2 Posts
Prakash
10 years ago
9
Topic
Hi

We've installed SEBLOD recently, and started using it for most common requirements in our website. The more we use it, the more we are loving it.
We've user groups defined in the website and want to automatically assign users depending on the user selection in the registration form.
For eg. Event managers, Event services vendors etc.
With Joomla default form, we've achieved it through a plug-in. How the same can be done with SEBLOD.

Can someone please help us.

thanks
Prakash.
Get a Book for SEBLOD
10 years ago
0
Level 1
I am looking for answers to satisfy the same requirement. This is the first topic I've seen related to it, but I'm still looking. Prakash, did you figure it out, or find an answer elsewhere? If so, I'd be grateful if you would share it.

Thanks,
Denver
10 years ago
2
Level 1
I'm relatively new to SEBLOD and was initially blocked by a similar challenge. I've sorted it out now, and have this feedback to offer as one way to do it. There may be other ways, but this is working well for me.

I created a simple select field containing a list of "user types" paired with numeric parameters corresponding to the IDs of the user groups I want them assigned to. I then configured storage for the field as Standard > User > groups. Now when the user selects their user type during registration, their choice determines and sets the correct group ID when the form is submitted.

Note, however, that doing it this way poses a potential security risk. Having a field, even a hidden field, in a form and calling it "user group ID" or anything similar, potentially exposes your access control model to abuse by anyone clever enough to change that ID. At minimum, care should be taken to obfuscate the label of that field. Even better would be to find a solution that doesn't render the field on the front end at all. If anyone has ideas, I'd like to hear them.
10 years ago
1
Level 2
I did the same way, but I used checkbox field with possibility to choose few groups (upto all). Similar as you described...with values=ID of group. I didn't finish my project yet. But I really would like to know if there is a risk to have a case if user may get admin rights...
10 years ago
0
Level 3
Hi terveg.

I perceive some risk potential if it is obvious that the checkboxes (or any type of field) is assigning users to a user group. It would be less obvious, for example, if the user is only selecting a "customer type" or some other attribute that doesn't overtly imply that it is directly linked to user groups on the backend. If a savvy person with malevolent intentions or just a curious hacker suspects the relationship, they could easily spoof the form code and submit the field substituting values by trial and error until they discover a value that gives them more access, potentially even admin access. To some developers, this may seem an unlikely risk and unnecessary concern. But I learned my way around the Internet as a kid in the "old" days, literally hanging out in alleys plugged into other people's phone lines, to access other people's servers without permission. Other than trespassing, I never did any harm, but it makes me very aware that there are always people who, even if they are only curious, are looking for ways to exploit any weakness in our systems.

It seems very possible to me; enough so that merely obfuscating the field's name and purpose is inadequate for my needs. The approach may allow for the user to select a value in the form, which can then be used to assign them to a user group, but it is my opinion that the value should not be assigned directly to Standard > User > groups. A more secure alternative would be to evaluate the user's selection and add it to the table only if it is an allowed value. That is the approach I'm now considering.

I am also interested in other ways people have dealt with this requirement.
10 years ago
0
Level 1
Seems that we may be standing on the shoulders of giants who have been here and considered this before. I haven't tested this fully, but configured a quick prototype to test this theory. At least from my limited test, it appears that Joomla or SEBLOD may prevent assigning users to the Super Admin group from the front-end. Using the same methods we have used to successfully add users to other groups, I was unable to add a user to the Super Admin group. That may eliminate the greatest risk. Though exactly which groups are allowed to be added from the front-end and which are not isn't yet clear. More testing will determine that. I'll also do some research to see if the answer is published somewhere online. All considered, it seems the risk may be less than I've imagined, but it is still a risk that someone could assign themselves to some user group/groups that you do not intend.
10 years ago
0
Level 1

Has anyone figured a solution out for this yet?

I tried doing some radio boxes and having the user select one or the other.

No=3 (guest) Yes=2 (registered)

I set it up so that the numbers correspond to the user group ID and the storage was set in the User Group. It didn't work. Did not matter what the selection was, the person just became a registered member.

4229 Posts
Kadministrator
10 years ago
1
Level 1

Hi,

you need to use User (not user groups) storage and manually set column to groups (as there is no groups column in joomla 3 you won't be able to use << ). Or you can use UserGroups field that is already included in default Seblod and has this storage correctly set.

10 years ago
0
Level 2

A major thank you to you Klas. This is totally awesome.
I had been trying to get this for years with other extensions. But, ran into errors and a slow site.

I used the radio buttons I created and kept the same options:
No=03, Yes=02 (the numbers representing the group ID).

Then I set the storage to the following:
Standard - User - groups

Pretty much just copying the UserGroups storage settings.

Now when someone registers with the site they make a radio selection and are automatically placed into the correct group.
Thank you again.

10 years ago
0
Level 1

Hi everybody, 

As I like to complicate my tasks. I have in fact a problem. I have several groups in which I would like to register my users. 3 at least with different inputs.

Do you know if there is an solution for me to make it work without overriding my usergroups field for each input.

I think that my solution is the fact of using an SD Concat hidden field. so that I can get result input1, result input2. 

So, I get my desired result in a stored field but I face the problem told here

http://www.seblod.com/community/forums/fields-plug-ins/multiple-user-groups-chosen-by-users

"""""

I've found out that J3! creates one row in table #__user_usergroup_map per each group,...like

group_id /user_id
666 / 1
666 / 2

where 666 is ID of user and 1,2...user group(s).

Therefore, it's not possible to write the retreived data from SD concat in the DB table.
Any ideas how to setup fields??? maybe there is a solution how to customize standard user_groups field and allow users multi-select only custom group ID's (at the moment user may choose Administrator!! group)

"""""

Do you know if there is a way to automatically map the stored field in table #__users and with value 1,4,7 as an exemple to the correct J3 map

in table #__user_usergroup_map:

group_id /user_id
666 / 1
666 / 2

At first I aimed at developping a storage plugin to do it. But when I phoned Mehdi at Octopoos, he told me that there is an existing solution without the need of a new plugin. Can someone describe me the best way to do it?

Could it be possible also to add a parent filter in the Usergroup Field so that We can have a multiple usergroups choice but not a complete one. 

Thanks for your quick answer.

Get a Book for SEBLOD