The Joomla! Forum ™

If I for example put a user in a different user group, the change is not visible until the user actively logs out and the logs back in. This is a problem if you want to hide something confidential when a user has been assigned a different role in the organization.

Is this the way it's supposed to be, and if so is there a way to invalidate the users' token from the backend?

I subscribe to this...
Actually I spent hours figuring out why my changes to the authorization would not work, untill I found this post.
Logging out and in again revealed that this is what it takes to make changes effective - and I agree that this can create problems.

_________________
/Yxos

It's a shame other people don't see this as a problem.

Does anyone know if there is any API for re-authenticating a user or a re-download of the token?

I guess a system plugin could be created that would expire the cookie(s) used by Joomla based on the creation date of the cookie(s) and the username.

I've put together a rather crude way of dealing with the problem but it works for my needs. I would like to have a GUI for the user list, but this will do for now.

I first created a cookie to keep track of if the user has been invalidated or not. But then I found out that the LastVisit variable is in fact not last visit. It's really last login and logout timestamp. So I used that instead.

The way that this works is when ever you make a change to a users permission and you want to enforce it, you add the username and the current date and time. Next time the user accesses a page it will compare that timestamp to the lastvisit timestamp. If the entered timestamp is after the lastvisit timestamp, it will remove all cookies for the site. And subsequently when the user navigates to another page, the user has to login again.

I have attached the code if anyone wants to use it and I used a Jumi module to implement it without having to modify any core code.

Well I have the same problem as well. I want to give my users access to certain hidden content when making a donation, and they can't see it until they log out and log in again. Forcing logout is one thing, but its not a solution. Any ideas anyone? I used joomla 2.5.0 and now i updates to 2.5.4 but still the same bug!

If a Super User has incorrectly assigned a user to a user group that allows them access to things they should not see .... And the Super User (when they realise their mistake) can remove that user group from the view level or put the user in another user group.

As for the user still seeing the information until they are logged out ... just log them out in Joomls >>> site >>> control panel.

The User Manager's 'Batch process' defaults at 'Add To Group' ... Perhaps if the default was 'Set To Group' that would make it idiot prof ?

_________________
http://weblinksonline.co.uk/joomla-faq.html

Is there still not a fix for this? I see this as a major flaw with the ACL system...

I make use of a subscription plan system to add users to a group. It is very confusing (and time consuming) for users to log back in and out again... For obvious reasons I want to make the subscription process as simple as possible.

If anybody has any advice I would greatly appreciate it... Thanks!

Yes, use pen and paper to work out your user groups and view levels and to work out which Permissions to use for which groups in which categories. That may help clear your confusion and prevent you from asking if there is a fix (when it is not broken).

Reading, rereading http://docs.joomla.org/Access_Control_L ... 5/Tutorial , trial and error, resetting to default values and trying again. Perhaps installing, reinstalling(several times) a test Joomla for practising. And keep trying until you work it out.

If all else fails take a course on database management as it will help you with your logic.

_________________
http://weblinksonline.co.uk/joomla-faq.html

Hi Webdongle...

I am not new to Joomla. While this is my first post in the forum I am definitely not a novice... Granted, I have not used the ACL that much.

I have been struggling with this for 12 hours non stop now... I have already reread, retried etc etc over and over. So if I wrongly assumed that this is a bug with Joomla I apologize... I can't seem to find a solution. Maybe I am just missing something stupid. As for using a Pen and Paper method... I don't think that will help me. My ACL logic is really not that complicated:

I have a user group "Subscriber" with parent "Registered". Then I have a Access Level "Subscriber" with user group "Subscriber.

I have 3 categories and 3 menu items that has it's access level set to "Subscriber". When a user Subscribes to the plan in JPayplans they are automatically assigned to the "Subscriber" group and removed from the "Registered" group. I have checked in the backend and this does happen correctly, but the menu items/ categories do not appear until the user has logged out and in again. This may seem like a small thing, but my users are computer novices who find the simplest things confusing.
If this is not going to work, Is there a way I can force logout after subscription so that the user has to login again? (Not ideal, but at least it would be less confusing...)

*I see in the docs under the instructions for creating a Guest Group it says the following:
"N.B. Login/logout in front end (for changing data in session) to see the change."

Is that not related to the issue I am having?

But JPayplans is 1.5, at least that's what it says in JED http://extensions.joomla.org/extensions ... ions/17999 ?

As for logging out then back in that would need to be done by the extension. If an extension is designed to change the user group of a user then it should handle the cookies ?

_________________
http://weblinksonline.co.uk/joomla-faq.html

http://extensions.joomla.org/extensions ... bnMiO30%3D

New JPayPlans has the Group Joiner App built in...

My first thought was that it is a JPayplans issue, and I mailed the developer, still waiting to hear back from him though and this is quite urgent so I tried to solve the problem myself. When I saw other users having a similar issue here I assumed it was just the way Joomla's ACL works and not an issue with JPayPlans.

I am still working through the Joomla Programmer's manual, now only at Chapter 4, so I don't always understand 100% when Joomla handles the cookies etc. and when the component does it...

*As an aside, please believe me that I am not the type of guy who asks for help without trying to fix the problem myself - I have been using Joomla for more than 4 years now and have never felt the need to post a question on the forum since I have always found existing answers to my issues somewhere on the internet. I have now exhausted every possible solution within my range of experience and I have searched everywhere. Let's hope the JPayplans guys reply.

It's the session cookie and that needs to be erased and another generated so it is up to the extension to do it.

_________________
http://weblinksonline.co.uk/joomla-faq.html

Reply from the JPayplans developer:

Since you are using usertype app, that's why user has to logout once and log-in again to see the effect.
This is done by Joomla itself as in the session, it maintains user level. So usertype of user is not changed when session is same.
If you are using usertype app, then it will happen and we can't help it as it is Joomla's functionality.

If they create an extension that alters the way Joomla's registration function works then they should alter the all of the Joomla functions that relate to their original modification.

_________________
http://weblinksonline.co.uk/joomla-faq.html