### Helper Command
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
Command to initiate the SSO setup process.
```bash
$ bin/console members:oauth:setup
```
--------------------------------
### Configure Client Scope
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
YAML configuration to define custom scopes for an OAuth2 client, using Google as an example.
```yaml
members:
oauth:
scopes:
google: ['email']
```
--------------------------------
### Install Google OAuth2 Client
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
Composer command to install the Google OAuth2 client library.
```bash
$ composer require league/oauth2-google:^3.0
```
--------------------------------
### Install KnpUOAuth2ClientBundle
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
Composer command to install the KnpUOAuth2ClientBundle.
```bash
$ composer require knpuniversity/oauth2-client-bundle:^2.0
```
--------------------------------
### Install SSO Identity Class
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
Command to install the SsoIdentity class, with the -o flag to skip already installed classes.
```bash
$ bin/console members:install:class -o
```
--------------------------------
### Class Installer Command
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/README.md
Command to install the Members bundle classes. Use the -o argument to also install the SsoIdentity Class.
```bash
$ bin/console members:install:class
```
--------------------------------
### Class Installation
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/README.md
Install the required classes for the MembersBundle.
```bash
bin/console members:install:class
```
--------------------------------
### Enable SSO Feature
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
YAML configuration to enable the SSO feature and set the activation type.
```yaml
members:
oauth:
enabled: true
activation_type: 'complete_profile' # choose between "complete_profile" and "instant"
```
--------------------------------
### Configure Google Client
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
YAML configuration for setting up the Google OAuth2 client, including client ID, secret, and redirect route.
```yaml
knpu_oauth2_client:
clients:
google:
type: google
client_id: 'YOUR_CLIENT_ID'
client_secret: 'YOUR_CLIENT_SECRET'
redirect_route: members_user_security_oauth_check
redirect_params: {}
```
--------------------------------
### Configure Firewall Name
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
YAML configuration to set the firewall name if it differs from 'members_fe'.
```yaml
parameters:
members.firewall_name: your_fw_name
```
--------------------------------
### Composer Installation
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/README.md
Add the MembersBundle to your composer.json and bundles.php.
```json
"require" :
{
"dachcom-digital/members" : "~5.1.0"
}
```
```php
return [
MembersBundle\MembersBundle::class => ['all' => true],
];
```
--------------------------------
### Set Cookie SameSite
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
YAML configuration to set the session cookie SameSite attribute to 'lax'.
```yaml
framework:
session:
cookie_samesite: 'lax'
```
--------------------------------
### MembersResourceMappingListener
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/12_ResourceMapping.md
An example EventListener for mapping user resources during OAuth authentication and registration.
```php
'onProfileMapping',
MembersEvents::OAUTH_RESOURCE_MAPPING_REGISTRATION => 'onRegistrationMapping',
MembersEvents::OAUTH_RESOURCE_MAPPING_REFRESH => 'onRegistrationRefresh',
];
}
public function onProfileMapping(OAuthResourceEvent $event): void
{
$user = $event->getUser();
$resourceOwner = $event->getResourceOwner();
$ownerDetails = $resourceOwner->toArray();
$this->mapData($user, $ownerDetails);
}
public function onRegistrationMapping(OAuthResourceEvent $event): void
{
$user = $event->getUser();
$resourceOwner = $event->getResourceOwner();
$ownerDetails = $resourceOwner->toArray();
$this->mapData($user, $ownerDetails);
}
public function onRegistrationRefresh(OAuthResourceRefreshEvent $event): void
{
$user = $event->getUser();
$resourceOwner = $event->getResourceOwner();
$ownerDetails = $resourceOwner->toArray();
$user->setUserName($ownerDetails['name']);
// ATTENTION! You need to inform event about changes!
$event->setHasChanged(true);
}
protected function mapData(UserInterface $user, array $ownerDetails): void
{
if (empty($user->getEmail()) && isset($ownerDetails['email'])) {
$user->setEmail($ownerDetails['email']);
}
if (empty($user->getUserName()) && isset($ownerDetails['name'])) {
$user->setUserName($ownerDetails['name']);
}
}
}
```
--------------------------------
### Listing Query Injection Example
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/230_RestrictListing.md
Demonstrates how to inject restrictions into listing queries for Data Objects, Documents, and Assets using the `onCreateQueryBuilder` method.
