Has anybody ever successfully created a Cron plugin that could access PRIVATE Entities?

I'm having no luck at all.

I've implemented exactly what's described in these two docs.

http://docs.elgg.org/wiki/CronPlugins

http://docs.elgg.org/wiki/PermissionsCheck

But every time I call get_entities() it only returns PUBLIC entities.  But the whole point of Cron jobs is to to automated processing *behind the scenes* so I'd think most folks would need access to the "meat and potatoes" of their Elgg system...ie. PRIVATE entities.

Here's the previous thread I started - http://community.elgg.org/mod/groups/topicposts.php?topic=182208&group_guid=7

If anyone, anywhere, has ever gotten this to work, I'd love to see some code!  If the Elgg developer who actually wrote the permissions_check plugin hook functionality is reading this...please HELP!!

Or should I just report a bug?  I'm not sure how to proceed because I've been stuck on this one thing for a few days now.

  • I didn't write it, but I've used the permissions_check hook often enough and got it to work.

    The bad news (for you) is that this is not relevant for you as it affects canEdit(), not get_entities()!

    So far as I know, there is no way to circumvent the get_entities security machinery. It is wired into the core of Elgg. Your cron job is going to have to log into Elgg to get the information you want.

    You might check the REST API as there may be a simple way to log in as an admin using that route.

  • Actually, this shouldn't be so bad.

    Assuming that your admin user is guid 2.

    login(get_entity(2));

    should get you in as an admin.

  • Thanks for the reply, Kevin.

    Am I reading this wrong (http://docs.elgg.org/wiki/PermissionsCheck) or is the permissions_check hook advertised as,

    	// returns all entities regardless of access permissions.
    // will NOT return hidden entities.
    $entities = get_entities();

    That is specifically referring to get_entities().  So does this doc need to be updated?

    Also, I have tried using login() (read the bottom of this thread)

    http://community.elgg.org/mod/groups/topicposts.php?topic=182208&group_guid=7

    And I'm able to login as the "admin" user, but I still can't get private entities.  My access_list is just (2,1) and doesn't contain "0". 

    Do you know how SESSION Cookies are supposed to work if a web server is logging into Elgg via a Cron job?  Like where are the Cookie files actually stored on the web server?  Is there a way to define this?

  • Am I possibly approaching my Elgg development the wrong way?

    Should I not be trying to access PRIVATE entities from a Cron job?  Should I instead be setting all my entities to be PUBLIC?

    I'm just confused why this isn't a known issue and I'm the only one who's having problems with it.  I would have imagined that many people using Elgg would need to run Cron jobs.

  • @Kane

    Permissions Check Docs says rather clearly --

    " The override function

    Now create the function that will be called by the permissions check hook. In this function we determine if the entity (in parameters) has access. Since it is important to keep Elgg secure, access should be given only after checking a variety of situations including page context, logged in user, etc....

    Entities that are hidden, however, will still be unavailable to the plugin..."

    Have you confirmed that the login code

    $elgg_username = "admin";
            $elgg_password = "mypassword";
           
            // Login
            if ($user = authenticate($elgg_username,$elgg_password))
            {
                $result = login($user, false);
            }

    is actually happening ?

     

  • @Dhrup

    Yes, the login is working - I verified by calling isadminloggedin() but for whatever reason the admin user doesn't have the correct access when I call get_access_list().

    Which leads me to believe that Elgg can be in a state where a user is "technically" logged through a Cron plugin in but doesn't have the same access permissions as if they logged in normally through a browser.

    I even tried setting the permssions_check override function to always return TRUE but that didn't let me query the PRIVATE entities either.

     

  • OK, I just corrected my code typo here LOL to login.. ;-)

    Can you post the exact get_entities(... you are doing that does not fetch everything... so I can play with it myself ? Just one example.

  • MY TEST =

    UTIL____LOGIN_ADMIN.php

    ENGINE START
    AUTHENTICATE -- CHECK
    AUTHENTICATE -- OK
    LOGIN -- CHECK
    LOGIN -- OK
    GET_ACCESS_LIST= (2,1,0)
  • Hey Dhrup,

    In order to simplify things I've recently been trying to pull back just a single entity, using get_entity(450) which has access_id = 0 (PRIVATE).

    Your results look great!  But I have a few questions -

    1. Is your test being ran through a cron plugin hook?  
    2. Did a cron job from a web server hit the /pg/cron/* URL or did you do it manually through your browser?
    3. Were you logged out of Elgg at the time you ran it?

     

  • I'm just gonna post the entire plugin START.PHP file.

    <?php
     
    function myaccess_init() {
        register_plugin_hook('cron', 'fiveminute', 'myaccess_cron');    
    }
     
    /**
     * Hook for cron event.
     */
    function myaccess_cron($event, $object_type, $object) {   
        $username = "admin";
        $password = "mypassword";
       
        // Login
        if ($user = authenticate($username,$password))
        {
            $result = login($user, true);
        }
       
        echo "Authenticate - ".$user['username']."<br>";
        echo "Login - ".$result."<br>";
       
        $access_list = get_access_list();
       
        echo "Access List - ".$access_list."<br>";

        $entity = get_entity(450);
       
        echo "Entity 450 -<br>";

        print_r($entity);
    }

    // Initialise plugin
    register_elgg_event_handler('init', 'system', 'myaccess_init');
    ?>

    Not sure why I didn't think of that before! ;)

    Could you please try the following?

    1. Paste the code into a start.php file in a "myaccess_cron" folder in \mod\
    2. Replace the 450 ElggEntity ID with one of yours that has access_id = 0
    3. Enable the plugin
    4. Log out of Elgg
    5. Load the page /pg/cron/fiveminute in your browser
    6. What is the output?

    The first time I load the page in my browser, I get:

    Authenticate - admin
    Login - 1
    Access List - (2,1)
    Entity 450 -

    The second time (refresh or F5), I get:

    Authenticate - admin
    Login - 1
    Access List - (2,1,0)
    Entity 450 -
    ElggObject Object ( [attributes:protected] => Array ( [guid] => 450 [type] => object [subtype] => 12 [owner_guid] => 79 [container_guid] => 79 [site_guid] => 1 [access_id] => 0 [time_created] => 1247772686 [time_updated] => 1247772686 [enabled] => yes [tables_split] => 2 [tables_loaded] => 2 [title] => [description] => ) [url_override:protected] => [icon_override:protected] => [temp_metadata:protected] => Array ( ) [temp_annotations:protected] => Array ( ) [valid:private] => )

    If I logout of Elgg (through another tab) and try to refresh the page again, I'm back to Access List = (2,1).