Need To hack The Edit Properties of Concrete5! Hackers Needed!

Permalink
Hi Hack-Specialists!

I am working on a university based project, where students as part of an assessment process for one of their modules, will be required to upload a video sample to a secure location that the academic can access and feedback on.

We have decided on creating the C5 CMS; as this will offer the academics much more in terms of teaching and learning for distance learning students - with adding new pages, integrating content and generally treating it like a mini LMS.

With this C5 CMS in mind, the objective is to create secure section of the site where registered students can upload the video via a youtube url (Youtube Block), thus not risking issues of massive file uploads and strain on server space etc to their individual profile pages. Basic tutorials will be added to the CMS to help them add the content when they need to.

So far using a snippet of code:


<?php
$profile_area = 'Profile Area ' . $profile->getUserID();
$a = new Area($profile_area);
$a->display($c);
?>


I have added this to the view.php within the Single Pages Directory, making each profile page editable but when the content is added, it is individual to the registered user. So I'm 90% there.

However, with testing, when two users are trying to add a video to the profile page (with it being a shared page on the CMS by default) they have to wait until that user has finished editing. We have 500 users wanting to complete this task and this could create a massive bottle neck for users and a disaster for the academics.

With this page being the only page that students can edit via the toolbar thanks to group permissions, page permissions, block permissions etc, my thinking is to switch off the one-person-only editing aspect of the CMS; as the other pages on the site will be edited by the academic and only the academic. Is there an element of the DB/ file directories within the CMS where I can change this? Or is there a better way of doing it?

If so, what would that better way be and where can I look to make the necessary amendments to the page?

I hope this gives enough detail on my requirements.

Best wishes,

Ben.

PortobellaRain
 
Mainio replied on at Permalink Reply
Mainio
Probably an easier way to do this without any core hacks would be to use an individual stack for each member of the site. This shows you how to display the stack programmatically:
https://www.concrete5.org/documentation/how-tos/developers/concrete5...

However, it seems that you understand why the editing is disabled for multiple users at the same time, so it might be safe to give you pointers on how to do it. However, anyone else reading this, I want to emphasize that THIS IS NOT something you usually want to do. You might mess up the whole content of the site if you disable this functionality since only the latest version of the page is preserved if two users are editing the same page at the same time.

You can do this if you copy this file:
/concrete/tools/page_controls_menu_js.php

And place it here:
/tools/page_controls_menu_js.php

Once done, clear the site's cache and then open the copied file and search for a variable named: $cantCheckOut

That will guide you to the right track. I've not tested this, so I'm not sure if there is something else you need to do but at least by looking at the code, it should do the trick.
WebcentricLtd replied on at Permalink Reply
just thought I'd chip in here, Could this method be made safer by only including that section of code in page_controls_menu.js if the cID does not equal the cID of the profile page?
Mainio replied on at Permalink Reply
Mainio
Yes, definitely.
PortobellaRain replied on at Permalink Reply
PortobellaRain
Mainio & Andy,

thank you, I've been looking for this file, so thank you very much for the response.

I know this is a bit of Dark Arts Development, but this requirement is really specific.

I'll take a look at this and let you know how I get on.

Ben.
PortobellaRain replied on at Permalink Reply
PortobellaRain
Hi Folks,

found: $cantCheckOut - in the page_controls_menu.js.php

having worked on several strategies to over ride the variable to allow mulitiple editors on the page, I have come up empty handed.

can add some php higher up the code:

if (isset($cp)) {

$u = new User();
$username = $u->getUserName();
$vo = $c->getVersionObject();

if ($c->isCheckedOut()) {
if (!$c->isCheckedOutByMe()) {
$cantCheckOut = true;

}
}

to bypass this section, but allow for users to enter into edit mode?
WebcentricLtd replied on at Permalink Reply
if (isset($cp)) {
 $u = new User();
 $username = $u->getUserName();
 $vo = $c->getVersionObject();
 if ($c->isCheckedOut()) {
 if (!$c->isCheckedOutByMe()) {
 //$cantCheckOut = true;
 }
 }


Does it do what you want if you just comment out as above?
WebcentricLtd replied on at Permalink Reply
if you are going to do this I would look in the database and find the cID of your profile page (you should be able to find it in the Pages table) and put a check in there so you only avoid the check out if it is the profile page that the edit request occurs on.
PortobellaRain replied on at Permalink Reply
PortobellaRain
Hi Andy,

I will give this a go and see if this works.

