User in Group permissions update without logout

Nen · 2019-09-03 06:35:16 UTC

Matrix Version: 5.5.2

– Local Matrix User Accounts. Just basic User assets (not editing accounts) –

Has anyone successfully setup something easy in their Matrix system that works to immediately apply the new permissions granted via being moved into a new User Group, without requiring a logout and login again?

Had a theory that maybe the “Join User Group for Session” could help, since it seemed to suggest that it would apply temporary permissions, but I haven’t managed to get it to have any affect (despite Logs saying the trigger succeeded to join the group for the session).

We want users to be able to be moved to new user groups without the need for them to logout & log back in.

Hoping someone out there has a successful method I can copy!
Thanks,
Emily

Bart · 2019-09-08 11:01:03 UTC

The “Join User Group for Session” trigger should immediately reflect the new user group permissions the users become part of as a result of this trigger action. If that’s not happening, maybe there is some other misconfiguration of perhaps even a bug.
Can you share the setup of your trigger?

Nen · 2019-09-10 03:29:10 UTC

This is quite possible, and hopefully is just a misconfiguration on my part! That tends to be the easiest to solve

My setup at current…

Event trigger: Asset Lookups Updated
(because it will be triggered when moving a User to a new User Group)
(I had also tried After Web Paths Updated, since the User Group is currently located within a Site with a URL and therefore has a URL - but this may not be the case in the final situation, so I think Lookups is a better option)
(Would “Link Created” be better? Does “moving” trigger as a Link created in the new location?)

Conditions:

Asset is of Type: User
Tree Location: (folder that holds all the User Groups for this site)
(This folder only has 1 location in our asset map)

Actions:
Join User Group for Session: (Asset ID for User Group that I am testing the trigger with. Currently I have it set to a specific User Group which I am moving the asset INTO and want the permissions of applied.)

(Once this is working, I would like to change it to be dynamic as “the user group that the asset has just been moved to” - which I think I might be able to achieve by using the asset_parent keyword (hypothesis)).

I have not selected “Ignore Permissions” on the action, but I don’t think this is the issue, because I am currently testing by manually moving the User from one group to another in the Admin interface, and I have a System Admin account. Both user groups are within the defined Tree Location.

The System Log reports it has successfully actioned my Trigger. (I have removed asset IDs below)

(Asset Link Created) - “username” [# ] was successfully linked to “UserGroup2” [# ]|

(Asset Link Deleted) - “username” [# ] was successfully unlinked from “UserGroup1” [# ]|

(Asset Lookups Updated) - Asset “username” has successfully updated its lookups|

(Trigger Execution Success) - SUCCESS
Trigger “Join Group for Session” (# ), Event: “trigger_event_lookups_updated” broadcast by Asset: “username” (# ))|

No errors in the Error Log.

But username account is still unable to view pages which are only accessible by UserGroup2, not UserGroup1. Until it logs out and re-login, of course - in which case it can. Even when adding /_nocache to the URL for good measure.

Thank you for your help with this.
I am hoping something in the above is an error in my config!
Emily

mfong · 2019-09-10 05:16:07 UTC

Hi, Emily - I think I see your problem.

As per the documentation, the Join User Group for Session trigger only works on the current user’s session - that is to say, the user whose action caused the trigger to fire.

So what you’re actually accomplishing there is to dynamically add your own user account to UserGroup2, not the other user account which you’re moving to the new group.

Nen · 2019-09-10 05:54:05 UTC

Thanks! I hadn’t realised that specific nature of the event firing on the “mover” rather than the “movee” as the “current” user.

However, that means that if I link it up with a trigger than is initiated by a user’s action (which was the final intent anyway!) then it shall work!

For the sake of any future people finding this thread, I will try to remember to update with whether this solved the problem or not.

Thank you so much! Being able to get this type of help (and so quickly often!) is part of what makes Squiz Matrix my favourite CMS.

Nen · 2019-09-10 06:14:56 UTC

I can confirm the problem was the action being initiated by my admin account manually moving it, rather than a trigger initiated by the User’s own action.
It now successfully reflects being part of the new UserGroup2.