I need to implement ACL manager feature for JMultiplehotelreservation extension as I need to manage access levels for user to restrict access levels for features for hotel reservation extension according to user level.I need to verify compatability of hotel reservation extension with ACL manager extension for joomla 2.5
URL for ACL manager extension :
http://extensions.joomla.org/extensions/access-a-security/site-access/backend-a-full-access-control/17951
URL for hotel reservation extension : http://www.cmsjunkie.com/joomla_multi_hotel_reservation_standard
Looking forward for best solution
Related
I am trying to implement common login in multi website for group of sites.
Suppose we have one site which have multicurrency and each website have different payment,price and inventory.
Example : uae.abc.com, in.abc.com, uk.abc.com all website should belongs to abc.com group of websites should have common login, similar would be xyz.com website.
if we tried using customer scope as global than once user registered user can login to all sites be it in group or not, trying to fix using below code to access same group using customer scope as website.
I have overridden Magento\Customer\Model\Config\Share
public function isWebsiteScope()
{
if(in_array($this->_storeManager->getStore()->getId(), [1,2,3,4])) {
return 0;
}
if(in_array($this->_storeManager->getStore()->getId(), [5,6,7,8])) {
return 0;
}
return $this->_config->getValue(
self::XML_PATH_CUSTOMER_ACCOUNT_SHARE,
\Magento\Store\Model\ScopeInterface::SCOPE_STORE
) == self::SHARE_WEBSITE;
}
But login is not working, can any one help me on this.
Thanks in advance
If you want to have single account for all multi-stores you have to do the following:
1 Share customer accounts
You can configure this feature here: System -> Configuration -> Customer Configuration -> Share Customer Accounts.
Share sessions between Magento websites.
There are 3 possible store configurations:
If your websites are located in one domain, but in different directories, e.g. "www.example.com/stores/store1" and "www.example.com/stores/store2" you can setup your "Cookie Path" to "/stores/" in System -> Configuration -> Web -> Session Cookie Management.
If your websites are located in different sub-domains e.g. "store1.example.com" and "store2.example.com" you can setup "Cookie Domain" to ".example.com" in System -> Configuration -> Web -> Session Cookie Management.
If you have different domains, in this case you can add session ID to the URL for another store. Use this construction "Mage::getModel('core/url')->addSessionParam()->getUrl('...')" to get the URL with session parameter.
After that your customers will be able to switch between multi-stores Magento websites without re-login. In other words, if customer will login in one Magento website, he will be able to see another multi-store Magento website using his first store account.
I think that that would be prohibited by either browser Content Security Policy or website XSS prevention. You could try a Microsoft-based sign in system so you could have a user data retrieval from a third database that only allows data to be accessed by the accounts that add it. Then, you also would get all the benefits of Microsoft security.
We’re currently running the Okta Active Directory agent in order to import our users into Okta.
I'd like to replace this with a custom built process that imports users into a new internal database, for other user-management-related activities, whilst also adding those users to Okta.
Creating the user in Okta is easy, but I also need to get the user's "provider" set to ACTIVE_DIRECTORY, so that Okta delegates authentication to Active Directory.
The documentation (http://developer.okta.com/docs/api/resources/users.html#provider-object) says that the User's Provider field is read-only.
How can I set it?
While you cannot directly manipulate the credential object you can leverage other features available to achieve the desired result.
Create a group in Okta and configure it as a directory provisioning group. From the designated group select 'Manage Directories' add the desired Directory and follow the wizard to completion.
Add the created users to the group (using the API)
You unfortunately cannot set this property as we do not allow the creation of Active Directory users through the public API at this point.
If the purpose of the new process is simply to enrich the user's profile, can't you not achieve this by letting the AD agent sync the users and enrich the profile directly through the API?
I'm developing a Joomla 3 website, where registered users can belong to several groups of interests (music, theater, technology, and so on).
I would like to give permission to my client to edit users by placing them in groups he desired. For example: user 1 can be in music and theater group; user 2 just registered (no group) and user 3 in technology group. Unfortunately the only permission that Joomla 3 allows you to edit users is the Administrator, but if I give this permission to my client, he will be able to edit articles, themes and other features that I do not want it to edit.
How can I create an access level that can manage only users list?
Thank you and sorry about my english.
Create a new group, assign that group only permission for managing users and whatever else you want and assign your users to that group but not admin.
As a short answer, if you don't want you client to be administrator, you can assign him to the manager user-group.
Then go into the Users Manager Component and click the Options button to go into its configuration page.
There you can override the Permissions Settings for the Users Manager component, so the Managers users will be allowed to Access Administration Interface of the component.
You will have the change the respective setting from inherit to allowed.
Of course if needed, you can create a complete custom ACL, with special usergroups for your users that will have certain accessibility and permissions.
But be careful, because ACL sometimes can be confusing and you might end up with a total mess.
By default, Magento shows different widget types as options in the backend, such as 'Cms Page Link' and 'Catalog Category Link'. However, I want to provide my client only with the theme's relevant widgets, so I want to be able to remove some widgets, at least as an admin option.
The options for the backend are set via the respective core modules /etc/widget.xml. What is the best way to override this, without a core hack?
Any suggestion would be much appreciated!
#Daco
Magento has features to implement the above. It is achieved with the help of "ROLES" and "USERS" in the system tab of magento admin panel.
Solution
Create a role for your client "client_xyz" by going to
System->Permission->Roles.
Add Resources to the role, these resources are the links that you
would like to restrict the users upon or grant them permissions.
After creating the roles and resources, create a user to be given to the client. The Users can be created under System->Permissions->Users.
Create the users assign the roles that are already created. And now when the users login using this newly created credentials. They will only see what is granted by the Admin.
what is use of soap/xml-RPC-user and soap/xml-RPC-roles?
in system menu there is one menu item web services contains 4-5 options like soap/xml-RPC-user and soap/xml-RPC-roles.
what is use of it? how to use that?
The original Magento API was implemented both in SOAP and XML-RPC. SOAP and XML-RPC are well known technologies for creating functions, classes, and methods client-programmers may call over HTTP. Explaining them in greater detail is beyond the scope of a Stack Overflow question.
The User and Roles menus are the for the authentication portion of the Magento API. To authenticate the API, you call a login method, passing in a username and password. You setup this user name and password in the Users menu you mentioned.
Each user you setup has access to a "role". Roles determine which API functions a user may call. You setup the roles in the Roles menu you mentioned. You assign a role to a User when you're editing it in the User section you mentioned.
In newer versions of Magento these sections are explicitly labeled with SOAP/XML-RPC to differentiate them from the newer REST APIs.
At first you'll need to know the use of web services. To acquire basic knowledge of web services,soap and xml-rpc read below url
http://nanostuffs.com/Blog/?p=1152
http://blog.manishchhabra.com/2013/04/rest-and-soap-web-services-analogy/
After getting basic knowledge of web services read how to use it in magento from below url
http://www.magentocommerce.com/wiki/5_-_modules_and_development/0_-_module_development_in_magento/introduction
http://inchoo.net/ecommerce/magento/magento-api-v2/
http://inchoo.net/ecommerce/magento/magento-v2-soap-demystified/