- Forums
- Community Discussions
- Community Builder
- General
- Check user "status" and "groups" belongig, and step-up if required.
Check user "status" and "groups" belongig, and step-up if required.
- smalldragoon
- OFFLINE
-
Premium Member
- Posts: 93
- Thanks: 14
- Karma: 2
4 years 2 months ago - 4 years 2 months ago #316311
by smalldragoon
Check user "status" and "groups" belongig, and step-up if required. was created by smalldragoon
Hello,I have this main need :
I would like to check each time a user open a link/page, to check if he is allowed to do so and if not, depending of a parameter, trigger a re-authentication.
I think I can achieve this thanks to the auto-actions regarding the trigger before accessing the page .
Now, I have my authentication method which is a javascript providing me at the end a JWT token.
I already did some test using the auto action " add to user group" , grabbing user groups provided as parameter in the JWT.
I tried to create a schema to summarize :
https://ibb.co/34pMzMP Schema
What do you recommand now, to have a proper and clean solution to mix these 3 things ?
Should I create a module and a plugin ( like here ? : docs.joomla.org/J3.x:Creating_an_Authentication_Plugin_for_Joomla/en ) only ?
Thanks for your advises and insights
I would like to check each time a user open a link/page, to check if he is allowed to do so and if not, depending of a parameter, trigger a re-authentication.
I think I can achieve this thanks to the auto-actions regarding the trigger before accessing the page .
Now, I have my authentication method which is a javascript providing me at the end a JWT token.
I already did some test using the auto action " add to user group" , grabbing user groups provided as parameter in the JWT.
I tried to create a schema to summarize :
https://ibb.co/34pMzMP Schema
What do you recommand now, to have a proper and clean solution to mix these 3 things ?
Should I create a module and a plugin ( like here ? : docs.joomla.org/J3.x:Creating_an_Authentication_Plugin_for_Joomla/en ) only ?
Thanks for your advises and insights
Last edit: 4 years 2 months ago by smalldragoon.
Please Log in to join the conversation.
krileon
Team Member- ONLINE
- Posts: 68488
- Thanks: 9076
- Karma: 1434
4 years 2 months ago #316316
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Check user "status" and "groups" belongig, and step-up if required.
I don't understand why you need to do this. Access permissions are always checked on access attempt. For example set a Joomla menu item to Author access while logged in as a Registered user. Now click the menu item and it will error you don't have access and they will no longer be able to see that menu item next time menu is output.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- smalldragoon
- OFFLINE
-
Premium Member
- Posts: 93
- Thanks: 14
- Karma: 2
4 years 2 months ago - 4 years 2 months ago #316318
by smalldragoon
Replied by smalldragoon on topic Check user "status" and "groups" belongig, and step-up if required.
I need to check each time the user belonging to groups.
I have another "system" which change usergroups based on time / action etc....
ex scenario
john login -> he is assigned group level 5
after 5 sec , he tries to go to a page with required level 5 -> ok
user read the page , then goes somewhere else ...
the "automated system after 1 min" changes john to level 4.
John comes back to the page where level 5 is required.
-> a "step up" is required , so the authentication is trigered again for a level 5.
if ok, ...etc....
make sense?
I have another "system" which change usergroups based on time / action etc....
ex scenario
john login -> he is assigned group level 5
after 5 sec , he tries to go to a page with required level 5 -> ok
user read the page , then goes somewhere else ...
the "automated system after 1 min" changes john to level 4.
John comes back to the page where level 5 is required.
-> a "step up" is required , so the authentication is trigered again for a level 5.
if ok, ...etc....
make sense?
Last edit: 4 years 2 months ago by smalldragoon.
Please Log in to join the conversation.
- krileon
- Team Member
- ONLINE
- Posts: 68488
- Thanks: 9076
- Karma: 1434
4 years 2 months ago #316330
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Check user "status" and "groups" belongig, and step-up if required.
Access is already checked dynamically like that. My guess is when you're assigning usergroups you are not doing so correctly with Joomla API which should update the appropriate session cache. If you assign usergroups with direct database queries the session cache won't be updated so Joomla won't see the usergroup change until next login or possibly just until next page load. CB Auto Actions can be used to safely assign new usergroups, but it has nothing to do with your access check needs nor should it be necessary for those.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- smalldragoon
- OFFLINE
-
Premium Member
- Posts: 93
- Thanks: 14
- Karma: 2
4 years 2 months ago #316354
by smalldragoon
Replied by smalldragoon on topic Check user "status" and "groups" belongig, and step-up if required.
My idea is indeed to use auto action . let me rephrase as it seems that I'm not clear. Let's go first with a basic scenario and then , we will add specific ones.
my user is john. he is a standard user , "registered". he authenticates and is now logged in
john can to any page allowed to registered.
Now, he tries to access to a page only allowed to "supergroup1".
What I would like is to trigger an authentication ( again ) , in order to get through this authentication the "assignement" to an additional group, which is "supergroup1". ( I'm putting aside here for now all the stuff regarding the authentication and how to get the group list )
as a global background, I get the info through a JWT token
am I more clear now ?
Thanks !
my user is john. he is a standard user , "registered". he authenticates and is now logged in
john can to any page allowed to registered.
Now, he tries to access to a page only allowed to "supergroup1".
What I would like is to trigger an authentication ( again ) , in order to get through this authentication the "assignement" to an additional group, which is "supergroup1". ( I'm putting aside here for now all the stuff regarding the authentication and how to get the group list )
as a global background, I get the info through a JWT token
am I more clear now ?
Thanks !
Please Log in to join the conversation.
- krileon
- Team Member
- ONLINE
- Posts: 68488
- Thanks: 9076
- Karma: 1434
4 years 2 months ago #316359
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Check user "status" and "groups" belongig, and step-up if required.
You want to assign a new usergroup when they fail to access a menu item that requires said new usergroup? If there's a Joomla event for that sure otherwise that's outside of CB so is not in CBs control. CB Auto Actions can act on Joomla events by prefixing them with joomla_ when configuring the triggers for an auto action so as long as Joomla has an event for that then sure it's probably doable.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
- Forums
- Community Discussions
- Community Builder
- General
- Check user "status" and "groups" belongig, and step-up if required.
Time to create page: 0.229 seconds
-
You are here:
- Home
- Forums
- Community Discussions
- Community Builder
- General
- Check user "status" and "groups" belongig, and step-up if required.