Subscribe: RSS
  • I tried to manage users via front-end. Here's what I found out:

    • joinGroup() and leaveGroup() update user groups is DB and Manager, but do not update getUserGroupNames() (getting user groups from session, I guess) - user should relogin to update that
    • save() also do not updates session

    Then I saw http://tracker.modx.com/issues/3860. That Bug describes my situation, but it marked as Fixed. It is very very strange... May be there is something I missed or don't understand... But joinGroup() and leaveGroup() methods do not update session of specified user without relogin of this user - that's the fact!

    I thought I had no need to use unset($_SESSION...) because the bug was fixed. Now I tried to add unset($_SESSION...) in my script. No effect.. Why it not works?

    What I'm doing wrong? Or may be is there another way to flush session/permissions of the specified user via api? [ed. note: Alexus last edited this post 5 years, 11 months ago.]
    • What's interesting:

      while logged in under any other user (different from the "test") I can get truthful information about "test" user:
      $username = 'test';
      $user = $modx->getObject('modUser', array('username' => $username));
      print_r ($user->getUserGroupNames());                               // returns all groups including newly assigned
      print_r ($_SESSION["modx.user.{$user->get('id')}.userGroupNames"]); // returns all groups including newly assigned


      while logged in under the "test" user I use the same methods - getUserGroupNames() and $_SESSION[..]:
      print_r ($modx->user->getUserGroupNames()); // returns only old grops from session, without recently assigned groups
      $id = $modx->getLoginUserID() ? (string) $modx->getLoginUserID() : '0';
      print_r ($_SESSION["modx.user.{$id}.userGroupNames"]); // the same if I wanted to get groups from the session directly

      I need to logout and login under the "test" user to see updated groups.

      Why results of using the same method are different?


      Seems that Bug #3860 was fixed for the first case only. [ed. note: Alexus last edited this post 5 years, 11 months ago.]
      • Are you testing by previewing from the Manager (or in another window on the same browser)? That will make things ambiguous.


        This should get you a fresh list, unless MODX is refreshing that $_SESSION variable from the cache on each request:

        $id = $modx->getLoginUserID();
        unset($_SESSION["modx.user.{$id}.userGroupNames"]);
        



        Putting a snippet with this code on another page and forwarding to it after the above code runs might be informative:

        $id = $modx->getLoginUserID();
        if (isset(($_SESSION["modx.user.{$id}.userGroupNames"])) {
           return 'User Groups are set';
        } else {
           return 'User Groups are NOT set'; 
        }
        [ed. note: BobRay last edited this post 5 years, 11 months ago.]
          Get my Book: MODX:The Official Guide
          MODX info for everyone: http://bobsguides.com/MODx.html
          My MODX Extras
          Bob's Guides is now hosted at A2 MODX Hosting
        • Actually I've tested that even in 3 browsers smiley :
          1) Modx manager with logged in as "admin". Here I can add/delete the "test" user to groups or just view the result of my front-end user-groups-manage page.
          2) Front-end user-groups-manage page with logged in user "inquisitor" that have access to this page. Here I managing the groups of "test" user and also I can view the result by using:
          $username = 'test';
          $user = $modx->getObject('modUser', array('username' => $username));
          print_r ($user->getUserGroupNames());                               // returns all groups including newly assigned
          print_r ($_SESSION["modx.user.{$user->get('id')}.userGroupNames"]); // returns all groups including newly assigned

          3) Logged in "test" user at any page with my snippet just to see the result:
          print_r ($modx->user->getUserGroupNames()); // returns only old grops from session, without recently assigned groups
          $id = $modx->getLoginUserID() ? (string) $modx->getLoginUserID() : '0';
          print_r ($_SESSION["modx.user.{$id}.userGroupNames"]); // the same if I wanted to get groups from the session directly
          


          I also tried what you say. When I'm adding
          unset($_SESSION["modx.user.{$user->get('id')}.userGroupNames"]);

          to 2) page I have no effect on 3) page after updating "test" user groups. Info about groups of "test" user on 2) page updates fine without adding that.

          I should add
          unset($_SESSION["modx.user.{$id}.userGroupNames"]);

          to 3) page so the "test" user can refresh his groups by himself.

          But this is not the way! Should I say to each managed user: "now go to that page or relogin to refresh your groups list"? I want to press only button on user-groups-manage page and specified user will be added to selected group AND his groups list will be refreshed. Without his relogin and even without any other his action.


          Now I add to 2) page sql query that terminates "test" user session from modx_session table in DB. It logouts "test" user so he must login again. And of course his groups list updates successfully when he login again. This is rough way, so I'm trying to find out another.


          P.S.: hope I'm clearly explaining on my imperfect English smiley [ed. note: Alexus last edited this post 5 years, 11 months ago.]
          • Here are some more things to try:

            $modx->reloadConfig();
            
            $modx->getUser();
            
            $modx->getUser('', true);
            
            
            $modx->reloadContext();
            
            $modx->reloadContext('mgr');
            $modx->reloadContext('web');
              Get my Book: MODX:The Official Guide
              MODX info for everyone: http://bobsguides.com/MODx.html
              My MODX Extras
              Bob's Guides is now hosted at A2 MODX Hosting
            • Thanks for your participation, BobRay.
              It works for the current user ("inquisitor", "admin" etc. - any I logged in), not for specified edited user ("test").
              Or I am just don't know how to specify the user to which I want to apply these methods.

              Also I tried:
              $username = 'test';
              $user = $modx->getObject('modUser', array('username' => $username));
              $user->endSession();
              

              But it ends the current user session! The "test" user remains logged-in.

              That's why I use a custom sql query that terminates specified ("test") user session from modx_session table in DB - to logout "test" user:
              $sql = "UPDATE modx_session INNER JOIN modx_user_attributes ON modx_user_attributes.sessionid = modx_session.id SET data = '' WHERE modx_user_attributes.id = 2"; // id of "test" user = 2
              $q = $modx->prepare($sql);
              $q->execute();


              So the question remains open... Is there any internal modx methods to refresh specified user session? Or to end specified user session?
              • I could not find modx_user_attributes anywhere in the core code, so I'm going to guess no, but I could be wrong.

                Anyway, congratulations on finding something that works. smiley
                  Get my Book: MODX:The Official Guide
                  MODX info for everyone: http://bobsguides.com/MODx.html
                  My MODX Extras
                  Bob's Guides is now hosted at A2 MODX Hosting
                • I strongly believe that jeaveGroup() and joinGroup() methods should also refresh user session (=permissions) without user relogin or performing any other actions.

                  I'm thinking about adding this issue to tracker.modx

                  splittingred, you're the one who fixed similar issue http://tracker.modx.com/issues/3860. I'll be glad to hear some words about my situation.
                  • Hello. It seems that the problem has not been solved yet. When using method joinGroup(), the permissions in the session are not updated.
                    For example, a web user logged in at this time was added to the group by using a method call in the snippet, so that the changes take effect, it must be re-login.

                    How can I make the changes take effect without a web user relogin?

                    In general, the problem is the same as that of Alexus.
                    It seems to me that the issue (https://github.com/modxcms/revolution/issues/3860) is not solved correctly.
                    • Try this:

                      $user->joinGroup('someGroup');
                      $user->loadAttributes($user, 'web', true);



                      The second argument is the context key. If empty, the current context will be used.
                        Get my Book: MODX:The Official Guide
                        MODX info for everyone: http://bobsguides.com/MODx.html
                        My MODX Extras
                        Bob's Guides is now hosted at A2 MODX Hosting