Ticket #665 (closed Enhancement: fixed)

Opened 6 years ago

Last modified 6 years ago

createUserAccount: new service method needed for the dm4-sign-up module

Reported by: Malte Owned by: jri
Priority: Blocker Milestone:
Component: DeepaMehta Standard Distribution Version: 4.3
Keywords: Cc: Malte
Complexity: 3 Area: Application Framework / API
Module: deepamehta-accesscontrol

Description

The goal of this method would be, that a "User Account"-Topic is created which the user can edit the topic itself (e.g. to change password). I assumm that means that in the end the user acocunt-topic has to have set (its own) "username" as "owner" and "creator". These two things are what the desired service-call needs to do.

So assignment of the new username resp. user-account to a workspace would be explicitly the task of the application developer.

To achieve that I can now imagine to
(A) set these correct username manually after the topic was created,
(B) pass the "username" on to the createTopic()-call directly (which might be prove handy in other scenariios too, e..g plugins connecting third party services for users),
(C) use some "createUserAccountTopic()"-Service call provided by the ACL-Plugin-Service.

Maybe there is a solution to this and I would very much appreciate any help here.

The dm4-sign-up plugin renders useless in an environment without this service-call.

Case 1:
http://wikidata-topicmaps.wmflabs.org is live since but cannot be used.

Case 2 & 3: Kept secret for the moment.

I would appreciate any help (and if possible, a release of this as a bugfix on the 4.3-Branch, not on the 4.4 since - there were already quite some changes introduced which would touch me in all three cases resp. wait until the 4.4. release when I want to make use of it).

Thanks & Cheers!

Change History

comment:1 Changed 6 years ago by jri

Your plugin could implement such a method on its own. It would use the AccessControlService? to setup creator/owner/ACL on the new User Account. Thus, the new user will be able to edit its own account e.g. in the Webclient.

import de.deepamehta.plugins.accesscontrol.model.AccessControlList;
import de.deepamehta.plugins.accesscontrol.model.ACLEntry;
import de.deepamehta.plugins.accesscontrol.model.Credentials;
import de.deepamehta.plugins.accesscontrol.model.Operation;
import de.deepamehta.plugins.accesscontrol.model.UserRole;
import de.deepamehta.plugins.accesscontrol.service.AccessControlService;

AccessControlService accessControl;

@GET
void createUserAccount(String username, password) {    // "password" is the clear password. It will be stored encrypted.
    Credentials cred = new Credentials(username, password);
    Topic userAccount = dms.createTopic(new TopicModel("dm4.accesscontrol.user_account", new CompositeValueModel()
        .put("dm4.accesscontrol.username", cred.username)
        .put("dm4.accesscontrol.password", cred.password)), null);
    accessControl.setCreator(userAccount, username);
    accessControl.setOwner(userAccount, username);
    accessControl.setAcl(userAccount, new AccessControlList(
        new ACLEntry(Operation.WRITE,  UserRole.CREATOR, UserRole.OWNER)
    );
}

Note: a workspace assignment is not required as UserRole?.MEMBER is not set here.

Tell me if this works for you.

Last edited 6 years ago by jri (previous) (diff)

comment:2 Changed 6 years ago by Malte

Thanks very much for your response but sadly this simple solution does not work for me.

For details please have a look at the crashing createTopic-Call of which I submitted a stacktrace here:
https://trac.deepamehta.de/attachment/ticket/405/creating_own_user_account_without_session.txt

comment:3 Changed 6 years ago by Malte

And yes, the solution proposed here by you is exactly what I meant with option (A) set the correct ACL values by myself after topic-creation (see ticket description) and I would have done it already if the createTopic-Call would not crash beforehand.

comment:4 Changed 6 years ago by jri

Aah, OK, I see the problem.

I would proceed as follows then: I patch the AccessControl? module in the way that it not tries to set creator/owner/ACL information in case no user is logged in. In this case its up to the developer to set this information manually (as shown in the solution proposed above). The exception would not occur anymore.

I would do it in the current master branch. We could release that as DM 4.3.1 now or later, but before the workspace-acl branch is merged (which brings crucial incompatibilities resp. needs migrations). In contrast the current master branch introduces only little incompatibilities, and your plugins would be easy adaptable (and would definitely benefit from the changes).

What do you think?

comment:5 Changed 6 years ago by Jörg Richter

Fix: create User Acount without session (#665).

When a User Account topic is created (via dms.createTopic()) while no session exists (that is no user is logged in) no exception occurs. The created User Account topic (and its child topics) will have no creator/owner/ACL information. It's up to the developer to set these manually afterwards.

See #405.
See #665.

comment:6 Changed 6 years ago by Jörg Richter

Fix: create User Acount without session (#665).

When a User Account topic is created (via dms.createTopic()) while no session exists (that is no user is logged in) no exception occurs. The created User Account topic (and its child topics) will have no creator/owner/ACL information. It's up to the developer to set these manually afterwards.

See #405.
See #665.

comment:7 Changed 6 years ago by jri

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.