Disable User Account

A place to discuss development of the Xataface core.

Disable User Account

Postby ADobkin » Sun Aug 07, 2011 3:47 am

I have implemented a new method to disable user accounts in my application and want to share how I did it. This option is useful for when an account needs to be deactivated to prevent logins, but all other credentials (userID, username, password e-mail address, etc.) need to be preserved so it can be re-enabled in the future if needed. It also allows relationships to the user account to be preserved so other records will show the correct user information rather than a pointer to an ID that no longer exists. Hopefully, someone else can benefit from this, or maybe something similar will be incorporated into a future version of Xataface. I would also welcome any feedback or tips on how to make improvements to this process.

First, create a new role in the user table called "DISABLED". I contemplated using a separate flag for this purpose so the original role would be preserved. But this is easier for now, and it has the added benefit of not giving out other permissions to this account by mistake in other delegate classes based on the original role (without checking the disabled flag).

Next, implement a new action in actions.ini:

Code: Select all
[account_disabled]
   template=Dataface_Account_Disabled.html


The purpose of this action and custom template is to display a more specific error message when the user tries to log in. Otherwise, the default error message of "Permission Denied" may be somewhat misleading.

Add a new permission and associate it with the new role in permissions.ini:

Code: Select all
disabled = "Account Disabled"

[DISABLED]
     disabled = 1


Finally, the bulk of the work is done in the Application Delegate. I'm sure there are some opportunities for improvement here, but it seems to work as is:

Code: Select all
        function getPermissions(&$record) {
                $auth =& Dataface_AuthenticationTool::getInstance();
                $user =& $auth->getLoggedInUser();
                if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
                $role = $user->val('role');
                $perms = Dataface_PermissionsTool::getRolePermissions($role);
                return $perms;
        }

        function getPreferences() {
                $auth =& Dataface_AuthenticationTool::getInstance();
                $user =& $auth->getLoggedInUser();
                // Disable all unnecessary features to unauthorized users
                $disableFeatures = array(
                                'show_result_stats'=>0,
                                'show_jump_menu'=>0,
                                'show_result_controller'=>0,
                                'show_table_tabs'=>0,
                                'show_actions_menu'=>0,
                                'show_tables_menu'=>0,
                                'show_search'=>0,
                                'show_record_actions'=>0,
                                'show_recent_records_menu'=>0,
                                'show_record_tabs'=>0,
                                'show_record_tree'=>0,
                                'show_bread_crumbs'=>0);
                if (!isset($user)) {
                        return $disableFeatures;
                } else {
                        $role = $user->val('role');
                        if ($role == 'NO ACCESS' or $role == 'DISABLED') {
                                return $disableFeatures;
                        } else {
                                return array();
                        }
                }
        }

        function beforeHandleRequest() {
                $app = Dataface_Application::getInstance();
                $query =& $app->getQuery();
                $auth =& Dataface_AuthenticationTool::getInstance();
                $user =& $auth->getLoggedInUser();
                // If the user is logged in with a disabled account,
                // display the account_disabled action
                if (isset($user)) {
                        $role = $user->val('role');
                        if ($role == 'DISABLED') {
                                $query['-action'] = 'account_disabled';
                        }
                }
        }


I also had to add another function and a condition to the "personal tools" actions in the actions.ini file in order to remove the "My Profile" and "Change Password" links. We don't want disabled users to access these functions, and the account disabled page should be as plain as possible (devoid of these other features).

Code: Select all
[my_profile]
        condition="(df_is_logged_in() and isactive())"

[change_password]                     
        condition="(df_is_logged_in() and isactive())"


The isactive() function is defined separately:

Code: Select all
function isActive(){
        $user =& getUser();
        if ($user and $user->val('role') <> 'NO ACCESS' and $user->val('role') <
> 'DISABLED') return true;
        return false;
}


Enjoy!

Alan
ADobkin
 
Posts: 195
Joined: Mon Oct 22, 2007 7:31 pm
Location: Atlanta, GA, USA

Re: Disable User Account

Postby ADobkin » Sun Aug 07, 2011 8:09 pm

ADobkin wrote:I also had to add another function and a condition to the "personal tools" actions in the actions.ini file in order to remove the "My Profile" and "Change Password" links. We don't want disabled users to access these functions, and the account disabled page should be as plain as possible (devoid of these other features).
...
The isactive() function is defined separately:


FYI, I just found the "hide_personal_tools" preference option. So, now I have added this to the disableFeatures array in the Application Delegate. The last two changes above in actions.ini and the isactive() function are longer necessary.

Code: Select all
     ...
     'hide_personal_tools'=>1,
     ...


Alan
ADobkin
 
Posts: 195
Joined: Mon Oct 22, 2007 7:31 pm
Location: Atlanta, GA, USA

Re: Disable User Account

Postby jonbfl » Fri Aug 19, 2011 8:47 am

That's excellent -

It's a feature forum developers often miss, but admins BEG for. (I'm a forum project member)

TOO BAD ITS NOT IN PERL (and too bad we don't have an OO framework to live in) :lol:

thanks - I have a future use for it... :idea:

8)
jonbfl
 
Posts: 66
Joined: Thu Jul 28, 2011 8:20 pm


Return to Xataface Developers

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved