from="Turkey" />
Ionize CMS Türkçe Dil Çeviri Dosyaları | My Github Repositories
Please send your first message to a forum section, not forum users or administration.

Offline

#3 2014-05-07 00:13:03

fborges
Member
From: Portugal
Registered: 2014-05-06
Posts: 4

Re: Roles and Permissions for FrontEnd Access

Thanks Ukio for your reply

1. I've already made a custom navigation helper, because the design that i use didn't match the original routine... How do i test the permissions for pages or articles in this helper?

2. I've read in your documentation that i could login using email ou username, but and i've tried without success. When debugging the application i've seen that the class that is being used is TagManager_User and the function that is called is process_data.

Analysing the code relative to the login i've seen this

if (TagManager_Form::validate('login')) {
    if ( ! User()->logged_in())
        {
            $email = self::$ci->input->post('email');                                   
                    $db_user = self::$ci->user_model->find_user(array('email'=>$email));
.....

So the function is expecting an email and not the username. Perhaps i'm using the wrong function and class...

3. Thanks, i will update my database

Thanks and best regards

Filipe

Offline

#4 2014-05-07 12:30:27

ukyo
Community Manager
From: Marmaris - Turkey
Registered: 2010-05-19
Posts: 734
Website

Re: Roles and Permissions for FrontEnd Access

1 - You can use Authority::can( method inside navigation helper :

if ( Authority::can('edit', 'admin/page') )
{
     Do someting
}
else
{
     Show Error or don't use else
}

2 - Core only accept "email" & "password" login you can write your custom tags for username based login or change "login" case like this :

// Login
				case 'login':

					if (TagManager_Form::validate('login'))
					{
						if ( ! User()->logged_in())
						{
							$email      = self::$ci->input->post('email');
                            $username   = self::$ci->input->post('username');

                            // Try Email Login
                            if( ! empty($email) )
                            {
                                $db_user = self::$ci->user_model->find_user(array('email'=>$email));

                                $user = array(
                                    'email' => $email,
                                    'password' => self::$ci->input->post('password')
                                );
                            }

                            // If email empty try username login
                            if( empty($email) && ! empty($username) )
                            {
                                $db_user = self::$ci->user_model->find_user(array('username'=>$username));

                                $user = array(
                                    'username' => $username,
                                    'password' => self::$ci->input->post('password')
                                );
                            }



							if ( ! empty($db_user) )
							{
								// Account not allowed to login
								if ($db_user['role_level'] < 100)
								{
									$message = TagManager_Form::get_form_message('not_activated');
									TagManager_Form::set_additional_error('login', $message);
								}
								else
								{
									$result = User()->login($user);

									if ($result)
									{
										// Potentially redirect to the page setup in /application/config/forms.php
										$redirect = TagManager_Form::get_form_redirect();
											if ($redirect !== FALSE) redirect($redirect);

										// If redirect is commented, this success message will be available.
										$message = TagManager_Form::get_form_message('success');
										TagManager_Form::set_additional_success('login', $message);
									}
									else
									{
										$message = TagManager_Form::get_form_message('error');
										TagManager_Form::set_additional_error('login', $message);
									}
								}
							}
							else
							{
								$message = TagManager_Form::get_form_message('not_found');
								TagManager_Form::set_additional_error('login', $message);
							}
						}
					}
					break;

Maybe we can update this login changes for 1.0.6.1 also..


<ion:ukyo from="Turkey" />
Ionize CMS Türkçe Dil Çeviri Dosyaları | My Github Repositories
Please send your first message to a forum section, not forum users or administration.

Offline

#5 2014-12-11 11:58:04

Kostas_Z
Member
Registered: 2014-10-23
Posts: 7

Re: Roles and Permissions for FrontEnd Access

I'd like to add something to the solution from Ukyo for future users who encounter that they cannot login with a username.

Besides replacing the login code from Ukyo above in the User.php, you should also edit the validation configuration in application/config/forms.php

Disable the email validation in the 'fields' part of the array with tags and add the username, with slightly altered validation as the email in the config as below.

// Login Form
	'login' => array
	(
		'process' => 'TagManager_User::process_data',
		// Redirection after process. Can be 'home' or 'referer' for the $_SERVER['HTTP_REFERER'] value.
		// If not set, doesn't redirect
		'redirect' => 'referer',
		// Message Language index, as set in language/xx/form_lang.php
		'messages' => array
		(
			'success' => 'form_login_success_message',
			'error' => 'form_login_error_message',
			'not_found' => 'form_login_not_found_message',
			'not_activated' => 'form_login_not_activated_message',
		),
		'fields' => array
		(
			/*'email' => array(
				// CI rules
				'rules' => 'trim|required|min_length[5]|valid_email|xss_clean',
				// Label translated index, as set in language/xx/form_lang.php
				// Will be used to display the label name in error messages
				'label' => 'form_label_email',
			),*/
			'username' => array(
				// CI rules
				'rules' => 'trim|required|xss_clean',
				// Label translated index, as set in language/xx/form_lang.php
				// Will be used to display the label name in error messages
				'label' => 'form_label_username',
			),			
			'password' => array(
				'rules' => 'trim|required|min_length[4]|xss_clean',
				'label' => 'form_label_password',
			),
		)
	),

Also, don't forget of course to add the correct id and name fields in the html. But that's no surprise of course.

    <ion:user:logged is="false">
 
        <form method="post" action="">
 
            <!-- Name of the form : login -->
            <input type="hidden" name="form" value="login" />
 
            <!-- The username is used to log in the user -->
            <label for="username">Username</label>
            <input type="text" id="username" name="username" value="<ion:form:login:field:username />" required />
            <ion:form:login:error:username tag="p" class="input-error" />
 
            <label for="password">Password</label>
            <input type="password" id="password" name="password" required />
            <ion:form:login:error:password tag="p" class="input-error" />
 
            <input type="submit" value="Login" />
        </form>
 
    </ion:user:logged>

Be careful with updating your Ionize CMS, as I believe the core files will be overwritten. Maybe someone has a safer solution for this, but this seams to work well.

Last edited by Kostas_Z (2014-12-11 11:59:02)

Offline

What's Ionize ?

Ionize is an Open Source Content Management System created by webdesigners for webdesigners.

Created and maintained by Partikule and Toopixel, Ionize wants to be the easiest and most powerful CMS.

Can I help ?

Because talent is nothing without involvement, we are looking for motivated coders and webdesigners to join the project team.

Resources

Website : ionizecms.com
Documentation : doc.ionizecms.com

Development : Ionize on GitHub
Translations : Ionize Translations