CODEWITHSUNDEEP
content-management-systemsilverstripe
spierala
spierala

Reputation: 2699

silverstripe external authentification

there is a custom login form that should give users access to certain contents on the same page. That works so far with Users stored as Members in the SS database and I was checking after Login if the user has permissions like this in the Page Class:

function isAllowed() {
    if (Member::currentUser()) {
        $PresseGroup = DataObject::get_one('Group', "Code = 'presse'");
        $AdminGroup = DataObject::get_one('Group', "Code = 'administrators'");
        if (Member::currentUser()->inGroup($PresseGroup->ID) || Member::currentUser()->inGroup($AdminGroup->ID)) {
            return true;
        }
    }
}

in the Template I just did this:

<% if isAllowed %>  
SecretContent
<% end_if %>

OK so far, but now the users will not be stored in the silverstripe database - they are stored on a another server.

On that external server is running a little php script accepting the username and password. The script just returns user has permission: true or false.

I´m calling that script via cURL.

I planned to overwrite the dologin Function of MemberLoginForm. Now I just wonder how to check after Login that the User got the permission and display the contents... I tried to set a variable in the controller of the Page or should I set a session Variable? Thats my attempt (CustomLoginForm extends MemberLoginForm):

public function dologin($data) {
if(userHasPermission("user1", "pw")==true){
    $this->controller->Test("test");     
}
$link = $this->controller->Link();
$this->performLogin($data);
$this->controller->redirect($link);
}

I hope someone can help me with that - I know very specific - problem. Many thanx, Florian

Upvotes: 0

Views: 745

Answers (1)

Zauberfisch
Zauberfisch

Reputation: 4015

In SilverStripe you can create a custom authenticator, which means users can log in on your website with accounts that are stored somewhere else, or even just a hard coded user and password. You can check out the OpenID Authentication Module for example code on how to do it

But for your task this might even be to complex of a solution, how about after login just do something like Session::set('isAllowed', true); and to check if the user is allowed to view:

function isAllowed() {
    if (Member::currentUser()) {
        $PresseGroup = DataObject::get_one('Group', "Code = 'presse'");
        $AdminGroup = DataObject::get_one('Group', "Code = 'administrators'");
        if (Member::currentUser()->inGroup($PresseGroup->ID) || Member::currentUser()->inGroup($AdminGroup->ID)) {
            return true;
        }
    }
    // if Member::currentUser() is not allowed to view, 
    // return the session, which is either set to true or it returns null if not set 
    return Session::get('isAllowed');
}

Upvotes: 1

Related Questions