```php
onCreateQueryBuilder(function (QueryBuilder $query) use ($restrictionQuery, $listing) {
$restrictionQuery->addRestrictionInjection($query, $listing);
});
dump($listing->getObjects());
# Documents
$listing = new Model\Document\Listing();
$listing->setLimit(10);
$listing->onCreateQueryBuilder(function (QueryBuilder $query) use ($listing, $restrictionQuery) {
$restrictionQuery->addRestrictionInjection($query, $listing, 'id');
});
dump($listing->getDocuments());
# Assets
$listing = new Model\Asset\Listing();
$listing->setLimit(10);
$listing->onCreateQueryBuilder(function (QueryBuilder $query) use ($listing, $restrictionQuery) {
$restrictionQuery->addRestrictionInjection($query, $listing, 'id');
});
dump($listing->getAssets());
}
```
--------------------------------
### Statements Example
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/230_RestrictListing.md
Shows how to check element restriction status using statements if SQL query modification is not feasible.
```php
container->get(RestrictionManager::class)->getElementRestrictionStatus($element);
if($restriction->getSection() === RestrictionManager::RESTRICTION_SECTION_ALLOWED) {
//allowed!
}
```
--------------------------------
### Check Role in Controller
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/90_Roles.md
Example of how to check if a user has a specific role within a controller action.
```php
denyAccessUnlessGranted('ROLE_MEMBERS_MODERATOR', null, 'Unable to access this page!');
}
}
```
--------------------------------
### Generate Protected Asset Package URL (PHP)
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/240_AssetProtection.md
Example of generating a temporary zip file URL for multiple protected assets using generateAssetPackageUrl().
```php
restrictionUri = \MembersBundle\Security\RestrictionUri $restrictionUri;
//these assets need to be protected!
$download1 = \Pimcore\Model\Asset::getById(1);
$download2 = \Pimcore\Model\Asset::getById(2);
$packageData = [
['asset' => $download1],
['asset' => $download2]
];
$downloadLink = $this->restrictionUri->generateAssetPackageUrl($packageData, true);
//since the second argument is set to TRUE, the link will only available if the current user is correctly authenticated.
//$downloadLink for users with same group restrictions: 'domain.com/members/request-data/W3siZiI6NiwicCI6ZmFsc2V9XQ'
//$downloadLink for guest users: ''
```
--------------------------------
### Generate Protected Asset Download URL (PHP)
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/240_AssetProtection.md
Example of generating a protected download URL for a single asset using the RestrictionUri service.
```php
restrictionUri = \MembersBundle\Security\RestrictionUri $restrictionUri;
//this asset needs to be a protected one!
$download = \Pimcore\Model\Asset::getById(1);
$downloadLink = $this->restrictionUri->generateAssetUrl($download);
//$downloadLink: domain.com/members/request-data/W3siZiI6NiwicCI6ZmFsc2V9XQ
```
--------------------------------
### Add SSO Identity Relation Field Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/20_Installation.md
JSON configuration snippet to add the SSO Identity relation field to a user class definition.
```json
{
"fieldtype": "manyToManyObjectRelation",
"width": "",
"height": "",
"maxItems": "",
"queryColumnType": "text",
"phpdocType": "array",
"relationType": true,
"visibleFields": "key",
"optimizedAdminLoading": false,
"visibleFieldDefinitions": [],
"lazyLoading": true,
"classes": [
{
"classes": "SsoIdentity"
}
],
"pathFormatterClass": "",
"name": "ssoIdentities",
"title": "SSO Identities",
"tooltip": "",
"mandatory": false,
"noteditable": false,
"index": false,
"locked": false,
"style": "",
"permissions": null,
"datatype": "data",
"invisible": false,
"visibleGridView": false,
"visibleSearch": false
}
```
--------------------------------
### Generate Protected Asset Package URL (Twig)
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/240_AssetProtection.md
Twig extension example for generating a protected download URL for a package of assets.
