Controlling user access externally [message #22504] |
Sat, 05 February 2005 04:16 |
krbvroc1
Messages: 31 Registered: February 2005
Karma: 0
|
Member |
|
|
Hello, I'm trying to accomplish some things and I'm having a tough time.
I currently have a website, mailing list and local NNTP server. We use FUDforum to suck articles from the NNTP for those users who cannot/will not use a newsreader.
Here is our scenario. People who are not members within a database adminstered from our website cannot post. Thus there are 3 types of people.
1) Anonymous - these people get read-only access to everything
2) Unregistered - these people are present in our database but are either unconfirmed or have been disabled. These people get read-only access to everything.
3) Registered - these people are present in out database and get full read/port capability.
Implementing this policy has not been tough in my other areas.
For the website, we query the database. For the newsreader, I use authentication from a db4 file that the website updates. For the mailing list, I added a handler to the python code of mailman to query the database and use the 'moderation' flag and automatic rejection.
Trying to do this in Fudforum is a problem. Partly becuase I'm finding it tough to figure our the design/code. Partly because of the access model.
Several searches here said there was a FUD API. One response said that it supported add / remove users. I do not see that in either the latest stable or latest RC version. It all appears to be related messaging / online users.
I was able to create a standalone php program that creates a 'fud_user_reg' object, fills in some fields, and calls add_user(). I had to modify add_user() to pass it an optional flag. It is now add_user($password_is_md5=0). I need to pass a password that is already encrypyed. add_user expects plaintext. Perhaps you can add this minor change? This way only users in our website database are created and they have a common username/password.
I have no idea of how to implement the access policy. Basically I thought I could create a stand alone php function which our website would use to modify a users group membership. I cannot figure out what tables are involved and how they relate! Conceptually, shouldn't I be able to change a registered user to an 'anonymous level user'. From the admin-land it appears anonymous level is what I want. I don't use any levels other than the two defaults. I was looking at the fud26_groups and fud26_group_members tables but I cannot figure it out. So, if I want to move a user using SQL commands from resitered level to anonymous level, how can I do this?
Thanks
|
|
|
Re: Controlling user access externally [message #22514 is a reply to message #22504] |
Sat, 05 February 2005 17:10 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
FUDAPI is stored inside a scripts/fudapi.inc.php all recent versions (as as 4-5 month ago) have it.
Group permissions are comprised of several tables
groups table -> stores group information
group_members -> stores members of particular group and their permission settings.
group_resources -> associates a group with 1 or more forums
group_cache -> cache table generated based on the data in the previous 3 tables. This table is what the forum actually uses to determine permissions.
The code for doing group permission manipulations can be found inside
groups.inc.t()
You have:
grp_delete_member() - delete group member
grp_update_member() - update group member
grp_rebuild_cache() - rebuild group cache
To Add a member you simply do something like this:
INSERT INTO fud_group_members SET group_members_opt=permissions_bit_mask, group_id=group_id, user_id=user_id.
Once you either add/update/delete group member you need to rebuild the cache. If you were working with just 1 person specify that account id to grp_rebuild_cache() to simplify the cache rebuild process.
The meaning of various bitmasks can be found inside group_perm_array() function of groups.inc.t
FUDforum Core Developer
|
|
|
|
Re: Controlling user access externally [message #22521 is a reply to message #22516] |
Sat, 05 February 2005 21:08 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
Quote: |
As far as the FUDAPI some other posts said that it included add user and remove user - that is not true.
|
yeah, you're right. I guess it's one of those features I've implemented in my sleep
Quote: |
As far as the group members, I think I was confused because despite several thousand members, there are only 23 rows in that table. Do they just cover the per group anonymous/registered unless you start adding users?
|
Groups normally have 2 special users, 1 for controlling permissions of all anon visitors and one for controlling permission of all registered users, who don't have a dedicated entry inside the group.
FUDforum Core Developer
|
|
|