<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
Yes, thanks Moshe, I will definitely include this technique in my modules. <div><br class="webkit-block-placeholder"></div><div>Dave<br><div><div>On Feb 5, 2008, at 7:56 AM, Neil Goodman wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Thanks. Those suggestions are certainly helpful and I will try it out tonight (thanks for the security tip Moshe). I think you are right that permissions might be the problem.<br><br>Does anyone else know what permissions cron is run under? It would be nice if it ran under user 1 permissions, but I don't think this is the case as this same problem is happening when my module runs under cron. Can I use David's method of switching users in cron? That seems counter-intuitive to me because I wouldn't think there would be a user object for me to manipulate.<br> <br>Neil Goodman<br><br><div class="gmail_quote">On Feb 5, 2008 9:05 AM, Moshe Weitzman <<a href="mailto:weitzman@tejasa.com">weitzman@tejasa.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> This is quite a dangerous operation. If you don't change back to the<br>original uid, whomever calls this page gets to be uid=1 on the next<br>request. There are many reasons why a page might not complete so you<br>have to defend against it. Thanksfully, core now makes this easy. Just<br> add a call to session_save_session(FALSE) before the user_load().<br>After you are done with your save operations, call<br>session_save_session(TRUE).<br><div><div></div><div class="Wj3C7c"><br>On Feb 5, 2008 9:33 AM, David Metzler <<a href="mailto:metzlerd@metzlerd.com">metzlerd@metzlerd.com</a>> wrote:<br> ><br>> Here's an example from my CAS module.<br>><br>> // Become user 1 to be able to save profile information<br>> $admin = array('uid'=> 1);<br>> $user = user_load($admin);<br> ><br>> If you're operating as a normal user you'll want to save away the value of<br>> the current user, become admin , do your save stuff, then become the normal<br>> user again. Something like:<br>><br> > global $user;<br>> $temp_user = $user;<br>> $admin= array('uid' => 1);<br>> $user = user_load($admin);<br>><br>> ... do some save stuff<br>><br>> $user = user_load($temp_user);<br> ><br>><br>> This of course should only be used when you're trying to circumvent<br>> permissions checked by user_save() (do you have permissions to modify user<br>> roles for example).<br>><br>> I thought there used to be code in cron.php to do this, but I think I may<br> > just be remembering wrong. Perhaps someone else on the dev list could answer<br>> the question of who the cron user executes as.<br>><br>> As I said, not 100% sure this is your problem, but I do know you'll have<br> > problems having generic users sync up their roles unless you do this<br>> permissions escalation.<br>><br>><br>><br>> On Feb 5, 2008, at 5:46 AM, Neil Goodman wrote:<br>> No, how do I go about transitioning to user 1 for the save operations?<br> ><br>> Right now I just call the function and I assume the permissions would be of<br>> whoever is using the module at the time. How do permissions get determined<br>> with things like hook_cron()?<br>><br> > Neil Goodman<br>><br>> On Feb 4, 2008 10:44 PM, David Metzler <<a href="mailto:metzlerd@metzlerd.com">metzlerd@metzlerd.com</a>> wrote:<br>> ><br>> > Last time I ran into something close to this it was because of<br> > permissions. Are you transitioning to user 1 for the save operations?<br>> ><br>> ><br>> > Might be completely off base.... but that's my experience.<br>> ><br>> ><br>> ><br>> ><br> > ><br>> ><br>> ><br>> ><br>> > On Feb 4, 2008, at 5:34 PM, Neil Goodman wrote:<br>> ><br>> > Hello,<br>> ><br>> > I'm currently trying to solve a bug report for my module<br> > (<a href="http://drupal.org/node/217639" target="_blank">http://drupal.org/node/217639</a>). rallycivic keeps getting a "__clone method<br>> called on non-object" when he runs a function in my module. My module runs<br> > through a CiviCRM database and pulls out certain CiviCRM contacts that have<br>> membership status. The goal is to get this status synchronized to a Drupal<br>> role. There is a static method in the CiviCRM API called<br> > CRM_Core_BAO_UFMatch::getUFId(). This method will take a CiviCRM contact id<br>> and return its corresponding Drupal uid. I then take this list of uids and<br>> pass it to the user_multiple_role_edit() function. This function uses the<br> > user_save() function to apply role changes. I think that one of rallcivic's<br>> uids is causing an issue with this function. From reading the user_save()<br>> function's code I can see that it tries to create a new user if the uid<br> > doesn't exist. For some reason I think it is trying to do this on a valid<br>> uid, which throws a duplicate error that rallycivic has found in watchdog:<br>> ><br>> > "Location<br>> <a href="http://chelmsfordmc.co.uk/admin/settings/civimember_roles/manual_sync" target="_blank">http://chelmsfordmc.co.uk/admin/settings/civimember_roles/manual_sync</a><br> > > Referrer<br>> <a href="http://chelmsfordmc.co.uk/admin/settings/civimember_roles/manual_sync" target="_blank">http://chelmsfordmc.co.uk/admin/settings/civimember_roles/manual_sync</a><br>> > Message Duplicate entry '' for key 2 query: INSERT INTO users (uid,<br> > created, access) VALUES (404, 1202163268, 1202163268) in<br>> /home/chelmsf/public_html/includes/database.mysql.inc on line 172."<br>> ><br>> > Then the drupal_clone() function is called on a bogus object and throws<br> > the clone method error. At least, that is what I think is happening.<br>> ><br>> > Has anyone ran into a situation similar to this before?<br>> ><br>> > Neil Goodman<br>> ><br>> ><br> ><br>><br>><br></div></div></blockquote></div><br></blockquote></div><br></div></body></html>