1)createUser() 2)addUsertoGroup()... group permissions not applied immediately

geddes

Joined: 2006-05-31
Posts: 7

Posted: Thu, 2006-06-01 20:19

Dear Gallery Developers,

Thank you very much for taking the time to write such a slick API for integrating/embedding Gallery into other uses. I am very impressed.

I have been experiencing a minor glitch in my integration attempt that I hope others might be able to help me with.

As I mentioned in a previous post, my integration is very minimal, I just want to authenticate against a radius server instead of using gallery's authentication system. I have elected for on-the-fly registration because only a small subset of the thousands in the radius database will use the software, and because the actual radius server is not under my control, so I can't add event-driven hooks to it. Specifically though, I want to add users authenticated by this module to specific groups based on a variable I send to my gallery wrapper.

The addusertogroup() and createuser() functions work wonderfully (when I go and check the database I see that these users have been created and have been added to the proper groups). However, the first time the user logs in (and hence, their account is created on the fly) gallery behaves as if they weren't a member of the group. For example, one of my groups is "trico" and I have an album that is set only to be viewable by people in that group. After logging in for the first time, a person who should have been added to that group on the fly does not see the gallery. However, after clicking refresh (and thus starting a new init session that this time actually will work because the user has been created) the gallery shows up and the group permissions behave normally. It is just that initial login that is a problem. Since I have to support a relatively un-savvy user base, this will really confuse them. I could just write a refresh into the outputed html, but I would love to find a more elegant solution.

So, are some snippets of my code, the majority of it taken from the documentation:

//This is our authentication
...
if(!haverAuthenticate($h_user,$h_password,$h_college))
	die ('Bad Username or Password');
...
//This is the Gallery Part
require_once('./gallery2/embed.php');
$g2Uri='/gallery2/';
$embedUri='/haverentry2.php';
$h_loginPage='/gallery-entry/login.php';

 $ret = GalleryEmbed::init(array('embedUri' => $embedUri, 'g2Uri' => $g2Uri, 'activeUserId' => $h_user, 'loginRedirect' => $h_loginPage));
 GalleryCapabilities::set('login', true);
 if ($ret) {
     /* Error! */
     /* Did we get an error because the user doesn't exist in g2 yet? */
     $ret2 = GalleryEmbed::isExternalIdMapped($h_user, 'GalleryUser');
     if ($ret2 && $ret2->getErrorCode='ERROR_MISSING_OBJECT') {
         /* The user does not exist in G2 yet. Create in now on-the-fly */
         $ret = GalleryEmbed::createUser($h_user, array('username' => $h_user));
         //Add users from the colleges to their various groups, all get added to trico
         switch($h_college)
         {
         	case "a":
         		GalleryEmbed::addUserToGroup($h_user,"grp_a");
         		GalleryEmbed::addUserToGroup($h_user,"grp_trico");
				break;         
         	case "b":
         		GalleryEmbed::addUserToGroup($h_user,"grp_b");
         		GalleryEmbed::addUserToGroup($h_user,"grp_trico");
				break;         
         	case "c":
         		GalleryEmbed::addUserToGroup($h_user,"grp_trico");
         		GalleryEmbed::addUserToGroup($h_user,"grp_c");
				break;         
         	default:
          		//gets added to no groups
         
...

         $ret3 = GalleryEmbed::login($h_user);
...
 $g2moddata = GalleryEmbed::handleRequest();

Thank you in advance for any help you could provide.
- Geddes

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Fri, 2006-06-02 07:41

g2 with external radius server auth, nice

you really should check the return values when you call G2 methods.
always do a
if ($ret) {
// error handling here, e.g.
print $ret->getAsHtml();
exit();
}
and don't forget that GalleryEmbed::addUserToGroup() also returns a $ret.

your issue sounds weird. not sure whether it is a transactional db issue or whether your users aren't logged in properly when they get created.

can you test with the non-transactional mysql driver to rule out this possibility?

geddes

Joined: 2006-05-31
Posts: 7

Posted: Fri, 2006-06-02 13:47

Thanks for your post valiant. As I've been searching through these forums I have noticed that you help a lot of people and really go the extra mile to solve a lot of problems.

I tried what you said - I added error checking with the if($ret) stuff and no errors are returned, everything seems to work fine, except that the sub-albums for which the new user has permissions to see don't show up until the second login. I think I am already using the non-transactional driver. Here is my config.php:

 * The possible database types are:
 *  mysql        Standard MySQL
 *  mysqlt       MySQL with transactions (3.23.34a and newer)
 *  postgres     PostgreSQL 6.x (not rigorously tested)
 *  postgres7    PostgreSQL 7.x
 *  oci8po       Oracle (9i and newer)
 *  db2          (EXPERIMENTAL!) IBM DB2 for Linux/UNIX/Windows, v8.2.2
 */
$storeConfig['type'] = 'mysql';
$storeConfig['hostname'] = 'localhost';
$storeConfig['database'] = 'g2dev1';
$storeConfig['username'] = '*******';
$storeConfig['password'] = '*******';
$storeConfig['tablePrefix'] = 'g2_';
$storeConfig['columnPrefix'] = 'g_';
$storeConfig['usePersistentConnections'] = false;
$gallery->setConfig('storage.config', $storeConfig);

Just in case I tried changing the driver to mysqlt but experienced the same result.

