Hi All,
I’m using Dan’s solitary security module. It works as expected (great work Dan).
But I need to access the logged in users role.
So in the SecurityService function setUserSession you can remove exclude=“roles” and this should include the roles in the currentuser.
But I keep getting a setting of [undefined struct element]
But if I put a writedump in the isUserVerified function the users roles are then included.
Can anyone shead some light on this? Note I have tried “sleep(1000)” and this still does not work.
Some info
Coldbox 3.8.0.00061
SQL Server 2008 R2
IIS 7
Thanks Ken
Ken,
Personally something like Solitary is so easy to setup, but the crust of it this.
Grab the user session, this is what is stored when the user is authenticated rather than hitting the DB every call. Thus the real work is in the userValidator.
The code.
public boolean function userValidator(struct rule,any messagebox, any controller){
var isAllowed = false;
var user = getUserSession();
var cPermission = "";
if( !isNull(user) ){
// verify user has role
for(var x=1; x<=listLen(arguments.rule['roles']); ++x){
if( listFindNoCase(user.getRolesList(),listGetAt(arguments.rule['roles'],x)) ){
return true;
}
}
}
return isAllowed;
}
The first thing that should happen here is we get the user details from the session, which is what getUserSession does if it is not in the session then it grabs it from the DB. The userValidator then checks to see if it matches the role that is assigned to the user and if it matches returns true, otherwise they are denied permission.
Which part of this are you having troubles with?
Andrew,
You have missunderstood.
If you do a cfdump of rc.currentUser on the User/list page the role(s) are not included in the object.
See attached images.
The first image (solitary.jpg) does not have writedump in isUserVerified function.
While the second image (solitary1.jpg) does.
Ok,
Again the userValidator does what it does and it works, the userService is responsible for getting the users details. So this means there is two possible things you need to look at.
The first is userService where it gets the user, see if it that is really returning what it is suppose too. That would be my first port of call, for two reasons you have to do this to get the user when logging the user in, then you would store that in the session, using the setSession in the Security Service. Now if that is pulling up the correct details, then you need to be looking at how and what your storing in the session.
Sorry I understood, I was trying to get you to look away from the Security Service and look at the User Service and more importantly what you’re storing in the session. That should give you more of something to find this, let us know how you go.
Andrew,
I am using Dan’s code as it is.
The code works as follows, if I understand it correctly.
Once the login form is submitted the function isUserVerified is executed, if a user is retured from the userService
with the following code var user = userService.findIt(“select u from User u where u.emailPasswordHash = :uph OR u.usernamePasswordHash = :uph”,{uph=userPassHash});
then the function setUserSession is called.
The setUserSession function takes the user and stores it in the session with the following code
sessionStorage.setVar(“user”,arguments.user.toStruct(exclude=“roles”));
Note that by default the “roles” are excluded, but if you change this to
sessionStorage.setVar(“user”,arguments.user.toStruct());
Then the roles are included.
But when you dump the currentUser object the roles are not displayed.
But if you do a writedump just after the userService.findIt call then the currentUser object contains the roles array.
Ok, I missed the exclude roles bit. I don’t use this module as these are so easy to role it is not funny. But remove the excludes role and it sounds like you will be fine. I think that is an oversight on Dan’s part, or he was doing something else to put the roles back in or something. Not sure.
Your still missing the point.
I did remove the exclude bit and the roles are not in the object, but if I do the dump then they are in the object.
sigh
If you look at the code that function is doing an HQL on the User table only, that means the excludes Dan put in there is justified. But like I said it is an oversight on Dan’s part.
I do understand, I think it might be better if you take a step back and understand what those functions are doing!
