Problems with admin login about aimeos-laravel HOT 18 CLOSED

Hi Cesar

I'm not really sure why this happens yet. The problem might be in the AdminController in src/Aimeos/Shop/Base/AdminController.php, but we have to check that. Maybe you can find out more in the meantime.

from aimeos-laravel.

Can you tell us a bit more of your setup and configuration? Did you've configured a route prefix for example? What are the steps to create a setup like yours?

from aimeos-laravel.

Thank you for you prompt response.
I Installed laravel 5.2, then I added aimeos.
I set up the login as usual.
Then I follow the documentation for multiple sites and it worked fine.
I created three sites to test
When I created an admin user it gets authorized in all the sites
Everything is all fine with that.

Then I needed to restrict a user not to admin a site not assigned to that user.

I deleted the records in users_list that I do not want the user to go. So I let only one site for that user in the table users_list.
That is when I notes the problem. When I try to use that user it took me to the login screen, when I used a user allow for site default it works fine.
After that, for testing. I added a row for that user in users_list for site default, and it works fine.

Then, I decided to look at the controller AdminController,

Going deeper in the code I found that the line in AdminController function indexAction

if( config( 'shop.authorize', true ) && !( Auth::check() && $request->user()->can( 'admin' ) ) ) {
return View::make( 'shop::admin.index' );
}
Is the one not returning the right answer.

What I am doing for now:

When I create an admin user I restrict the user to default and the site that I want that user to manage. Please add in the documentation how to do that I did not find it easy. I when into the code and found out that it was possible. Next, I added code to AdminController function indexAction and only allow the user to go to the site that is not default unless the user is a full administrator.

Then I modified page-default.php for jqadm and made change sites and expert mode not visible unless it is a full administrator.

At ExtadmController I enter code to not allow a non full administrator to enter.

Whit this changes everything works perfect.

Why did I not allow a user to go to expert mode unless is a full administrator:

Because I did no find a way to not allow a user to create sites and modified them at the expert level.

As a suggestion for future releases it will be nice to have some levels of admin not more than two or three not to complicate to much.
Example:
One level with full access to experts mode
Once level restricted to certain sites and not allow those to enter new sites or modified in any form the actual one.

Thank you so much for your help.

from aimeos-laravel.

OK, this boils down to two thing:
1.) Login and redirect to the site which accounts are admin for should be possible without the need to add them to the default site as well
2.) Add a new role for editors with access only to the simple admin mode

Are you willing to share your changes so we can add them to the dev-master branch if possible? Together we can find a good solution for both requirements and integrate these features into the next version.

from aimeos-laravel.

Sure I will like that.

For the first thing my solution should not be the one for a release. Because my solution looks like a hack. To be able to help I need a little more knowledge of your code. I been using it less than a month.
Any how here is my my AdminController code:

public function indexAction( Request $request )
{
    if( config( 'shop.authorize', true ) && !( Auth::check() && $request->user()->can( 'admin' ) ) ) {
        //return view('/home');
        return View::make( 'shop::admin.index' );
    }

    // Cesar
    // Here we get the sites that the user is authorized for

        $userId = $request->user()->id;

        $query = (new UserList)->newQuery();
        $query->where('parentid','=',$userId);
        $result = $query->get();

        foreach($result as $regSite)   // Here you get the site record  
        {
            $theSite=MshopLocaleSite::find($regSite->siteid);
            if($theSite->code <> 'default')  // if it is not default let it admin that site
            {
                $siteCode = $theSite->code;
                break;
            }
        }


    $lang = Input::get( 'lang', config( 'app.locale', 'en' ) );


    $param = array(
        'resource' => 'product',
        'site' => $siteCode,    //Route::input( 'site', 'tienda' ),
        'lang' => 'es',//Input::get( 'lang', config( 'app.locale', 'es' ) ),
    );

    return redirect()->route( 'aimeos_shop_jqadm_search', $param );
}

Now I think the change should be made at the $request->user()->can( 'admin' ) function which I have not found yet. (if you tell me where it is I will fix it and will send it to you, or maybe we can just bypass and set all the control here at this function). Doing the right changes we can limit a user to not only one site, to more than one. For now I just limiting non admin user only to one site.

As for the second I added a field to the users table called type, if type is A the user is an administrator and is allow to ExpertMode. Otherwise, the user is only allow at simple admin mode.

Two changes were made here they are:

At the ExtadmController

public function indexAction( Request $request )
{
if( config( 'shop.authorize', true ) ) {
$this->authorize( 'admin' );
}

    // cesar        

    $site = $site = Input::get('site');  //Route::input( 'site', 'default' );


    // Only Admin users are allow here
    $userId = Auth::user()->id;

    if(Auth::user()->type <> 'A')
    {
        return redirect('/');
    }

    // Here we get the sites that the user is allow to manage
    $query = (new UserList)->newQuery();
    $query->where('parentid','=',$userId);
    $result = $query->get();

    $siteFound = 0;
    foreach($result as $regSite)   // Here we look if the site the user wnats to go is within the autorized ones 
    {
        $theSite=MshopLocaleSite::find($regSite->siteid);
        $siteCode = $theSite->code;
        if($site == $theSite->code){
            $siteFound = 1;
            break;
        }
    }

    // if the site the user wants to go is not within the allow sites redirect the user to the any of the allowed sites
    if($siteFound == 0)   
    {
        $site = $siteCode;
        $irAlatienda = '/extadm?site='.$site.'&lang=es&tab=0';
        return redirect($irAlatienda);
    }


    $lang = /Input::get( 'lang', config( 'app.locale', 'en' ) );

    // end of changes Cesar

    $aimeos = app( '\Aimeos\Shop\Base\Aimeos' );
            ....... all the remaining code is the same

At pages-default.php located in aimeos/aimeos-core/admin/jqadm/templates/common
I added this to the HTML where it sets the expert mode link. I just did it not visible

if( Auth::user()->type == 'A')
{
echo '

from aimeos-laravel.

