I have a script that automatically adds the current user to a specified group, but he has to log out and log in again before his new privileges are applied. I've come across this processor
$response = $modx->runProcessor('security/access/flush');
but I don't know how to use it properly. Called like that, it doesn't appear to do anything. I can't find any documentation about it at all, except the usually unhelpful api docs.
One workaround is to have the script that adds the user to the group redirect to some other landing page with "service=logout" in the URL query string. Of course, this means that the user has to log in again, but at least it does refresh his permissions.
But there should be a way to use that processor to force the current user's session to reload, as it does for the Manager user with the "Flush Your Permissions" menu item.
discuss.answer
-
- 24,544 Posts
Give this a try:
$context = 'web'; // or whatever
$targets = explode(',', $this->xpdo->getOption('principal_targets',
null, 'modAccessContext,modAccessResourceGroup,modAccessCategory,sources.modAccessMediaSource'));
array_walk($targets, 'trim');
$modx->user->loadAttributes($targets, $context, true);
Ok, I get most of that...what's 'principal_targets'?
-
- 24,544 Posts
It's the principal_targets System Setting, which specifies the objects you want to update for the user. It defaults to modAccessContext,modAccessResourceGroup,modAccessCategory,sources.modAccessMediaSource.
Does it work?
Interesting. It shows everything as expected in the SESSION after joining a group and running your code (with a slight modification, $this->xpdo-> got changed to $modx->)
Testing it with protected pages also works.
However, the getUserGroups function called afterwards doesn't list the new group.
-
- 24,544 Posts
That's odd. Having modAccessResourceGroup in the list should take care of that. Could getUserGroups be getting a cached result?
I have the snippet using it uncached. It does show the correct list after the user logs out and logs in again.
I made sure to call my groupList snippet after my joinGroup snippet, but even if the page is loaded again it still doesn't show the new group in its list.
So it looks as if it uses some other source for getting its group information on the user, not the SESSION and not the database (the group shows immediately in the user's page in the Manager). Is there a section in the cache for user details? I haven't been able to find anything like that.
[ed. note: sottwell last edited this post 9 years, 3 months ago.]
-
- 24,544 Posts
There are a couple of files like : core\cache\registry\state\ys\user-1\modx-tree-usergroup.msg.php.
They look like they might hold usergroups and other data for a given user. Clearing the site cache has no effect on them. You could try unlinking them.