Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#37 2008-03-03 20:31:09

typeshige
Member
From: USA
Registered: 2005-08-11
Posts: 151
Website

Re: rvm_privileged v0.4

Thank you! Just installed and it seems to do the trick. Thanks again!!!

Offline

#38 2008-03-23 11:29:27

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,446
Website GitHub

Re: rvm_privileged v0.4

ruud, this is a great idea for a plugin and could be just what I need but I think I’ve misunderstood something. I have a multi-author site with one editor (publisher; currently me) and many Staff Writers.

At the top of each article I’d like to offer two links ‘Edit Article’ and ‘Edit Image’ (article_image) but ONLY to the author of the article if they are logged in OR the editor (level=1) if they are logged in. When viewing the public side without being logged in, these links are not shown to anyone.

If I log in as author1 and view an article created by author1, using this code:

<txp:asy_wondertag>
<txp:rvm_if_privileged name="bloke, <txp:jmd_author />">
 <a href="blah blah">Edit article</a>
 <a href="blah blah">Edit image</a>
</txp:rvm_if_privileged>
</txp:asy_wondertag>

It shows the links fine, yay! [ I could have used php to get the author name, and may well do yet… there’s no built-in function to show the author name that I could find ]

Then I logged in as author2 (in another browser) and viewed the same article: the links still appeared. Hmmm, I checked the tag trace and it shows this:

<txp:rvm_if_privileged>
	[SQL (1.181729): select nonce, name, RealName, email, privs from txp_users where name = 'author1']
	[<txp:rvm_if_privileged>: true]
</txp:rvm_if_privileged>

So, in an effort to say “if user level=1 or logged-in user”, I tried:

<txp:rvm_if_privileged name="<txp:jmd_author />" level="1">

Now, when logged in as me, if I view an article created by author1 the tag trace shows:

<txp:rvm_if_privileged name="author1" level="1">
	[SQL (0.000140): select nonce, name, RealName, email, privs from txp_users where name = 'bloke']
	[<txp:rvm_if_privileged name="author1" level="1">: true]
</txp:rvm_if_privileged>

And I get the links, w00t. When logged in as author1, viewing their own article:

<txp:rvm_if_privileged name="author1" level="1">
	[SQL (0.000106): select nonce, name, RealName, email, privs from txp_users where name = 'author1']
	[<txp:rvm_if_privileged name="author1" level="1">: false]
</txp:rvm_if_privileged>

No links :-(

When logged in as author 1, viewing another person’s article;

<txp:rvm_if_privileged name="author2" level="1">
	[SQL (0.000086): select nonce, name, RealName, email, privs from txp_users where name = 'author1']
	[<txp:rvm_if_privileged name="author2" level="1">: false]
</txp:rvm_if_privileged>

No links, as expected. So I thought maybe I needed to include the Staff Writer level as well. Therefore I used:

<txp:rvm_if_privileged name="<txp:jmd_author />" level="1,4">

When logged in as me:

<txp:rvm_if_privileged name="author1" level="1,4">
	[SQL (0.000092): select nonce, name, RealName, email, privs from txp_users where name = 'bloke']
	[<txp:rvm_if_privileged name="author1" level="1,4">: true]
</txp:rvm_if_privileged>

Links shown, yes! Logged in as author1, viewing their own article:

<txp:rvm_if_privileged name="author1" level="1,4">
	[SQL (0.000198): select nonce, name, RealName, email, privs from txp_users where name = 'author1']
	[<txp:rvm_if_privileged name="author1" level="1,4">: true]
</txp:rvm_if_privileged>

Links shown, yes! Logged in as author 1, viewing another person’s article;

<txp:rvm_if_privileged name="author2" level="1,4">
	[SQL (0.000123): select nonce, name, RealName, email, privs from txp_users where name = 'author1']
	[<txp:rvm_if_privileged name="author2" level="1,4">: true]
</txp:rvm_if_privileged>

Links still shown :-(

I can’t quite get my head round what’s going on. It seems that if I use the level attribute, the list of names is used and each is compared with the level, but if I don’t use the level attribute it only checks the logged in user, ignoring the name attribute(?). Or maybe it’s a logic issue: i.e. it’s comparing name AND level when I’m (unreasonably) expecting it to do name OR level? Or vice versa?

I’m using v0.2 of the plugin under TXP 4.0.6. Please would you put me out of my misery and point out the conceptual error I’m making in understanding this cool plugin, thanks.

Last edited by Bloke (2008-03-23 17:33:17)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#39 2008-03-23 15:43:12

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: rvm_privileged v0.4

Stef, I’ve uploaded version 0.3 which corrects the logic of name/level checking (OR, not AND). Let me know if that works for you.

Offline

#40 2008-03-23 17:45:57

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,446
Website GitHub

Re: rvm_privileged v0.4

Ahaaa, now with name="bloke, <txp:jmd_author />" level="1,4" it does what I want. Thank you, fine sir.

