Joomla: Can I auto assign country/language user group on registration? - joomla

I'm developing a multi-lingual site for a client in Joomla 2.5. I wonder if there is any way to auto assign newly registered users to a group based on the language they are on when they register.
I.e. so if I visit the Italian site and register I will automatically be put in the group "Italian".
The underlying reason I want to this is to better separate the forum sections in my Kunena forum so that, for example, Italian users only have access to the Italian forum. Is there a way to solve this in a better way?
Also, I understand that this is by no means any kind of guarantee for people sticking to their respective language's forum but it is a request from the client who wants to direct the users as much as possible.

As far as I know, the language information are stored inside a cookie, so you can't access them server-side.
You should create a user plugin: when the user register, you can try to guess the country using IP lookup, then add it to the linked user group.

Related

Where to put logic for auto-login and creating members

Im new to Umbraco development, but im plenty familiar with ASP.Net & MVC etc. So Im getting to grips with the object model and terminology used, but Im not sure where to start. I need to use windows authentication on my Umbraco site, which will be for internal use only.
What I envision:
- When a domain user hits any area of the website, grab the user identity
- Lookup to see if matching user(or member) exists and if not create it
- Login this user to Umbraco
- By default all new visitors, if their user identity doesnt match a current member, then create that member and log them in.
Sounds like I need to create my own controller that overrides the base controller (RenderMvcController ?) and check the user identity on each and every request? Maybe do this by overriding the Index action method? Or could I do this with a macro - or as ive seen mentioned, are macros loosing favor with the new version of Umbraco?
Also, Im not sure how to deal with members vs users? As I understand it, members are who have access to the front part of the website, whereas users are those that have access to the back office area and can create/manage content.
Are all users also members?
There will be some that I want to give access to create/manage content, so when Im auto-creating users, its actually members that I need to create, not users?
[ update ]
Actually, I think I will need to create my own membership provider if I want every request routed through the check for a valid domain user? In my research, I keep coming across this example http://thegrayzone.co.uk/blog/2012/07/combined-authentication-with-umbraco/
I have overridden the default RenderMvcController in numerous projects with success, you could of course use the built in Umbraco auth to redirect to an authentication page for users that do not have a valid Umbraco Auth token and set it only only on that page based on their windows identity.
RE: Are users also members?
No. Users & Members are entirely independent of one another; users being back office users & members being front end users. You will need to create 2 accounts.

Granular Web UI Access/Authorisation - Vaadin 7, JBOSS 7.1.1

I am using vaadin 7, and jboss 7.1.1. There is a business requirement for very granular ui access. There will be parent windows per business function, and in that window functions relative to it. Business requires enabling and disabling those functions within, per user, so as an example, a parent window that represents employees, and when you click that you enter the child window which has functions like editing, deleting, viewing, adding,etc etc but that access must be customized to the user using it, so user x can update but not delete, as an example.
So what i came up with was to store that information in the database. In the database there will be a users table with username and a user guid. Then a parentview table and and parentchildren table and then lastly a userview table. i will store in the userview table the users guid and either the view they have access to and what type of access as in read,write,update,etc... I will on the ui login authenticate against ldap, get the users information and guid and use the guid to pull the users view access from the userview table in the database and store it in the vaadin session, and then on the ui, read that from the session and show the correct access.
I am not sure if this is the best way which is why i am asking if my solution is ok? I have been reading lots of doc's around security but non seem to achieve what i want. Another point of keeping it in the db, is that i can create a user admin ui which can edit the users access simply by updating the db, i dont want to redeploy or do anything with the webserver, I would prefer a ui user access control module and for someone with rights to it to administer that access. I would really appreciate insight and some ideas into this.
Thanks guys, I would appreciate any input.
What you want to achieve, regardless of the environment you are in and technology you are using, is fine-grained access control / authorization.
The way to do that is to use authorization frameworks. Spring Security has one for instance. I'm not sure whether Vaadin comes with anything.
In our company we use Vaadin to develop a management portal and we then use XACML to apply fine-grained decisions to the portal such as which functions to enable for which users and even which items to display in a Vaadin table.
Generally speaking you want to look at the field of attribute-based access control (NIST ABAC). ABAC lets you define authorization constraints based on different factors/parameters such as user attributes (location, department, role...) and resource attributes (where the resource can be data, widgets, functions... You name it).
I actually delivered a webinar yesterday on the topic of fine-grained authorization for Java MVC apps. I think it could prove useful for you.
If you go down the XACML path, you do not need to create a custom database with the information inside as you have done. All you need to do is write authorization policies e.g. a user in purchasing can use the purchasing functions.
There are several open source XACML implementations as well as vendor solutions such as the one I work for, Axiomatics.
I hope this helps. I've also written a lengthier answer here which covers the broader field of authorization.