I think the page ID is 113, so will make sure the database is dealt with too.

Thanks.
WebcentricLtd replied on at Permalink Reply
hi,
you don't need to deal with anything in the database.
If commenting out that line works - I'll post some code afterwards which will check the cID and compare it to the cID of your profile page.
PortobellaRain replied on at Permalink Reply
PortobellaRain
Hi Andy,

I thought I might have tried this today and it hasn't allowed me to edit the pages in two separate accounts.

I'll keep chipping away, any other suggestions would be welcomed.

Ben.
WebcentricLtd replied on at Permalink Reply
did you clear the cache?
PortobellaRain replied on at Permalink Reply
PortobellaRain
Yes, cleared the cache and the alert doesn't come up to let me know there is another person editing the page, but still doesn't give me access to edit the page from the other account.
Mainio replied on at Permalink Reply
Mainio
I actually initially thought that you would've been able to go forward with the few tips that I gave you. You probably don't want to go too deep in this matter looking at this thread.

Why you cannot enter the edit mode even now is because all pages are checked out by a user which is marked in the Pages table (cCheckedOutUID). This is why it does not let you edit the view because your other user's ID does not match that column.

However, even if you could bypass that, you will face another issue after another issue after another issue. So if you're not willing to spend a lot of time for it, I would strongly suggest going the stacks route, it's much simpler.

The problem even if you could hit the edit mode is that all changes are versioned, as I previously pointed out. This has the following problem:
- User A checks out your profile page
- A new version is created for that page, let's call it version 2
- User A edits the given area with its user specific name
- All changes to the user specific area are saved against version 2

Now at the same time:
- User B checks out your profile page
- A new version is created for that page, let's call it version 3
- User B edits the given area with its user specific name (i.e. different area than user B)
- All changes to the user specific area are saved against version 3

After this, user A publishes his/her changes. Version 2 goes live with the user specific area changes the user just did. All fine by now.

But, after that, user B publishes his/her changes right after. Version 3 goes live with the user specific area changes that user just did. All IS NOT fine at this point.

The problem is that user B checked out the page AFTER user A had started editing. This caused page version 3 to be created WITHOUT the changes user A was doing (because they did not exist when user B checked out the page).

This causes the page to only show the edits done by user B, and all changes done by user A are gone.

Might not be the clearest possible explanation but it's really not that clear of an issue either.

Hopefully this helps you see why it might be a bad idea if you don't have deep knowledge of the core or are willing to spend a lot of time solving it.
WebcentricLtd replied on at Permalink Reply
it's just occurred to me we might have done down the wrong track here.

It should be possible to add just a text attribute to the user object that your students enter their Youtube URL into.

Then you'd just need a modification of the profile page to embed that attribute into a standard youtube embed.
JohntheFish replied on at Permalink Reply
JohntheFish
I have been keeping an eye on this thread and have come to the same conclusion. Even if you can make the user specific areas work, only that user will ever be able to edit them and it will be inaccessible to admin.

If a truly editable page is needed, create a page for each user. With a little code that can be automated on registration and pre-populated from page defaults. Some of the registration and forms addons can do it all for you.

If the user supplied content follows a regular structure, a sort of fill in the form content, user attributes on the profile page are a simpler solution. They code to pull them into a single page or custom block is straight forward, or you could use Magic Data to adapt many enabled blocks to a specific user profile.
PortobellaRain replied on at Permalink Reply
PortobellaRain
Hi Guys,

thanks for all the responses. I am going to give this a few days to brew and begin working on an automated page that sits itself under the profile pages - hopefully with the assigned UserID page extensions, this should give the users access to edit whenever someone else is editing.

Thanks Mainio for pointing this out, with some thinking does with our developers, there has been a small light cast at the end of the tunnel.

Thanks and have a great Xmas & New Year!