I think I might just be mis-understanding the api functions. Looking at the code, I think this is sort of what gallery tries to do:

1. init() with a (to gallery) unknown user-id. This returns an error in $ret so
2. createuser() and addusertogroup() and login()
3. print html

My theory is that the init call is giving the html of a guest because the initial userid was bad in the init() call. However, init() can not be called more than once - so how can I force gallery to re-init() once the userid has been created on the fly?

Does that make sense? Thanks again for your help,
- Geddes

geddes

Joined: 2006-05-31
Posts: 7

Posted: Tue, 2006-06-06 15:28

I am still having this problem . I saw Valient in this thread that you used the checkActiveUser() method. I have tried that to no avail. I have tried:

• logout() and then init()
• init('fullInit'=> true)
• checkActiveUser()
• login()

but every time, if the user isn't yet in the externalIdMap and has to be created on the fly, though the user does show up in the bottom right corner with the proper username, they can't see the albums that they should be seeing! They are in the right groups and the permisions are correct because when I refresh, the protected albums apear without a problem, it is just the first time they enter gallery that this happens. Also, is this related to the other problem I have reported here where the loginRedirect paramater in the init() call seems to ave no effect? Any help would be greatly greatly appreciated. Thank you in advance for your time!

- Geddes

shocksll

Joined: 2005-06-22
Posts: 352

Posted: Tue, 2006-06-06 16:15

I think what i had to do was if i created the user and added them to a group, i would then do a header("Refresh: 0; url=blahblah"); to refresh the page and everything seems to work pretty good that way.
Steve Lineberry

geddes

Joined: 2006-05-31
Posts: 7

Posted: Thu, 2006-06-08 13:44

Thanks Steve! That worked

My installation is almost perfect now, the only outstanding issue is that the "login" link still points to Gallery's login screen, despite my redirectLogin directive. I think the only way to get around this is just to eliminate the login stuff and make my own links in my theme.

- Geddes

dirk-m

Joined: 2008-04-02
Posts: 9

Posted: Mon, 2009-01-05 17:50

shocksll wrote:

I think what i had to do was if i created the user and added them to a group, i would then do a header("Refresh: 0; url=blahblah"); to refresh the page and everything seems to work pretty good that way.
Steve Lineberry

Wow, is that bizarre... Thanks for figuring this out!

geddes Joined: 2006-05-31 Posts: 7	Posted: Thu, 2006-06-01 20:19
	Dear Gallery Developers, Thank you very much for taking the time to write such a slick API for integrating/embedding Gallery into other uses. I am very impressed. I have been experiencing a minor glitch in my integration attempt that I hope others might be able to help me with. As I mentioned in a previous post, my integration is very minimal, I just want to authenticate against a radius server instead of using gallery's authentication system. I have elected for on-the-fly registration because only a small subset of the thousands in the radius database will use the software, and because the actual radius server is not under my control, so I can't add event-driven hooks to it. Specifically though, I want to add users authenticated by this module to specific groups based on a variable I send to my gallery wrapper. The addusertogroup() and createuser() functions work wonderfully (when I go and check the database I see that these users have been created and have been added to the proper groups). However, the first time the user logs in (and hence, their account is created on the fly) gallery behaves as if they weren't a member of the group. For example, one of my groups is "trico" and I have an album that is set only to be viewable by people in that group. After logging in for the first time, a person who should have been added to that group on the fly does not see the gallery. However, after clicking refresh (and thus starting a new init session that this time actually will work because the user has been created) the gallery shows up and the group permissions behave normally. It is just that initial login that is a problem. Since I have to support a relatively un-savvy user base, this will really confuse them. I could just write a refresh into the outputed html, but I would love to find a more elegant solution. So, are some snippets of my code, the majority of it taken from the documentation: //This is our authentication ... if(!haverAuthenticate($h_user,$h_password,$h_college)) die ('Bad Username or Password'); ... //This is the Gallery Part require_once('./gallery2/embed.php'); $g2Uri='/gallery2/'; $embedUri='/haverentry2.php'; $h_loginPage='/gallery-entry/login.php'; $ret = GalleryEmbed::init(array('embedUri' => $embedUri, 'g2Uri' => $g2Uri, 'activeUserId' => $h_user, 'loginRedirect' => $h_loginPage)); GalleryCapabilities::set('login', true); if ($ret) { /* Error! / / Did we get an error because the user doesn't exist in g2 yet? / $ret2 = GalleryEmbed::isExternalIdMapped($h_user, 'GalleryUser'); if ($ret2 && $ret2->getErrorCode='ERROR_MISSING_OBJECT') { / The user does not exist in G2 yet. Create in now on-the-fly */ $ret = GalleryEmbed::createUser($h_user, array('username' => $h_user)); //Add users from the colleges to their various groups, all get added to trico switch($h_college) { case "a": GalleryEmbed::addUserToGroup($h_user,"grp_a"); GalleryEmbed::addUserToGroup($h_user,"grp_trico"); break; case "b": GalleryEmbed::addUserToGroup($h_user,"grp_b"); GalleryEmbed::addUserToGroup($h_user,"grp_trico"); break; case "c": GalleryEmbed::addUserToGroup($h_user,"grp_trico"); GalleryEmbed::addUserToGroup($h_user,"grp_c"); break; default: //gets added to no groups ... $ret3 = GalleryEmbed::login($h_user); ... $g2moddata = GalleryEmbed::handleRequest(); Thank you in advance for any help you could provide. - Geddes
	XUser login Username: * Password: * Create new account Request new password
valiant Joined: 2003-01-04 Posts: 32509	Posted: Fri, 2006-06-02 07:41
	g2 with external radius server auth, nice you really should check the return values when you call G2 methods. always do a if ($ret) { // error handling here, e.g. print $ret->getAsHtml(); exit(); } and don't forget that GalleryEmbed::addUserToGroup() also returns a $ret. your issue sounds weird. not sure whether it is a transactional db issue or whether your users aren't logged in properly when they get created. can you test with the non-transactional mysql driver to rule out this possibility?