The only nagging suspicion I have now is that it feels like I’m over-specifying the matches. In an OR scenario, surely name="<txp:jmd_author />" level="1" should work? i.e. if the logged-in user matches the name of the article’s author OR the privilege level of the logged-in user == 1 then…

That leads me to believe I was doing something stupid before and perhaps it was working all along… maybe I should have another go with 0.2 and see if I can figure out where I went wrong. Of course, I’ve just overwritten my v0.2… humbug :-(

btw, won’t the logic change affect people who were using it successfully before?

Many thanks for your time on this, sorry to be a pest.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#41 2008-03-23 18:13:04

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: rvm_privileged v0.4

The documentation said that OR logic was used (AND logic makes no sense), so it was a bug in the plugin, which is now fixed thanks to your feedback. Yes, name="<txp:jmd_author />" level="1" should work.

Offline

#42 2008-03-31 16:06:12

typeshige
Member
From: USA
Registered: 2005-08-11
Posts: 151
Website

Re: rvm_privileged v0.4

Hi Rudd,

I’m revisiting adding a login screen to my project that works with this plugin.

A while back you gave me some advice, but I’m still uncertain about how to set the public_cookie properly.

If it’s easy to do, could you point out the line-numbers or the snippet of code that does this in txp_auth? I don’t want to make a security hole by doing it incorrectly!

Thanks for all your help,
Shige

typeshige wrote:

ruud wrote:

logoff is equivalent to deleting the txp_login_public cookie.
login requires you to check username/password against the txp_user table and setting the txp_login_public cookie.
Look at the ‘/textpattern/include/txp_auth.php’ file for inspiration ;)

Thanks for the advice!

Offline

#43 2008-03-31 16:54:43

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: rvm_privileged v0.4

The txp_login_public cookie appears three times in txp_auth. The first 2 times it’s being deleted. The last time it is created. Should be easy to find. Please do use a different name for this cookie if you’re creating one yourself, to avoid conflicts with the TXP built in cookies.

Offline

#44 2008-04-04 05:34:34

typeshige
Member
From: USA
Registered: 2005-08-11
Posts: 151
Website

Re: rvm_privileged v0.4

Thank you! I’ll make sure I figure it out this time.

ruud wrote:

The txp_login_public cookie appears three times in txp_auth. The first 2 times it’s being deleted. The last time it is created. Should be easy to find. Please do use a different name for this cookie if you’re creating one yourself, to avoid conflicts with the TXP built in cookies.

Offline

#45 2008-06-28 04:38:28

maniqui
Member
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: rvm_privileged v0.4

OK, here I’am

ruud wrote:

hint: <txp:rvm_if_privileged> + <txp:else />

O.o
This must be a riddle for those genius who knows what PHP stands for.


La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#46 2008-06-28 13:04:20

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: rvm_privileged v0.4

This should suppress debug tag error messages for anonymous visitors. You can place this at the top of the page template. This assumes the production status is set to debug.

<txp:rvm_if_privileged>
<txp:else />
  <txp:php>set_error_level('live');</txp:php>
</txp:rvm_if_privileged>

You could go the other way around as well and set production status to live and override it for people who are logged in:

<txp:rvm_if_privileged>
  <txp:php>set_error_level('debug');</txp:php>
</txp:rvm_if_privileged>

The difference is mainly in the errors that are generated when loading plugins or anything else that takes place before the page template is parsed, because the production status set in the preferences is used there.

Offline

#47 2008-06-30 01:34:15

maniqui
Member
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: rvm_privileged v0.4

Thanks, ruud.

ruud wrote:

The difference is mainly in the errors that are generated when loading plugins or anything else that takes place before the page template is parsed, because the production status set in the preferences is used there.

So, if status is set to debug and there are errors before the page template is parsed, those errors will appear on the output, right?

If right, then, using the first example:

<txp:rvm_if_privileged>
<txp:else />
  <txp:php>set_error_level('live');</txp:php>
</txp:rvm_if_privileged>

those “before-parsing” errors will show in the final output for anonymous visitors, right?

Also, if right, then, using the second example:

<txp:rvm_if_privileged>
  <txp:php>set_error_level('debug');</txp:php>
</txp:rvm_if_privileged>

will hide will hide all errors for anonymous user, but will also hide “before-parsing” errors to privileged users (developers, usually), right?

I’m thinking loud just to choose which option could be most beneficial.

In any case, I will mix the first example with <txp:if_status>, so, will be something like this:

<txp:rvm_if_privileged>
    <txp:else />
    <txp:if_status stats="503">
    <txp:php>set_error_level('live');</txp:php>
     </txp:if_status>
</txp:rvm_if_privileged>

La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#48 2008-06-30 17:20:54

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: rvm_privileged v0.4

Your explanation looks correct, yes. Bear in mind though, that’s how I think it works (haven’t actually tested it).

Offline

Board footer

Powered by FluxBB