Users: login on frontend and edit profile

Enonic version: 6.8
OS: linux

Hi !

is there any best-practice how to relate user and profile content type ? And also how to allow user to edit only his profile ?

Thanks !

You can create a CustomSelector that fetches the users and relate them to the profile content.

Essentially, this depends on where you want to store the user “profile”, and how you want to use this. Maybe you can share some insight on this?

Hi !

Thanks for your answers ! We need to import user accounts from another system, each user should have access to his account with edit permission.

For the login part you should probably create an IDprovider, or use an existing one. Where are your users located today? LDAP?

When a user has logged in, it will have a unique identifier, also referred to as the “login”. For a regular LDAP this will be the UID, for an Active Directory this will be a generated value, SAMAccountName i think it’s called.

I would recommend you create the profile item the first time the user visits the site afer logging in (if it does not already exist). You can store the profile as content if you like, but you are probably better off storing this as nodes, using the new node/repo API’s of 6.9. Use the “login” from the user as a reference from the profile object to link it together, as the login will never change.

The profiles could also be imported upfront, this is up to you! Regardless of using content or node API you could implement functionality allowing the user update his profile in your custom controller.

Hope this makes sense?

1 Like

Hi tsi !

Thank you for your help ! I think this is what I need. Do you know where I can see guide how to implement nodes for user profiles and how to use this API ?

Hi!

  1. install the repoXPlorer app, this enables you to browse, create and delete repos.
  2. Read about storage in XP: http://docs.enonic.com/en/stable/developer/node-domain/index.html
  3. Node Lib: http://repo.enonic.com/public/com/enonic/xp/docs/6.9.0/docs-6.9.0-libdoc.zip!/module-lib_xp_node.html
  4. Repo Lib: http://repo.enonic.com/public/com/enonic/xp/docs/6.9.0/docs-6.9.0-libdoc.zip!/module-lib_xp_repo.html

Also, in your app, you should probably use main.js to initialize the repository. Main.js is execute (one time) when the application starts.

Hope this is enough to get you started?

Could you share any details on how you will authenticate the users?

We need to import users from AD. Users should be able to login to create some content and edit their profiles. I’m not sure if we should create new repo for users, because they should be able to login to backend to create content. Also we don’t need to have login form/process on frontend - only login to content studio. Maybe we solve this just by using new user store and permissions, but then it’s not clear for me how to store additional data for user profile. The other way is to create new repo and add each user as a new node as you suggested.

Looks like that I understand how it works :slight_smile: Correct me if I wrong, but looks like that we should create new user store and put all login details there. And then create new repo with nodes just for user content or use existing repo for content studio.

Thanks !

Sounds like you got it…

You can start off using the LDAP login, it should work with AD.
Also, there is a possibility to add additional profile data to the user object itself - but this is intended to be like a cache of data from the authentication source, not like a “facebook profile”.
Try comparing how data are stored using the different identity providers, including Auth0 using the repoXPlorer :slight_smile:

Great if you can share any further progress on this…
Also remember, if you are using content-types to store profiles programmatically, remember to write to the draft branch first, then publish to master!

Just installed Auth0 application and I think this is not what we need. Users should able to select some content types to show this relation on their profile page on frontend. That’s why I think it’s easier and better to have login/edit functionality in backend ( I mean plain user/login interface under /admin url ). Is there any option to have “limited” content studio for such users ? Should we use permissions setup for each user ?

In general our use cases is:

  1. admin user can login/create/edit anything
  2. editors should be able to login, create specific content-types, edit own profile ( add relations to other content )

P.S.: I think we can also try to fork ldap-provider repo and add some functionality to it, but then we need to have another endpoint url for such users or add ldap-id-provider to system user store ( I don’t think that this is a good idea ).

Hmm… Auth0 is not relevant if you are loggin in with LDAP.

  1. Install the LDAP Idprovider
  2. Create a new userstore and Add the LDAP idprovider to it
  3. Add idprovider to a vhost for /admin

So, this will enable you to login in admin with LDAP

Next, I understand you want the users to edit their profile as content in Content Studio, publishing and everything?

Could you help me understand why you would want this approach? What are you actually making here? Logging in to the CMS-admin in order to edit a profile for an intranet user (for instance) seems very strange to me?

I know that Auth0 is for another propose :slight_smile: this was just a test to see how ID provider works and also I don’t have existing ldap server for tests.

After this action admin user ( su/password ) won’t be able to login, correct ? I can create admin user under new user storage before making this changes, but not sure if this is correct. I think su user always should be accessible.

We have a lot of users on AD server ( > 500 ). There we have just basic/plain information about each user. On our site we need to have a “profile” page for each user with picture, bio, interesting links etc. So all this information should be editable in Enonic. Also each user can create article and this article will be on profile page. Hope that make sense :slight_smile:

Btw, I forgot to mention that we don’t have access to AD server :frowning: so instead we will have a csv file with users.

Hi !

Is there any option to setup “self-modify” permission ? For example we have a list of objects created by different users. Each user should have option to read all objects, create new objects, edit objects that were created by current user. I was able to setup read/write/publish permissions, but didn’t find how to setup modify permission. Maybe we can setup hook on content creation or something similar ?

Thanks !

Looks like that I can use events lib and main.js file :slight_smile:

If you add the profile object with desired permissions, and place everything within that object it will inherit the parent permissions. Not sure how events and main.js fits in here?

I still believe having users log into admin to edit things like this is a bad idea, but it is ofcourse faster than creating a front-end interface for doing so.

Thanks for you answer. Main reason why we need to have log into admin panel is that all users are able to create articles. And events + main.js will set modify permissions for each article, so only owner of this article can modify/delete/publish it.