Thanks for the code!

We've modified it a bit so it's more compliant to the structure of Aimeos. It's now possible to have admin and editor groups/roles and dditors have no access to the expert mode interface.

Furthermore, there's no need any more to have access to the default site. Admins/editors can be restricted to one or more sites only.

The changes are already in the aimeos-laravel dev-master branch. What we are still working on is a good solution for showing the link to the expert mode depending on the group so it works for Symfony, TYPO3, etc. as well.

Thank you very much for your suggestions!

from aimeos-laravel.

Glad I help..
I have some questions:
If I update trough composer will I get the changes ?
Other question when creating a user (editor type) I just need to change --admin by --editor ? That means admin will be full administrator and editor restricted to basic mode only ?
Furthermore, doing this I will not need to use the type field at the users table?

I also have some comments:

On the display expert mode can you use a session variable to control things like the expert link? I not familiar with TYPO3, Symfony or those. But I think all them can use session variables. Base on that variable you display the link or not, and control access at the ExtAdminController. That way is not necessary to access the database again.

Remember the security risk if some one knows the link to the expert mode. That is why it is necessary to have some source of control at the ExtAdminController.

Once again

Thank you so much

from aimeos-laravel.

Yes, you are able to get the changes if you use dev-master instead of ~2016.04 for the aimeos-laravel requirement in your composer.json file. You need to change the lines in your ./app/providers/AuthServiceProvider.php to:

    $gate->define('admin', function($user, $roles) {
        return app( '\Aimeos\Shop\Base\Support' )->checkGroup( $user->id, $roles );
    });

You can use ./artisan aimeos:account --editor <email> <site> to create limited editor accounts for sites. Login works well too, the link only needs a site parameter like &site=test or a route prefix. If an admin or editor has no access for a site, Laravel will throw an authorization exception.

All controller methods are now protected using the Laravel authorization methods and the allowed roles ("admin" or "editor").

from aimeos-laravel.

Cool thank you so much.

You guys have a wonderful day.

from aimeos-laravel.

Hi guys, I updated the system and it is giving me the following issues:

When the user is and admin the basic admin site Jqadm works fine. The problem is when going to expert mode it comes out blank. It say that Java script needs to be enabled. I checked and javascript is fine in the browser. I also did a page to test with some js and its fine.

Now when it is a editor user jqadm does not look good everything is not organized, including when you try to edit a product it is the same the interface is not organized.

Then I try with a user that I created and added site default and site test. as editor.
with that user jqadm works like a charm.

I know this changes make take some time.
The only one the really worries me is that now the Admin users can not go to the expert mode. As for the editors I will just add them the default site. I will control this with the link and since they can not change sites it is fine.

I am adding the pictures for you guys to see

Thank you
Best Regards

jqadm

extadm

from aimeos-laravel.

This is due to the fact that the view templates have been changed but you are still using your old copies. Please update your view files by copying them via

cp vendor/aimeos-laravel/src/views/* resources/views/vendor/shop/

from aimeos-laravel.

After copying everything the expert mode is not working still blank. jqadm is working now.

Thanks

from aimeos-laravel.

Did you clicked on the "expert mode" link inthe JQAdm interface to get the blank page? Your user needs to be in the "admin" group to have access to the expert mode.

Can you post a screenshot with the section of the document shown and check in the network tab if the there are requests that return a 403 error (unauthorized)?

from aimeos-laravel.

Hi, it did not show a 403 error. But looking at the user I found the problem: The user that I was using was in the admin group before the changes. Now I just erased the user and created it again as admin after the changes and now it works.

Thank you problem solved.

Have a great day

from aimeos-laravel.

Hi Guys, after resolving the users login to the administrator. I went to see my test store and it is giving an error " ErrorException in FileViewFinder.php line 137: View [app] not found. (View: /home/vagrant/Code/paratimall/resources/views/vendor/shop/base.blade.php) (View: /home/vagrant/Code/paratimall/resources/views/vendor/shop/base.blade.php)"

Seems like it is missing something after I copied the templates as described to me earlier. I looked at
/home/vagrant/Code/paratimall/resources/views/vendor/shop/base.blade.php

and it is calling @extends('app') at the first line and that is the one giving the error.

I am attaching the picture here

from aimeos-laravel.

I forgot to tell you that I do have an app.blade.php template

Thank for all your help

from aimeos-laravel.

Maybe it's in the wrong location or you have to clear the Laravel view cache. Please check https://github.com/aimeos/aimeos-laravel#setup if all steps are correct in your setup.

from aimeos-laravel.

I got it. I cleared the Cache and it did the same. Then I moved app.blade.php from views/layout to views and now it works. What happened was that after updating the templates they started to look for app at the view directory. Before they were looking at views/layouts directory.

I think those are part of the changes in master-dev. It is fine.

Thank you so much hope you have a great evening.

from aimeos-laravel.