[Loris-dev] Granular and time expiring permissions on LORIS.

Thu May 31 17:16:16 EDT 2018

Hi Rolando,

No this functionality does not currently exist in LORIS, you are the first
project asking for it from what I can tell.

If I was to implement this feature, I would do it the following way:
- add 2 columns to the users table in the database (`active_from` DATE,
`active_to` DATE)
- modify the edit_user form (link
https://github.com/aces/Loris/blob/minor/modules/user_accounts/php/edit_user.class.inc)
to add 2 new fields
    - copy the entire module (user_accounts) into your project/modules/
directory
    - the _process(), _validateEditUser() and setup() functions will need
to be modified to add the 2 new fields ('Active Date From', 'Active date
To')
    - modify the template file for edit user (link
https://github.com/aces/Loris/blob/minor/modules/user_accounts/templates/form_edit_user.tpl
)
- copy the php/libraries/SinglePointLogin.class.inc into the
project/libraries/ directory and add a check to verify the date of activity
and change the `users`.`active` database field from 'Y' to 'N' if the login
attempt is at a date later then `active_to`. This needs to be added at the
right line, before the check for the users active flag (link:
https://github.com/aces/Loris/blob/minor/php/libraries/SinglePointLogin.class.inc#L316).
If done correctly the activity check will fail if the date is passed.

At this point with the additions above the system should automatically
check the authorized dates, and update the users.active field to represent
if a user is authorized or not to access. LORIS's current infrastructure
already checks for that flag before allowing login. Note that all/any field
names can be named to your liking I just suggested the ones above as
examples.

If this is implemented correctly (in a non-hacky way) it is welcome to be
submitted as a PR to our repo which might be merged into a future release
and that would spare you overrides later on (overrides being the module and
library file that were moved into the project directory).

Best of luck and let us know if you need more details,
Rida Abou-Haidar
CCNA Software Developer
Montreal Neurological Institute
McGill University
rida.loris at gmail.com

On Wed, May 30, 2018 at 10:04 AM Rolando Acosta <rolando.acosta at cnbp.ca>
wrote:

> Good morning loris-dev,
>
> For the project we are working on CHU Sainte-Justine we realize we will
> need to set (for a given user) access to the system but only for a given
> time window.
>
> We have identify that there is an option to make an user active or
> inactive checking a Box on the user's permission config.
>
> What we are wondering is if there are an easy way for a "DataCenter
> manager"... let call it this way... to (at the time of creating a user or
> later on) set for example that it will be only active from May 30 2018 to
> June 20 2018?
>
> I know its a very specific requiriment of our project but if you have
> already implemented this functionality or can give us any insight of how to
> do it will be great.
>
> Thank you very much,
> Rolando Acosta (CHU Sainte-Justine)
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> http://www.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20180531/4b9f1092/attachment.html>