News:

Support the VirtueMart project and become a member

Main Menu

login a user and granting core permissions

Started by anantmaks, May 18, 2018, 09:59:00 AM

Previous topic - Next topic

anantmaks

VirtueMart V3.2.14

I am working on a project which requires to create a product from my call and while creating a product VirtueMart checks vmAccess::manager('product.create'). so when I receive a call I forcefully logging in the request as a superuser so that it will have all permissions to complete that task. For login I am using this code:

function forceLogin($superuserId)
{
    $user = JFactory::getUser($superuserId);
    //Will authorize you as this user.
    JPluginHelper::importPlugin('user');
    $options = array();
    $options['action'] = 'core.login.site';
    $response = new stdClass();
    $response->username = $user->username;
    $response->language = '';
    $response->email = $user->email;
    $response->password_clear = '';
    $response->fullname = '';
    $result = $app->triggerEvent('onUserLogin', array((array)$response, $options));
    $session->set('user', new JUser($superuserId));
    return true;
}


By this, my current login user will be superuser. Now the concern is when VirtueMart searching for permissions, it is still getting that current session doesn't have them and so it returns false.

One of the solutions I came around is to redirect internally after login and then proceed to other tasks, in that way the system recognizes session to be availed with all permissions. For example -

I received something in getNotification()

function getNotification()
{
    //from here I log in the user
    $this->forceLogin($speruserId);

    //and now redirect
    $app = JFactory::getApplication();
    $app->redirect('index.php?option=com_mycomponent&task=setNotification');
}


Now I proceed further request from setNotification()

function getNotification()
{
    // do my work here
}


I think by redirecting session is being reset with current user and so it gets all permission. Though I can redirect when my call generates from the site only, or from Postman, though here I am getting this request from 'Notification' of eBay (It is the concept of webhook). In the notification call, when I try to redirect, the flow stops then and there, my 'setNotification' never calls up.

Can it be done without redirection? If yes, how?
Anant Garg
Ghaziabad, India

Milbo

and why do you not use the built in userswitcher?
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

anantmaks

Hi Milbo

I do not know if there is any built-in userswitcher in Joomla! Moreover, why would there be any need to switch user when I am directly logging in superuser, who has all permissions?
Anant Garg
Ghaziabad, India

Milbo

VirtueMart has a built in userswitcher. Check the configuration. Then enable it and see the switcher in the cart.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

AH

QuoteI do not know if there is any built-in userswitcher in Joomla! Moreover, why would there be any need to switch user when I am directly logging in superuser, who has all permissions?

As @milbo has said

There is a configuration under administrator/virtuemart/configuration/checkout

"Allow Administrators to change the current Shopper"

When this is checked

A user with FE VM permissions is able to select from a list of registered accounts and complete the checkout process as if they were that account holder.


Regards
A

Joomla 4.4.5
php 8.1

anantmaks

ok, I get that but my query is different. I want to create a product from the front-end on a method call. Prior to calling that method, there is no user logged in to the system. Now within this method, I forcefully make superuser login, prepare my data and call 'store' method of product model in VirtueMart. Though VirtueMart throw me out while checking vmAccess::manager(), at the same moment if I check JFactory::getUser() it shows that superuser is logged in.
Anant Garg
Ghaziabad, India

Milbo

Do not work with joomla, work with VM. Anything is already there, you do not need to code anything.

Login as admin, switch to the desired user and create a new product per FE managing as "customer" with the rights of a manager
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

anantmaks

Hi @Milbo

ok, I'll work with this once I will again be on the same function. With my understanding, to go with switchuser I need to call changeShopper() of cart controller in VirtueMart which is finally setting up new user and data into cart and session. There is something I currently confused in its flow:

  • It is dealing with cart, which is having no relevancy in my code as I am only adding a product
  • It is redirecting, after its execution which I do not want (the notification event from eBay halts if any redirection happens, so till product add/update I can not redirect)

Though I will definitely try this code and will let you know the outcome. Thanks.
Anant Garg
Ghaziabad, India

anantmaks

changeShopper() is still not fixing things because of the two things I mentioned in my last reply. Moreover, I already logging in with superuser so I do not understand the need to change user when superuser already has all permissions to add product. Maybe I am not able to make you understand the query, or not able to understand your answers. You may call me a noob again.

One of my teammates is able to find the solution. The thing was that vmAccess class is initializing a variable static protected $_cu = array(); which is getting checked every time that isset or not corresponding to a user id. Though as still redirection not made after login, so this $_cu is filled with id 0 and so vmAccess::manager() resulting in false. If we set this $_cu by our logged in user after extending vmAccess class, everything works fine then.
Anant Garg
Ghaziabad, India

Milbo

You do not understand. You dont need to code anything for your idea, that vendors can register their own users. That works already! Checkout first the features already built in before you start to write something which is already there.

I think it will spare you a lot time to buy an hour of my time and I explain the system. https://extensions.virtuemart.net/support/virtuemart-consulting-and-mentoring-detail
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/