Composite C1 - Membership Provider - Simple Registration and Login

I am developing my first application using the Composite C1 CMS as the core system. I am currently working my way through the documentation and learning about data structuring, etc. I see that there is a paid Extranet package which can be purchased but I would prefer to develop my own Membership system within the site.
What would be the best way for me to allow users to register on the front end of my Composite C1 website and then to allow them access to a password protected area once they have registered and logged in?
I am a fairly experienced .net developer but Composite C1 is very new to me (at first impressions I like it a lot!)
Thanks
Like the commercial Extranet package you can write a RenderingResponseHandler plugin and register it it the ~/App_Data/Composite/Composite.config file.
Check the guide "How can I validate users before a page or media file is being served?"
RenderingResponseHandler plugins are tasked with approving page and media requests and they can either let the request pass or redirect the request to a new URL.
You would need to take care of the user data base and login page yourself. Also some mechanism that would allow a user of the cms to mark pages as protected/public might make sense.
There is relevant pointers on the CodePlex thread "Restricting access to MediaArchive files"

What is the Preferred Method to having multiple websites share checkout sessions

I have implemented many multi site implementations in the past, so I get how to set up the environment. What I haven't done, is set up multiple websites that can share the same cart session.
So if you are on site1.com and add something to your cart or are logged on, when you go to site2.com you are logged in and have the same items in your cart.
From what I read around the forums, well there isn't much about the best way to share session. But I do know that using the configuration to enable SID on the frontend will pass the session id if you transfer between sites. I figured this is all you need to have, but I see where people are saying that only stores can share checkout sessions and that stores can have their own domain.
I am thinking the best way to do this is to setup multiple websites not one website multiple stores and then just make sure when linking to the other site, I use proper magento url methods to build out the link and it will pass over the SID and the users session will be transferred over.
Is this the preferred way to do this? Is there anything I need to know in terms of configuration? Is there any negatives doing it this? Is there a better way?,
Well if you want to have such possibility only for logged customers then i propose to you to use sales_flat_quote table which is represented by Mage::getModel('sales/quote').
With this model you can manage cart and focus only in passing customer identifier which would bring us to security subject... How would you pass customer identifier in secure way as SID isn't very secure.
Plus SEO doesn't like SID in URL from what i've heard.

ASP.NET Membership - Is Switching the Application Name in the Web.Config a good idea?

I came up with an interesting way to solve the following problem and I want to know if there is a better way to achieve my objectives.
Basically, I'm creating a basic cms system users can register for their own microsite and have their own users. I'm using the asp.net membership api.
I wanted a way to isolate users of the various microsites from eachother so that a user authenticated with www.mysite.com/johns-site wouldn't also be authenticated with www.mysite.com/pauls-site.
I also wanted a way to associate a username with a microsite so that if a user is registered as bob on one site, it doesn't stop another user registering as bob for a different microsite.
To achieve this, I noticed that in the asp membership tables a user belongs to an application. Every time I receive a request, I have a method that switches the applicationName in the web.config based on the url.
This does meet my objectives in an easy way but feels a bit hacky. Is there an alternative way to switch applications for the membership provider?
It is possible to get/set the ApplicatioName property at run time however according to the below MSDN post it is not recommended as the property is not thread safe i.e. if multiple users are creating accounts for different applications at the same time it may not correctly allocate the ApplicationName per user.
Syntax:
Membership.ApplicationName = "MyAppName"
OR
Membership.ApplicationName = "MyAppName";
Further reading:
http://msdn.microsoft.com/en-us/library/system.web.security.membership.applicationname.aspx
Note:
You are updating the contents of the web.config file from the application code? If so this is most certainly "hacky". Plus editing the web.config will drop any active sessions (if your app uses session state of course).
I agree, it is a hack that will likely make you pay at some point.
The proper way to accomplish this would involve each virtual directory (or microsite as you say) each defining a <membership> element with the same connection string but different applicationName attribute.

Resources