I'm noticing that when users log in to my D.7 site for the first time through Netforum authentication they are automatically granted all roles.

Not good!

Help?

-Bram

Comments

james.michael-hill’s picture

Assigned: Unassigned » james.michael-hill

To start with, can you confirm that no boxes are checked at admin/config/people/netforum-roles ? That page should be the configuration noting how netforum people get assigned to Drupal roles. Make sure it is all unchecked and save the form just in case.

If that still does not fix it, what version of PHP are you running? The role setting depends on some array operations and comparisons and I think those functions have been mutating a little bit over the years.

bryan cordrey’s picture

I am experiencing this issue as well. If a user logs in, edits their account and saves the form they received admin roles.

I have no boxes checked on admin/config/people/netforum-roles. I am running PHP version 5.3.10.

kevinquillen’s picture

If it is when a user logs in and edits their account, I would wager it's something in the hook_user_presave(), perhaps:


// NOTE:  We could probably load one less var and work directly with $edit up above
  if ($nf_user_data) {
    foreach ($nf_user_data as $key => $val) {
      $edit[$key] = $val;
    }
  }
  
  if (isset($edit['roles']) && $_netforum_auth_assigned_roles !== true ) {
    //keep track of any roles set in case it was set by an admin.  If the admin added a role that doesn't get set via netforum remember that and
    //add / save it in when the user is loaded.  If the role is later something gets set for this user via netforum, then when it is removed (ie, no longer
    //set via netforum) it will also be removed from the user record.  That means you can make the website override netforum, but if netforum later gives that
    //permission it will be taken away when netforum also takes it away.

    //what's the phrase?  Store em all and let the load sort it out?
    $edit['data']['netforum_auth_admin_set_roles'] = $edit['roles'];
  }

james.michael-hill’s picture

Does anyone have a good spot for testing this out, or want to take lead on it?

The snippet pasted up above puts any assigned roles into a serialized array that gets saved with the user data and compared to the roles provided by netforum. The key reason for that is allowing NF users to be in roles that are not assigned by NF. That does get compared later to the values from NF and the user is put into roles based on that. I could look in the changelogs but I do remember that (relatively) recently I found that some of the PHP array comparison functions did not work like they used to, and those all rely heavily on array comparisons.

What version of the module are you using, the 7.x-1.x-dev package or the 7.x-1.0-beta1 ? I note from the repository at http://drupalcode.org/project/netforum_authentication.git/shortlog/refs/... that the dev branch is slightly ahead of the beta release and does touch on the role handling kevinquillen mentioned. If the dev branch fixes it I will promote that to a release.

kevinquillen’s picture

I only took a cursory look.

I do know that using the array diff group of functions can lead to unintended results. I hovered around hook_user_presave and hook_user_load as a potential culprit here, but until I do any breakdowns with xdebug it will be hard to tell.

bryan cordrey’s picture

James,

I tried the dev branch and it seems like it fixes the problem for me. In particular line 1042:

<?php
 $edit['data']['netforum_auth_admin_set_roles'] = array_filter($edit['roles']);
?>

Link to the commit. I will continue to test this and post if I find any further issues.

bramface’s picture

Thank you for doing this, folks!

-Bram