```twig
{# generate link #}
download protected package
{# generate protected link only if content is available for current user #}
{{ dump(members_generate_asset_package_url([12,40], true)) }}
```
--------------------------------
### Generate Protected Asset URL (Twig)
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/240_AssetProtection.md
Twig extension example for generating a protected download URL for a single asset.
```twig
{# generate link #}
download protected file
{# generate protected link only if content is available for current user #}
{{ dump(members_generate_asset_url(12, true)) }}
```
--------------------------------
### Build Navigation with Members Bundle
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/210_RestrictedNavigation.md
Example of how to use the members_build_nav twig extension to build secure menus, ensuring restricted pages are not displayed. It also handles navigation cache strategy.
```twig
{% set nav = members_build_nav({
active: currentDoc,
root: documentRootDoc
}) %}
{{ pimcore_render_nav(nav, 'menu', 'renderMenu', { maxDepth: 2 }) }}
```
--------------------------------
### IdentityStatusProfileCompletionEvent
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/32_IdentityStatusListener.md
An example listener for the OAUTH_IDENTITY_STATUS_PROFILE_COMPLETION event. This event can be used to change the status definition for whether an SSO-only user can access the completion profile route. By default, a user can complete their profile if no password has been set.
```php
'onDispatch'
];
}
public function onDispatch(OAuthIdentityEvent $event): void
{
$user = $event->getIdentity();
// this is just an example
if (!empty($user->getUsername())) {
// this will prevent the user deletion
$event->setIdentityDispatchStatus(false);
}
}
}
```
--------------------------------
### IdentityStatusDeletionEvent
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/32_IdentityStatusListener.md
An example listener for the OAUTH_IDENTITY_STATUS_DELETION event, which can be used to change the deletion status of an SSO Identity. This event triggers if the identity clean-up task is enabled.
```php
'onDispatch'
];
}
public function onDispatch(OAuthIdentityEvent $event): void
{
$user = $event->getIdentity();
// this is just an example
if (!empty($user->getLastLogin())) {
// this will prevent the user deletion
$event->setIdentityDispatchStatus(false);
}
}
}
```
--------------------------------
### Instant Login Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/11_IntegrationTypes.md
YAML configuration for enabling OAuth and setting the activation type to 'instant'.
```yaml
members:
oauth:
enabled: true
activation_type: 'instant'
```
--------------------------------
### Login via Profile Completion Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/11_IntegrationTypes.md
YAML configuration for enabling OAuth and setting the activation type to 'complete_profile'.
```yaml
members:
oauth:
enabled: true
activation_type: 'complete_profile'
```
--------------------------------
### Default Email Paths
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/70_EmailConfiguration.md
Configuration for default email paths.
```yaml
members:
emails:
default:
register_confirm: '/email/register-confirm'
register_confirmed: '/email/register-confirmed'
register_password_resetting: '/email/password-reset'
admin_register_notification: '/email/admin-register-notification'
```
--------------------------------
### Enable Preview Confirmation
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/60_RegistrationTypes.md
Configuration to enable a 'preview confirmation' page to prevent unintended automatic activations due to email provider prefetching.
```yaml
members:
enable_preview_confirmation: true # default is false
```
--------------------------------
### Members User Adapter Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/300_CustomerDataFw.md
Defines the class name for the members user adapter.
```yaml
members:
user:
adapter:
class_name: 'MembersCustomer'
```
--------------------------------
### Site-based Mail Templates
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/70_EmailConfiguration.md
Configuration for site-specific email templates, with a default fallback.
