Notifications
Clear all

Roles issue on members area use case. ❓❓

 
Array
(
    [user_login] => 86a225207084cede790b61024aa51d9f
    [user_nicename] => 86a225207084cede790b61024aa51d9f
    [user_email] => 
    [user_url] => 
    [user_registered] => 2023-11-08 04:24:12
    [user_activation_key] => 
    [display_name] => 86a225207084cede790b61024aa51d9f
    [first_name] => 
    [last_name] => 
    [userid] => 399
    [title] => Member
    [groupid] => 3
    [secondary_groupids] => Array
        (
        )

    [groupids] => Array
        (
            [0] => 3
        )

    [avatar] => 
    [cover] => 
    [posts] => 2
    [topics] => 1
    [questions] => 0
    [answers] => 0
    [comments] => 0
    [reactions_in] => Array
        (
            [up] => 0
            [down] => 0
            [__ALL__] => 0
        )

    [reactions_out] => Array
        (
            [up] => 0
            [down] => 0
            [__ALL__] => 0
        )

    [points] => 4
    [custom_points] => 0
    [online_time] => 1701713664
    [timezone] => UTC+0
    [location] => 
    [signature] => 
    [occupation] => 
    [about] => 
    [status] => active
    [is_email_confirmed] => 
    [is_mention_muted] => 
    [fields] => Array
        (
        )

    [group_name] => Registered
    [group_color] => 
    [profile_url] => https://cardanopress.io/participant/86a225207084cede790b61024aa51d9f/
    [dname] => 86a225207084cede790b61024aa51d9f
    [rating] => Array
        (
            [level] => 0
            [percent] => 0
            [color] => #d2d2d2
            [title] => New Member
            [badge] => far fa-star-half
        )

    [ID] => 399
    [user_pass] => $P$B/363Ne/rO7lyykylFYkCq7YJQW.DE1
    [user_status] => 0
    [name] => Registered
    [cans] => a:36:{s:2:"mf";s:1:"0";s:2:"ms";s:1:"0";s:2:"mt";s:1:"0";s:2:"mp";s:1:"0";s:3:"mth";s:1:"0";s:2:"vm";s:1:"0";s:3:"aum";s:1:"0";s:2:"em";s:1:"0";s:3:"vmg";s:1:"0";s:3:"aup";s:1:"1";s:4:"vmem";s:1:"1";s:9:"view_stat";s:1:"1";s:4:"vprf";s:1:"1";s:4:"vpra";s:1:"1";s:4:"vprs";s:1:"0";s:2:"bm";s:1:"0";s:2:"dm";s:1:"0";s:3:"upc";i:1;s:3:"upa";s:1:"1";s:3:"ups";s:1:"1";s:2:"va";s:1:"1";s:3:"vmu";s:1:"0";s:3:"vmm";s:1:"0";s:3:"vmt";s:1:"1";s:4:"vmct";s:1:"1";s:3:"vmr";s:1:"1";s:3:"vmw";s:1:"1";s:4:"vmsn";s:1:"1";s:4:"vmrd";s:1:"1";s:3:"vml";s:1:"1";s:3:"vmo";s:1:"1";s:3:"vms";s:1:"1";s:4:"vmam";s:1:"1";s:4:"vwpm";s:1:"1";s:3:"caa";i:1;s:12:"vt_add_topic";i:1;}
    [description] => 
    [utitle] => Registered
    [role] => subscriber
    [access] => standard
    [color] => 
    [visible] => 1
    [secondary] => 1
    [is_default] => 1
    [umeta_id] => 12328
    [user_id] => 399
    [meta_key] => last_name
    [meta_value] => 
)
86a22...
Posts: 2
New Member
Topic starter
 

Hi, CardanoPress community! 👋🏽

 

I've been working on redesigning my website, and I've also been setting up a members area using CardanoPress' NFT gating functionality.

 

I have a question. What happens is that when I edit the role assigned to an NFT, whether it's a general role for a policy ID or another role for a specific asset of that policy ID.

 

The role assignment appears to go from top to bottom depending on how the PIDs are organized in CardanoPress.

 

My main concern is that when a user no longer owns any NFTs from any of the PIDs in CardanoPress, the roles are not deactivated. This worries me for the members area because the user could still access private content since they retain the role.

 

I've verified this in the usermeta database table during a test on the mainnet, and it happens in the same way.

 

I hope I've made my point clear. If I'm missing something, please let me know.

