login a user and granting core permissions

[anantmaks]

VirtueMart V3.2.14

I am working on a project which requires to create a product from my call and while creating a product VirtueMart checks vmAccess::manager('product.create'). so when I receive a call I forcefully logging in the request as a superuser so that it will have all permissions to complete that task. For login I am using this code:

Code Select Expand

function forceLogin($superuserId)
{
    $user = JFactory::getUser($superuserId);
    //Will authorize you as this user.
    JPluginHelper::importPlugin('user');
    $options = array();
    $options['action'] = 'core.login.site';
    $response = new stdClass();
    $response->username = $user->username;
    $response->language = '';
    $response->email = $user->email;
    $response->password_clear = '';
    $response->fullname = '';
    $result = $app->triggerEvent('onUserLogin', array((array)$response, $options));
    $session->set('user', new JUser($superuserId));
    return true;
}

By this, my current login user will be superuser. Now the concern is when VirtueMart searching for permissions, it is still getting that current session doesn't have them and so it returns false.

One of the solutions I came around is to redirect internally after login and then proceed to other tasks, in that way the system recognizes session to be availed with all permissions. For example -

I received something in getNotification()

Code Select Expand

function getNotification()
{
    //from here I log in the user
    $this->forceLogin($speruserId);

    //and now redirect
    $app = JFactory::getApplication();
    $app->redirect('index.php?option=com_mycomponent&task=setNotification');
}

Now I proceed further request from setNotification()

Code Select Expand

function getNotification()
{
    // do my work here
}

I think by redirecting session is being reset with current user and so it gets all permission. Though I can redirect when my call generates from the site only, or from Postman, though here I am getting this request from 'Notification' of eBay (It is the concept of webhook). In the notification call, when I try to redirect, the flow stops then and there, my 'setNotification' never calls up.

Can it be done without redirection? If yes, how?

[Milbo]

and why do you not use the built in userswitcher?

[anantmaks]

Hi Milbo

I do not know if there is any built-in userswitcher in Joomla! Moreover, why would there be any need to switch user when I am directly logging in superuser, who has all permissions?

[Milbo]

VirtueMart has a built in userswitcher. Check the configuration. Then enable it and see the switcher in the cart.

[AH]

I do not know if there is any built-in userswitcher in Joomla! Moreover, why would there be any need to switch user when I am directly logging in superuser, who has all permissions?

As @milbo has said

There is a configuration under administrator/virtuemart/configuration/checkout

"Allow Administrators to change the current Shopper"

When this is checked

A user with FE VM permissions is able to select from a list of registered accounts and complete the checkout process as if they were that account holder.

[anantmaks]

ok, I get that but my query is different. I want to create a product from the front-end on a method call. Prior to calling that method, there is no user logged in to the system. Now within this method, I forcefully make superuser login, prepare my data and call 'store' method of product model in VirtueMart. Though VirtueMart throw me out while checking

Code Select Expand

vmAccess::manager(), at the same moment if I check

Code Select Expand

JFactory::getUser() it shows that superuser is logged in.

[Milbo]

Do not work with joomla, work with VM. Anything is already there, you do not need to code anything.

Login as admin, switch to the desired user and create a new product per FE managing as "customer" with the rights of a manager

[anantmaks]

Hi @Milbo

ok, I'll work with this once I will again be on the same function. With my understanding, to go with switchuser I need to call

Code Select Expand

changeShopper() of cart controller in VirtueMart which is finally setting up new user and data into cart and session. There is something I currently confused in its flow:

• It is dealing with cart, which is having no relevancy in my code as I am only adding a product
• It is redirecting, after its execution which I do not want (the notification event from eBay halts if any redirection happens, so till product add/update I can not redirect)

Though I will definitely try this code and will let you know the outcome. Thanks.

[anantmaks]

changeShopper() is still not fixing things because of the two things I mentioned in my last reply. Moreover, I already logging in with superuser so I do not understand the need to change user when superuser already has all permissions to add product. Maybe I am not able to make you understand the query, or not able to understand your answers. You may call me a noob again.

One of my teammates is able to find the solution. The thing was that vmAccess class is initializing a variable

Code Select Expand

static protected $_cu = array(); which is getting checked every time that isset or not corresponding to a user id. Though as still redirection not made after login, so this $_cu is filled with id 0 and so vmAccess::manager() resulting in false. If we set this $_cu by our logged in user after extending vmAccess class, everything works fine then.

[Milbo]

You do not understand. You dont need to code anything for your idea, that vendors can register their own users. That works already! Checkout first the features already built in before you start to write something which is already there.

I think it will spare you a lot time to buy an hour of my time and I explain the system. https://extensions.virtuemart.net/support/virtuemart-consulting-and-mentoring-detail