Login admin does't pass authorise permissions.

For Joomla! 3.x Coding related discussions, you could also use: http://groups.google.com/group/joomla-dev-general

Moderators: ooffick, General Support Moderators

Forum rules
Locked
anantmaks
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri May 18, 2018 11:36 am

Login admin does't pass authorise permissions.

Post by anantmaks » Fri May 18, 2018 11:49 am

I am working on a project which requires some manager level access to perform tasks, so when I receive a call I forcefully logging in the request as a superuser so that it will have all permissions to complete that task. For login I am using this code:

Code: Select all

function forceLogin($superuserId)
{
    $session = JFactory::getSession();
    $user = JFactory::getUser($superuserId);
    //Will authorize you as this user.
    JPluginHelper::importPlugin('user');
    $options = array();
    $options['action'] = 'core.login.site';
    $response = new stdClass();
    $response->username = $user->username;
    $response->language = '';
    $response->email = $user->email;
    $response->password_clear = '';
    $response->fullname = '';
    $result = $app->triggerEvent('onUserLogin', array((array)$response, $options));
    $session->set('user', new JUser($userId));
    return true;
}
By this my current login user will be superuser. Now the concern is when any extension is searching for permissions, it is still getting that current session doesn't have them and so it returns false.

One of the solutions I came around is to redirect internally after login and then proceed to other tasks, in that way the system recognizes session to be availed with all permissions. For example -

I received something in getNotification()

Code: Select all

function getNotification()
{
    //from here I log in the user
    $this->forceLogin($speruserId);

    //and now redirect
    $app = JFactory::getApplication();
    $app->redirect('index.php?option=com_mycomponent&task=setNotification');
}
Now I proceed further request from setNotification()

Code: Select all

function getNotification()
{
    // do my work here
}
To be specific, the issue is arising in VirtueMart (e-commerce extension) in which I am creating a product from my call and while creating a product it checks vmAccess::manager('product.create') which is actually same as core.create of Joomla.

I think by redirecting session is being reset with current user and so it gets all permission. Can it be done without redirection? If yes, how?
Top
Locked

Return to “Joomla! 3.x Coding”