 

- Mr. Intangble 💚

 
Posted : 08/11/2023 2:43 pm
Pete
 
Array
(
    [linkedin] => 
    [instagram] => 
    [vkontakte] => 
    [youtube] => https://www.youtube.com/learncardano
    [telegram] => 
    [facebook] => 
    [twitter] => https://twitter.com/astroboysoup
    [skype] => 
    [user_login] => [email protected]
    [user_nicename] => astroboysoup
    [user_email] => [email protected]
    [user_url] => https://cardanopress.io
    [user_registered] => 2022-05-30 13:29:29
    [user_activation_key] => 
    [display_name] => Pete
    [first_name] => 
    [last_name] => 
    [userid] => 1
    [title] => Admin
    [groupid] => 1
    [secondary_groupids] => Array
        (
            [0] => 0
        )

    [groupids] => Array
        (
            [0] => 1
        )

    [avatar] => //cardanopress.io/wp-content/uploads/wpforo/avatars/astroboysoup_1.png
    [cover] => 
    [posts] => 33
    [topics] => 5
    [questions] => 0
    [answers] => 0
    [comments] => 0
    [reactions_in] => Array
        (
            [up] => 1
            [down] => 0
            [__ALL__] => 1
        )

    [reactions_out] => Array
        (
            [up] => 0
            [down] => 0
            [__ALL__] => 0
        )

    [points] => 43.5
    [custom_points] => 0
    [online_time] => 1715903138
    [timezone] => 
    [location] => Australia
    [signature] => 

Please be careful of fake DMs

[occupation] => Developer [about] => [status] => active [is_email_confirmed] => 1 [is_mention_muted] => [fields] => Array ( [linkedin] => [instagram] => [vkontakte] => [youtube] => https://www.youtube.com/learncardano [telegram] => [facebook] => [twitter] => https://twitter.com/astroboysoup [skype] => ) [group_name] => Admin [group_color] => #FF3333 [profile_url] => https://cardanopress.io/participant/astroboysoup/ [dname] => Pete [rating] => Array ( [level] => 2 [percent] => 20 [color] => #4dca5c [title] => Eminent Member [badge] => fas fa-star ) [ID] => 1 [user_pass] => $P$BZRo4OExYlLouhXfIB72GUzIZUtvfI1 [user_status] => 0 [name] => Admin [cans] => a:36:{s:2:"mf";s:1:"1";s:2:"ms";s:1:"1";s:2:"mt";s:1:"1";s:2:"mp";s:1:"1";s:3:"mth";s:1:"1";s:2:"vm";s:1:"1";s:3:"aum";s:1:"1";s:2:"em";s:1:"1";s:3:"vmg";s:1:"1";s:3:"aup";s:1:"1";s:4:"vmem";s:1:"1";s:9:"view_stat";s:1:"1";s:4:"vprf";s:1:"1";s:4:"vpra";s:1:"1";s:4:"vprs";s:1:"1";s:2:"bm";s:1:"1";s:2:"dm";s:1:"1";s:3:"upc";i:1;s:3:"upa";s:1:"1";s:3:"ups";s:1:"1";s:2:"va";s:1:"1";s:3:"vmu";s:1:"1";s:3:"vmm";s:1:"1";s:3:"vmt";s:1:"1";s:4:"vmct";s:1:"1";s:3:"vmr";s:1:"1";s:3:"vmw";s:1:"1";s:4:"vmsn";s:1:"1";s:4:"vmrd";s:1:"1";s:3:"vml";s:1:"1";s:3:"vmo";s:1:"1";s:3:"vms";s:1:"1";s:4:"vmam";s:1:"1";s:4:"vwpm";s:1:"1";s:3:"caa";i:1;s:12:"vt_add_topic";i:1;} [description] => [utitle] => Admin [role] => administrator [access] => full [color] => #FF3333 [visible] => 1 [secondary] => 0 [is_default] => 0 [umeta_id] => 3 [user_id] => 1 [meta_key] => last_name [meta_value] => )
Pete
Posts: 33
Eminent Member Admin
 

Hey Mr. Intangble

We actually worked through this use case late last year in regards to how we handle that.

We came up with a few ideas:

1) Automated Reset Permissions
Each time a user logs into the website, the permissions are reset for that user account and data synced again and new permissions set.

This seems like the way to go except that there may be cases where there are permissions already set up on the site for certain user types and we would have inadvertently removed access for users that were not supposed to be removed.

2) Forced Permission Sync

Force the user to to take an action on the website that resets their permission and creates new ones for them.

This might be the way to go but users can simply by pass resetting their permissions to access content on their current permissions settings. There would be gamification methods to encourage the user to update permissions.

 

We're open to other ideas as well if you can think of any to get around this. 

Option 1 would be ideal for me but we'd have to look into what would happen in the various scenarios.

