eZ Community » Forums » General » Is it possible to have a dual login?...
expandshrink

Is it possible to have a dual login? eZPublish 5.4

Is it possible to have a dual login? eZPublish 5.4

Monday 04 May 2015 5:49:56 pm - 6 replies

Hi

I am wondering if the following is possible, and how to acheive it:

1. Have the whole website secure so that users haveto log in to see any content.

2. create areas within the site that only certain users can access.

     eg user group 1 can see and amend pages group 1. Group 2 can only see and amend pages group 2.

3. All pages not assigned to group 1 or 2 can be veiwed by any user that is logged in, but can only be amended by the Main Admin.

 

 

Or maybe there is a different way to acheive the same outcome?

Thanks for any help in advance

 

Barry

Monday 04 May 2015 6:33:06 pm

Hello Berry,

I think in general (without more details from you on the use case) the answer is yes!

You will want to learn more about users, groups, roles, sections and most importantly role policy permissions. You can do amazing things with role permissions.

The answer to #1 is an easy yes.

The answer to #2 is yes as well, using role permissions.

The answer to #3 is also yes, using role permissions.

The documentation on these concepts would be good to study and learn from:

https://doc.ez.no/eZ-Publish/Technical-manual/4.x/Concepts-and-basics/Access-control

https://doc.ez.no/eZ-Publish/Technical-manual/4.x/Concepts-and-basics/Content-management/Sections

https://doc.ez.no/eZ-Publish/User-manual/4.x/The-administration-interface/The-User-accounts-tab/(language)/eng-GB

https://doc.ez.no/eZ-Publish/User-manual/4.x/The-administration-interface/The-User-accounts-tab/Roles-and-policies/(language)/eng-GB

https://doc.ez.no/eZ-Publish/User-manual/5.x/Daily-tasks/Creating-a-protected-area/(language)/eng-GB

If you have further questions, please feel free to ask.

PS. Your forum post title is confusing, perhaps it is not the best or what you meant?

I hope this helps!

Cheers,
Heath

Monday 04 May 2015 10:15:11 pm

Hi.

Thanks Heath. I meant "dual login" by the fact that a user would have to log in once to the main site, but then log in again to their own group of pages.

So, I realise that you can set up different permissions for different users so that they can only see / modify the sections that they have permissions for, but I specifically want the user workflow to be:

user unable to see any of the site except landing page  >> login1 >> now user can see certain pages but not modify anything >> login2 >> now user can see all pages but can only modify specified pages that they have permissions for.

Admin >> login1 >> can see and modify everything

 

I hope that makes it clearer what I am trying to achieve.

I will of course look through the documentation and figure it out, but I wanted to know if it is possible to do it this way.\

 

Thank you

 

Barry

Monday 04 May 2015 11:53:29 pm

Hello Berry,

While I understand a little more what you mean now by "Dual login" the idea sounds horrific.

You should not need to login twice. I can't imagine a good system which would technically require this and I know users would -hate- such an annoyance.

Within eZ Publish, you would not need to login twice. You would just need to create the right roles (and combinations of policies).

Take a look at the content, read policy controls available by default, they sounds like just what you need. Hint this would require changes to the anonymous role's policies to customize them to provide for what your describing.

I hope this helps!

Cheers,
Heath

Tuesday 05 May 2015 3:31:08 am

No. you are completely correct Heath.

It was something I had considered as a solution to a problem I wanted to know if it was technically possible.

However, the more I thought about it, the more I was deciding against it. It makes much more sense for different users to login and have different access controls.Definitely not the correct solution!

Sorry to have wasted our time.

Barry

Tuesday 05 May 2015 10:49:07 am

Hello Berry,

Thank you for siding with sanity and user usability happy.gif Emoticon

I wanted to add that almost anything is possible within eZ with enough custom development, eZ is just that extensible. That said not every first idea we can do means is a good idea.

After some much needed sleep last night I woke up and realized a use case that might make more sense to me and users, "Requiring users to confirm their password when trying to edit certain content". That is a use case that I as a user would not find offensive.

I thought it would be fun to see what it would take to implement a redirect to, 'confirm user password' page / processing before redirecting to content/edit view solution because this idea seemed interesting.

Edit: The follow advise / suggestions are version specific and were made for legacy. This is my first most this morning and my mind was still stuck in legacy mode. If your using new stack only eZ Publish or eZ Platform the solution will be drastically different.

I was hoping their would be a workflow event trigger for content/edit which would make this simple but sadly their I could find none.

I did a bit of research to find out what this might require and due to the nature of content/edit dependencies in the kernel I think this feature would require fairly substantial kernel overrides at a class level and possibly at a module level as well. I could be missing a simpler way to do this with little code but I was looking to integrate.

(Some time after above ...) After some more research all that is really needed, per-say, is to override the content/action module view. It's been a while since I tried to do such a thing, but there are options. This is the part of the code where I would customize (in an override, not a kernel hack),  https://github.com/ezsystems/ezpublish-legacy/blob/master/kernel/content/action.php#L872

This point you would be able to inject code to test for prior successful custom password confirmation, then if not already confirmed, redirect to a custom module view (say: confirm/password) to display the user confirmation password prompt, which would submit to confirm/validate which would redirect back to content/action with the previous request parameter variables using, "$module->redirectToView( 'edit', $parameters );" within the if block described previously testing for successful custom password confirmation (session var of some kind?).

This would be a simple way of building into the existing solution securely with less kernel overrides.

You might be able to fake this with less work (using a legacy custom module view extension) but to do this securely overall I think it will be more involved than you will want to invest in at this point.

Another option is a custom module view custom action handler but it would not ensure this feature was secure and not able to work around with url hacking.

http://serwatka.net/en/blog/do_you_need_action

Just to be clear, you have not wasted my time and I hope you do not truly feel bad for just asking questions. Please feel free to ask more questions like this in the future.

I hope this helps!

Cheers,
Heath

Modified on Tuesday 05 May 2015 11:11:57 am by // Heath

Wednesday 06 May 2015 2:14:25 pm

Hello Berry,

I was inspired again last night and did the work to create the confirm password solution I described above instead of sleeping big-smile.gif Emoticon

https://github.com/brookinsconsulting/bcconfirmpassword

I have heavily tested the solution and after a lot of refinement it is working perfectly for me.

The solution requires kernel class and module overrides but does so in a very minimalistic way by only overriding what is required and symlinking the rest to reduce future maintenance.

I welcome your questions and feedback on the solution. Let us know what you think.

I hope this helps!

Cheers,
Heath

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from