Issue with CiviCRM contact permission after login

edited April 2015 in Drupal
Hi there -

Overall, the system is working great... I can log in with Facebook or Google easily and new Drupal users are created with a specific role (with specific permissions).

One of these permissions is the ability to view/edit their own CIviCRM contact record (name and address) on the Drupal user page. When a user logs in for the first time (and a Drupal user record is created for the first time), they can view and edit this information. However once that user logs out and then logs back in, they can no longer view or edit (trying to edit give me the following error: "You do not have permission to edit this contact record. Contact the site administrator if you need assistance.")

I have tested that the specific role permissions are correct by creating a Drupal user by hand with the same role as above. This user is able to view/edit the contact record each time with no issue.

I have verified that the Drupal UID is consistent each time the user logs in via OneAll and that same UID is present on the CiviCRM contact record (i.e. they are tied to together as the should be).

Can you shed any light on this issue? Is there something about the user that logs in via OneAll that is not exactly the same as the one that logs in via the traditional Drupal login form? If I cannot solve this issue, I fear i will need to look for an alternate social log in method (which I do NOT want to do - I quite like OneAll).

UPDATE - I am relatively certain that what is happening is the code used to log in *existing* users is not allowing CiviCRM to set up a session - while the initial login code *does*. I am looking through the code to see if I can spot the difference - any assistance in this is MUCh appreciated.

Let me know if I can provide another details!

Thanks in advance,
Bill Setzer

Answers

  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Hi Bill,

    thank you very much for the detailed error description.
    We are currently looking into this issue and I will get back to you as soon as we have news.

    Regards,
  • Thanks Claude -

    Please do not hesitate to contact me for further details, screenshots, etc. I look forward to your response...

    Cheers,
    Bill
  • Hi Claude -

    Any luck with this issue? Let me know if you need any additional details from me.

    Thanks much!
    Bill
  • Hi Claude -

    Any luck with this issue? Let me know if you need any additional details from me.

    Thanks much!
    Bill
  • Hi Bill,

    Sorry for late reply. The module seems ok with Drupal.
    We will check under your CiviCRM setup.

    Regards.
  • Hi,

    Do you get the following error message when editing the profile:

    Warning: in_array() expects parameter 2 to be array, null given in CRM_Profile_Form->buildQuickForm() (line 726 of /var/www/tests//sites/all/modules/civicrm/CRM/Profile/Form.php).

    Regards.
  • Hi there -

    Thanks for the reply!

    Not initially, no. Like I said above, when the user is first created, they have access and can edit the profile. On return visits, they cannot (and get a message about not having permissions). No errors.

    However I DO get that exact error when I give the user role the permissions to view/edit ALL CiviCRM profiles (instead of just own).

    I'm guessing it might be related?

    Thanks,
    B.
  • Hi,
    Ok, thanks.
    Yes, it seems related. It appears that when logging in with Social Login, CiviCRM is not able to match the user id with its correct contact id. It is therefore considered another contact, and requires the view/edit ALL profiles permission.
    We're still looking into why the Social Login does not allow CiviCRM to find the correct contact id back.

    Regards.
  • Awesome, thanks for the response. Looking forward to what you find out! Love the social login plugin and hope to continue using it...

    Cheers,
    B.
  • Hi,
    We have a fix for this problem. We will update the plugin on the Drupal web site in the coming days.
    But, if you want you can manually apply the fix now:
    In file /modules/social_login/social_login_core.module :
    At about line 669, replace this:
    if (drupal_strlen(trim($origin)) > 0) { drupal_goto($origin); }
    with this:
    if (drupal_strlen(trim($origin)) > 0) { foreach(module_implements('user_login') as $mod) { if ($mod !== 'social_login_core') { $fun = $mod . '_user_login'; if (function_exists($fun)) { $fun($edit, $account); } } } drupal_goto($origin); // aborts hook processing. }
    Hope this helps.

  • Thanks - I implemented the code and tested. I am getting the following PHP warning:

    Warning: Missing argument 3 for trigger_user_login(), called in /home/robonati/public_html/sites/all/modules/social_login/social_login_core.module on line 675 and defined in trigger_user_login() (line 493 of /home/robonati/public_html/modules/trigger/trigger.module).
    Notice: Undefined variable: category in trigger_user_login() (line 494 of /home/robonati/public_html/modules/trigger/trigger.module).

    In addition, the logged in user still cannot edit their profile.

    Let me know if I can provide any more details.

    Thanks,
    B.
  • I disabled the Trigger module that was throwing the PHP warnings and they are gone... but the original issue remains unfortunately.
  • Hi,
    Thanks for the information. I'll look into it.
    What is surprising, is that after disabling the trigger module, you still get the error.
    Do you need to refresh the module list somehow (this is not a problem in Drupal development mode) ?

    Regards.
  • Hi,
    Could you try it again after replacing at line 674 of /modules/social_login/social_login_core.module :
    $fun($edit, $account); with $fun($edit, $account, NULL);

    Thank you.
  • Hey Frederic -

    Not getting any errors anymore... once I disabled Trigger the errors went away.

    I will add the code and see if anything changes with the permission issue.

    Thanks,
    B.
  • No change - user still cannot edit profile after initial login.

    If you would like to test this behavior, the development URL is http://185.62.238.89/~robonati (click SIGN IN at the top).

    Be sure to sign in with either FB or Google. After that, try changing your name/address. Then logout (there is no logout button yet - use http://185.62.238.89/~robonati/user/logout).

    Then log back in via FB or Google. You'll see the ability to edit the profile is gone.

    Let me know if I can provide any additional details.

    Thanks!
  • Hi Bill,

    Indeed, I was able to edit name/address initially, but not after a re-login.
    This is strange. Thanks to your error reports, the latest code corrections does work for me (edits possible at every login), on a basic Drupal 7.27 / CiviCRM 4.6.3 installation, with the Trigger module enabled (but without adding any actions: do you have Trigger actions configured?).
    The correction I'm referring to is around line 674 of /modules/social_login/social_login_core.module :
    if (drupal_strlen(trim($origin)) > 0) { foreach(module_implements('user_login') as $mod) { if ($mod !== 'social_login_core') { $fun = $mod . '_user_login'; if (function_exists($fun)) { $fun($edit, $account, NULL); } } } drupal_goto($origin); // aborts hook processing. }
    Perhaps you can enable logging features in CiviCRM (system administration / debugging). Then check the Drupal message log for anything suspicious.

    Regards.
  • Well that is good news at least that the code corrections work for you in a different install. I'll enable logging to see if it tells me anything helpful!

    I wasn't using the Trigger module, so I'll just leave it disabled (Rules is better!)

    Thanks!
  • Hello again,

    Just to check, could you send me (say via email) the social_login_core.module file you are using?
    Also, I'll check the Rules module too.

    Thanks.
  • Yes - I'll send to fpinel@oneall.com. I enabled debugging and see no errors in the log (I cleared and all that is in there are sessions started for my test user and yours).

    I also just realized Civi needs to be updated (it's on 4.5.5 - doubt that makes a difference, but you never know).

Welcome!

Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.