```yaml
members:
emails:
# if no site gets found, the default stays as fallback.
default:
register_confirm: '/{_locale}/email/register-confirm'
register_confirmed: '/{_locale}/email/register-confirmed'
register_password_resetting: '/{_locale}/email/password-reset'
admin_register_notification: '/{_locale}/email/admin-register-notification'
sites:
-
main_domain: 'your-domain1'
emails:
register_confirm: '/domain1/email/register-confirm'
register_confirmed: '/domain1/email/register-confirmed'
register_password_resetting: '/domain1/email/password-reset'
admin_register_notification: '/domain1/email/admin-register-notification'
-
main_domain: 'your-domain2'
emails:
register_confirm: '/domain2/{_locale}/email/register-confirm'
register_confirmed: '/domain2/{_locale}/email/register-confirmed'
register_password_resetting: '/domain2/{_locale}/email/password-reset'
admin_register_notification: '/domain2/{_locale}/email/admin-register-notification'
```
--------------------------------
### Add Default Groups to new User
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/80_Groups.md
Configuration to add default groups to a new user upon successful registration.
```yaml
members:
user:
initial_groups:
- 'Group 1' # via group name
- 22 # via id
```
--------------------------------
### Add Roles Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/90_Roles.md
Configuration snippet to add a new role hierarchy in config/config.yaml.
```yaml
security:
role_hierarchy:
ROLE_MEMBERS_MODERATOR: [ROLE_USER]
```
--------------------------------
### Include all Routes
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/README.md
Include all routes provided by the MembersBundle in your config/routes.yaml.
```yaml
#config/routes.yaml
app:
resource: '@MembersBundle/config/pimcore/routing/all.yaml'
```
--------------------------------
### Clean Up Expired Tokens Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/31_Listener.md
Configuration to enable the clean-up of expired identities based on the 'expiresAt' field.
```yaml
members:
oauth:
clean_up_expired_tokens: true
```
--------------------------------
### Custom Class Names Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/20_ClassCustomization.md
Configuration to set custom class names for user, group, and SSO identity classes.
```yaml
members:
# for the user class
user:
adapter:
class_name: 'customer' # default was 'MembersUser'
# for the group class
group:
adapter:
class_name: 'group' # default was 'MembersGroup'
# for the sso identity class
# only available if you're using the SSO feature
sso:
adapter:
class_name: 'identity' # default was 'SsoIdentity'
```
--------------------------------
### Clean Up Expired Tokens by TTL Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/31_Listener.md
Configuration to enable the clean-up of expired identities based on a Time-To-Live (TTL) in seconds.
```yaml
members:
oauth:
clean_up_expired_tokens: true
expired_tokens_ttl: 86400
```
--------------------------------
### Mail Localization
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/70_EmailConfiguration.md
Configuration for localizing email paths using the {_locale} fragment.
```yaml
members:
emails:
default:
register_confirm: '/{_locale}/email/register-confirm'
register_confirmed: '/{_locale}/email/register-confirmed'
register_password_resetting: '/{_locale}/email/password-reset'
admin_register_notification: '/{_locale}/email/admin-register-notification'
```
--------------------------------
### Include some Routes
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/README.md
Include only specific routes, such as authentication routes, from the MembersBundle.
```yaml
#config/routes.yaml
members_auth:
resource: '@MembersBundle/config/pimcore/routing/auth.yaml'
prefix: /{_locale}/members #change your prefix if you have to.
```
--------------------------------
### Custom Object Key Form Field Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/20_ClassCustomization.md
Configuration to define a form field whose value generates the Pimcore object key.
```yaml
members:
user:
adapter:
object_key_form_field: 'username' # default was 'email'
```
--------------------------------
### General Registration Type Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/60_RegistrationTypes.md
Configuration options for setting the post-registration type and related notification settings.
```yaml
members:
# choose between 'confirm_by_mail', 'confirm_by_admin', 'confirm_instant'
post_register_type: 'confirm_by_mail'
#optional: see "Confirm by Mail"
send_admin_mail_after_register: false
#optional: see "Confirm By Admin"
send_user_mail_after_confirmed: false
```
--------------------------------
### List available social connectors
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/30_TwigExtensions.md
This snippet shows how to list all available social connectors by calling `members_oauth_social_links()`, ensuring OAuth is enabled first.
