I'm using EXACTLY the same framework as the example at the bottom of this page - http://docs.elgg.org/wiki/PermissionsCheck
And I've been sending myself test emails with the variables for debugging purposes.
I can see that in the myaccess_cron function, the original context = cron, and then I set it to myaccess_cron.
However, in the myaccess_permissions_check function, when I get_context() it is either admin (I'm logged in) or main (I'm logged out). It never appears as myaccess_cron.
It's as if the context I set in the main function never makes it to the permissions_check function.
And also, when does the permissions_check function actually get called? It's not being called when I load the Cron URL (/pg/cron/fiveminute) in my browser. It looks like it gets called when I'm actually using the Elgg interface, which really has nothing to do with my plugin (supposed to run automatically behind the scenes).
Any ideas?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Some more details -
Even if I set the permissions_check function to ALWAYS return TRUE, get_entities in my main function never returns anything if I'm not logged in.
This $count var is 0 when I'm logged out and 1 when I'm logged in, regardless of the permissions_check function.
Weird, eh?
BTW, if an admin wants to change the example code in the PermissionsCheck doc page, there's a few errors, eg:
(extra "s")
All throughout the code access is either spelled correctly or incorrectly, almost randomly.
PS. What's the best way to report errors in the online docs if I see them? I've seen a few others but didn't write them down. I'd hate for other people to waste as much time as I have trying to learn Elgg and running example code that has bugs in it.
When it says
What does that mean? I haven't seen an ElggEntity attribute that's called "hidden". Or is it referring to the "enabled" field?
Anyways, I'm completely stuck. I even copied the sample cron permissions plugin code EXACTLY (well, with the spelling mistakes corrected) and tried to get an entity that was enabled when I was logged out...but I was still unable.
Maybe the permissions_check functionality is broken with the latest version of Elgg? A more likely explanation is I'm just doing something wrong ;)
@Kane are you talking to yourself the past few hours ? LOLZ;-)
I think you're not not getting responses b/c you're only posting teeny snippets of your code.
If you wanna post **all your ( LOL "secret" ) code here.. someone might spit out some intelligible comments ;-) ==> the smartest of us Elggsters still cain't read your mind...
Hahaha, I do love talking to myself ;) Sorry I just get excited sometimes...I'm SOOOO close to finishing this plugin. I'm having a love-hate relationship with Elgg right now ;)
Ok, the code I'm now using is exactly the same as the example at the bottom of this page - http://docs.elgg.org/wiki/PermissionsCheck (except make sure access is spelled correctly everywhere).
The only thing I've added is a print_r($entities) in the myaccess_cron function after the entities are returned.
I think I'm getting closer...
These are the possible access_id settings for ElggEntities:
Only the ACCESS_PUBLIC (access_id = 2) entities are returned if I'm not actually logged into Elgg when I point my browser to /pg/cron/fiveminute/
But shouldn't the code for this plugin allow me to see ALL entities (that aren't "hidden" - still not sure what that means)?? Or am I missing the purpose of permissions_check?
I am not too familiar with that wiki/Permissions thingy...
BUT
( to compare operationals... )
I have a "crawler" to grab the latest PlugIns/Themes/LangPacks listings to create my own summarized listing - which CURLs to Elgg.org. Now.. *even if I am *logged on to Elgg.org on *another window, my crawler is *not *logged in and therefore does not get access to any PlugIns which are not "Public" !!!
So... where are you running that permissions code from ? are you actually logged in and then using your own Elgg Site's link to execute ?
Hope this makes sense...
Thanks Dhrup, yes your situation does make sense. It's similar to what I'm trying to do.
Ok here's what I have setup (I've disabled all my other related plugins in order to debug this one issue):
Is there another way to have a plugin login as an admin user so I can get all entities? Or should I just take the easy way out and make all my entities "public"? (which seems like a foolish thing to do for security reasons).
LOLZ
;-)
I think you so have same problem !!!
your "wget" script ( a "stranger" ) -- she is not actually being "logged-in" into your Elgg site.. i.e. she is a "public" user" only....
ergo ==> no higher level access... ;-(
I have not yet solved this issue for my scripts.. yet...
LOLZ...
This is so funny....
I saw this problem with my (Elgg.org) Crawler Scripts many months ago.
Just never had the time to look at the code, the HTTP headers, the _tokens required , etc to fix it ;-(
For my Crawlers.. I wil need to send *all the correct HTTP Headers *and the *correct *POST data so that I can actually connect to Elgg.org as a verified / authenticated uset via CURL !
And then I can dance....
Yes we do have the same problem! Argghhhh.
But doesn't it sound like this is the solution? http://docs.elgg.org/wiki/PermissionsCheck
I just can't get it to work. From my original post, it seems like it's an issue with context. When I set the context in the main plugin function, it is never retrieved by the permissions override function. And also it seems like the permissions override function often isn't called when the cron page is loaded (like I would expect).
Is there an Elgg core developer I can talk to? I don't really know anybody in the community other than you ;)
It's USA/EST/DST/ 9:30 pm for me now (need din-din..) ;-) I'm starting to wind down down... ;-)
I'll have a closer look at that wiki/PermissionsCheck thingimijig ... tomorrow...
- Previous
- 1
- 2
- Next
You must log in to post replies.