Please be careful of fake DMs

 
Posted : 09/11/2023 10:03 am
 
Array
(
    [user_login] => 86a225207084cede790b61024aa51d9f
    [user_nicename] => 86a225207084cede790b61024aa51d9f
    [user_email] => 
    [user_url] => 
    [user_registered] => 2023-11-08 04:24:12
    [user_activation_key] => 
    [display_name] => 86a225207084cede790b61024aa51d9f
    [first_name] => 
    [last_name] => 
    [userid] => 399
    [title] => Member
    [groupid] => 3
    [secondary_groupids] => Array
        (
        )

    [groupids] => Array
        (
            [0] => 3
        )

    [avatar] => 
    [cover] => 
    [posts] => 2
    [topics] => 1
    [questions] => 0
    [answers] => 0
    [comments] => 0
    [reactions_in] => Array
        (
            [up] => 0
            [down] => 0
            [__ALL__] => 0
        )

    [reactions_out] => Array
        (
            [up] => 0
            [down] => 0
            [__ALL__] => 0
        )

    [points] => 4
    [custom_points] => 0
    [online_time] => 1701713664
    [timezone] => UTC+0
    [location] => 
    [signature] => 
    [occupation] => 
    [about] => 
    [status] => active
    [is_email_confirmed] => 
    [is_mention_muted] => 
    [fields] => Array
        (
        )

    [group_name] => Registered
    [group_color] => 
    [profile_url] => https://cardanopress.io/participant/86a225207084cede790b61024aa51d9f/
    [dname] => 86a225207084cede790b61024aa51d9f
    [rating] => Array
        (
            [level] => 0
            [percent] => 0
            [color] => #d2d2d2
            [title] => New Member
            [badge] => far fa-star-half
        )

    [ID] => 399
    [user_pass] => $P$B/363Ne/rO7lyykylFYkCq7YJQW.DE1
    [user_status] => 0
    [name] => Registered
    [cans] => a:36:{s:2:"mf";s:1:"0";s:2:"ms";s:1:"0";s:2:"mt";s:1:"0";s:2:"mp";s:1:"0";s:3:"mth";s:1:"0";s:2:"vm";s:1:"0";s:3:"aum";s:1:"0";s:2:"em";s:1:"0";s:3:"vmg";s:1:"0";s:3:"aup";s:1:"1";s:4:"vmem";s:1:"1";s:9:"view_stat";s:1:"1";s:4:"vprf";s:1:"1";s:4:"vpra";s:1:"1";s:4:"vprs";s:1:"0";s:2:"bm";s:1:"0";s:2:"dm";s:1:"0";s:3:"upc";i:1;s:3:"upa";s:1:"1";s:3:"ups";s:1:"1";s:2:"va";s:1:"1";s:3:"vmu";s:1:"0";s:3:"vmm";s:1:"0";s:3:"vmt";s:1:"1";s:4:"vmct";s:1:"1";s:3:"vmr";s:1:"1";s:3:"vmw";s:1:"1";s:4:"vmsn";s:1:"1";s:4:"vmrd";s:1:"1";s:3:"vml";s:1:"1";s:3:"vmo";s:1:"1";s:3:"vms";s:1:"1";s:4:"vmam";s:1:"1";s:4:"vwpm";s:1:"1";s:3:"caa";i:1;s:12:"vt_add_topic";i:1;}
    [description] => 
    [utitle] => Registered
    [role] => subscriber
    [access] => standard
    [color] => 
    [visible] => 1
    [secondary] => 1
    [is_default] => 1
    [umeta_id] => 12328
    [user_id] => 399
    [meta_key] => last_name
    [meta_value] => 
)
86a22...
Posts: 2
New Member
Topic starter
 

Ok, I understand.

 

I believe it should be an automatic check. Manual checking is both impractical and insecure due to permissions (roles).

 

Indeed, there are WP hooks that can assist on this task. The catch is removing the roles that web admin may have previously assigned in CardanoPress. It would also be ideal to encourage the creation of specific roles for each NFT gating rule that the administrator wants to define.

 

Regarding on inadvertently removing other permissions/roles, it might be possible to explore an approach where CardanoPress saves the configuration of each NFT gating rule set by the administrator (which is very likely already in place). This way, there would be a record somewhere in the database.

 

For each rule, you could obtain the role that was previously configured as a cache, allowing you to remove it after the administrator updates any of the existing rules. And for the new ones CardanoPress already handles this task well in terms of assigning them.

 

The approach of purging an account with each log out and login seems ideal. I just wonder if CardanoPress performs any kind of automatic sync periodically? This way, it can also address, anticipate, and prevent the scenario where a user simply keeps their session active, and if they sell or no longer own an NFT, they can still have access.

This post was modified 6 months ago by 86a225207084cede790b61024aa51d9f
 
Posted : 14/11/2023 2:18 am