```twig
{% if members_system_oauth_enabled() == true %}
{% set social_route_name = 'members_user_security_oauth_login' %}
{% set skip_connected_identities = false %}
{% dump(members_oauth_social_links(social_route_name, skip_connected_identities)) %}
{% endif %}
```
--------------------------------
### Navigation with Page Callback
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/210_RestrictedNavigation.md
Demonstrates using the pageCallback parameter with members_build_nav to set custom data to the navigation document. The ElementRestriction argument is also passed to the callback.
```twig
{% set nav = members_build_nav({
active: document,
root: rootPage,
pageCallback: navigation_callback()
}) %}
```
--------------------------------
### CMF Customer Class Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/300_CustomerDataFw.md
Defines the Pimcore class to be used for CMF customers.
```yaml
pimcore_customer_management_framework:
general:
customerPimcoreClass: MembersCustomer
```
--------------------------------
### Configuration for Custom Form Types
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/50_CustomFormTypes.md
This YAML configuration demonstrates how to override default form types with custom ones in `config/config.yaml`. It shows the mapping of form names to their respective types and validation groups.
```yaml
members:
relations:
login:
form:
type: MembersBundle\Form\Type\LoginFormType
name: members_user_login_form
validation_groups: [Login, Default] # or instance of \MembersBundle\Validation\ValidationGroupResolverInterface
profile:
form:
type: MembersBundle\Form\Type\ProfileFormType
name: members_user_profile_form
validation_groups: [Profile, Default] # or instance of \MembersBundle\Validation\ValidationGroupResolverInterface
change_password:
form:
type: MembersBundle\Form\Type\ChangePasswordFormType
name: members_user_change_password_form
validation_groups: [ChangePassword, Default] # or instance of \MembersBundle\Validation\ValidationGroupResolverInterface
registration:
form:
type: App\Form\Type\RegistrationFormType
name: members_user_registration_form
validation_groups: [Registration, Default] # UsernameOnlyRegistration, EmailOnlyRegistration, or instance of \MembersBundle\Validation\ValidationGroupResolverInterface
resetting_request:
form:
type: MembersBundle\Form\Type\ResettingRequestFormType
name: members_user_resetting_request_form
validation_groups: [ResetPassword, Default] # or instance of \MembersBundle\Validation\ValidationGroupResolverInterface
resetting:
token_ttl: 86400
form:
type: MembersBundle\Form\Type\ResettingFormType
name: members_user_resetting_form
validation_groups: [ResetPassword, Default] # or instance of \MembersBundle\Validation\ValidationGroupResolverInterface
delete_account:
form:
type: MembersBundle\Form\Type\DeleteAccountFormType
name: members_user_delete_account_form
validation_groups: [DeleteAccount, Default] # or instance of \MembersBundle\Validation\ValidationGroupResolverInterface
```
--------------------------------
### Check if profile completion is allowed
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/30_TwigExtensions.md
This snippet demonstrates how to check if a newly registered SSO user can proceed to the profile completion route using `members_oauth_can_complete_profile()`.
```twig
{% if members_system_oauth_enabled() == true %}
{% if members_oauth_can_complete_profile() == true %}
{# do something funky #}
{% endif %}
{% endif %}
```
--------------------------------
### Public Asset Path Protection .htaccess Rules
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/200_Restrictions.md
Configuration for the public .htaccess file to protect assets within the /restricted-assets folder.
```apacheconf
# add this at the top in public/.htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST}==%{HTTP_REFERER} !^(.*?)==https?://\1/admin/ [OR]
RewriteCond %{HTTP_COOKIE} !^.*pimcore_admin_sid.*$ [NC]
RewriteRule ^restricted-assets/.* - [F,L]
RewriteRule ^var/.*/restricted-assets(.*) - [F,L]
RewriteRule ^cache-buster-[\d]+/restricted-assets(.*) - [F,L]
```
--------------------------------
### SQL Explanation for Expired Date
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/31_Listener.md
SQL query to select entities where 'expiresAt' is not null and is in the past.
```mysql
SELECT entites WHERE expiresAt IS NOT NULL AND expiresAt < NOW();
```
--------------------------------
### Enable Public Asset Path Protection
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/200_Restrictions.md
Enables protection for public asset paths, preventing unauthorized access to assets like thumbnails.