geddes Joined: 2006-05-31 Posts: 7	Posted: Fri, 2006-06-02 13:47
	Thanks for your post valiant. As I've been searching through these forums I have noticed that you help a lot of people and really go the extra mile to solve a lot of problems. I tried what you said - I added error checking with the if($ret) stuff and no errors are returned, everything seems to work fine, except that the sub-albums for which the new user has permissions to see don't show up until the second login. I think I am already using the non-transactional driver. Here is my config.php: * The possible database types are: * mysql Standard MySQL * mysqlt MySQL with transactions (3.23.34a and newer) * postgres PostgreSQL 6.x (not rigorously tested) * postgres7 PostgreSQL 7.x * oci8po Oracle (9i and newer) * db2 (EXPERIMENTAL!) IBM DB2 for Linux/UNIX/Windows, v8.2.2 / $storeConfig['type'] = 'mysql'; $storeConfig['hostname'] = 'localhost'; $storeConfig['database'] = 'g2dev1'; $storeConfig['username'] = '****'; $storeConfig['password'] = '*****'; $storeConfig['tablePrefix'] = 'g2_'; $storeConfig['columnPrefix'] = 'g_'; $storeConfig['usePersistentConnections'] = false; $gallery->setConfig('storage.config', $storeConfig); Just in case I tried changing the driver to mysqlt but experienced the same result. I think I might just be mis-understanding the api functions. Looking at the code, I think this is sort of what gallery tries to do: 1. init() with a (to gallery) unknown user-id. This returns an error in $ret so 2. createuser() and addusertogroup() and login() 3. print html My theory is that the init call is giving the html of a guest because the initial userid was bad in the init() call. However, init() can not be called more than once - so how can I force gallery to re-init() once the userid has been created on the fly? Does that make sense? Thanks again for your help, - Geddes

geddes Joined: 2006-05-31 Posts: 7	Posted: Tue, 2006-06-06 15:28
	I am still having this problem . I saw Valient in this thread that you used the checkActiveUser() method. I have tried that to no avail. I have tried: • logout() and then init() • init('fullInit'=> true) • checkActiveUser() • login() but every time, if the user isn't yet in the externalIdMap and has to be created on the fly, though the user does show up in the bottom right corner with the proper username, they can't see the albums that they should be seeing! They are in the right groups and the permisions are correct because when I refresh, the protected albums apear without a problem, it is just the first time they enter gallery that this happens. Also, is this related to the other problem I have reported here where the loginRedirect paramater in the init() call seems to ave no effect? Any help would be greatly greatly appreciated. Thank you in advance for your time! - Geddes

shocksll Joined: 2005-06-22 Posts: 352	Posted: Tue, 2006-06-06 16:15
	I think what i had to do was if i created the user and added them to a group, i would then do a header("Refresh: 0; url=blahblah"); to refresh the page and everything seems to work pretty good that way. Steve Lineberry

geddes Joined: 2006-05-31 Posts: 7	Posted: Thu, 2006-06-08 13:44
	Thanks Steve! That worked My installation is almost perfect now, the only outstanding issue is that the "login" link still points to Gallery's login screen, despite my redirectLogin directive. I think the only way to get around this is just to eliminate the login stuff and make my own links in my theme. - Geddes

dirk-m Joined: 2008-04-02 Posts: 9	Posted: Mon, 2009-01-05 17:50
	shocksll wrote: I think what i had to do was if i created the user and added them to a group, i would then do a header("Refresh: 0; url=blahblah"); to refresh the page and everything seems to work pretty good that way. Steve Lineberry Wow, is that bizarre... Thanks for figuring this out!

1)createUser() 2)addUsertoGroup()... group permissions not applied immediately

XUser login