```yaml
members:
restriction:
enabled: true
enable_public_asset_path_protection: true
```
--------------------------------
### SQL Explanation for Expired by TTL
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/31_Listener.md
SQL query to select entities where the creation date is older than the specified TTL.
```mysql
SELECT entites WHERE o_creationDate < (UNIX_TIMESTAMP() - $TTL);
```
--------------------------------
### SSO Registration Type Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/60_RegistrationTypes.md
Configuration option for defining the post-registration type specifically for SSO (OAuth) registrations.
```yaml
members:
# choose between 'confirm_by_mail', 'confirm_by_admin', 'confirm_instant'
post_register_type_oauth: 'confirm_instant'
```
--------------------------------
### Enable Object Restriction
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/200_Restrictions.md
Enables restriction for specific object types by listing them in 'allowed_objects'.
```yaml
members:
restriction:
enabled: true
allowed_objects:
- 'NewsEntry'
- 'YourObjectName'
```
--------------------------------
### Global Restriction Check Helper
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/200_Restrictions.md
PHP code to retrieve restriction status information for a given document, object, or asset using the RestrictionManager.
```php
container->get(RestrictionManager::class)->getElementRestrictionStatus($element);
//get restriction group ids
echo $restriction->getRestrictionGroups();
//get section
echo $restriction->getSection();
//get state
echo $restriction->getState();
```
--------------------------------
### Event Listener Implementation
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/220_RestrictedRouting.md
PHP code for the RestrictedStaticRouteListener that listens for the StaticRouteEvent and binds the relevant object to the event if conditions are met.
```php
'checkStaticRoute'
];
}
public function checkStaticRoute(StaticRouteEvent $event): void
{
$request = $event->getRequest();
if($event->getRouteName() === 'news_detail') {
$newsObject = News::getById($request->attributes->get('newsId'));
if($newsObject instanceof News) {
//bind your object to the event. that's it.
$event->setStaticRouteObject($newsObject);
}
}
}
}
```
--------------------------------
### Check if OAuth is enabled
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/SSO/30_TwigExtensions.md
This snippet demonstrates how to check if the OAuth system is enabled using the `members_system_oauth_enabled()` function.
```twig
{% if members_system_oauth_enabled() == true %}
{# oauth is enabled #}
{% endif %}
```
--------------------------------
### Auth Identifier Only for Registration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/10_AuthIdentifier.md
This snippet demonstrates how to configure the registration form to only include the 'auth_identifier' field when 'only_auth_identifier_registration' is set to true.
```yaml
members:
user:
only_auth_identifier_registration: true
```
--------------------------------
### Enable Restriction Globally
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/200_Restrictions.md
Enables the restriction feature globally by setting 'enabled' to true in the members configuration.
```yaml
members:
restriction:
enabled: true
```
--------------------------------
### Service Configuration
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/220_RestrictedRouting.md
YAML configuration to register the MembersStaticRouteListener as a service and an event subscriber.
```yaml
App\EventListener\MembersStaticRouteListener:
tags:
- { name: kernel.event_subscriber }
```
--------------------------------
### Configure Auth Identifier
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/10_AuthIdentifier.md
This snippet shows how to configure the MembersBundle to use the 'email' field as the authentication identifier instead of the default 'userName'.
```yaml
members:
user:
auth_identifier: 'email' # can be "username" (default) or "email"
```
--------------------------------
### Navigation Callback Function
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/210_RestrictedNavigation.md
PHP code for a Twig extension that provides a navigation_callback function. This function returns a closure that can be used in Twig to set custom settings on navigation documents.
```php
setCustomSetting('key', $page->getKey());
}
};
}
}
```
--------------------------------
### Retrieve Custom Setting
Source: https://github.com/dachcom-digital/pimcore-members/blob/master/docs/210_RestrictedNavigation.md
Twig code to retrieve a custom setting that was previously set on a navigation page using the pageCallback.
```twig
{{ page.getCustomSetting('key') }}
```
=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.