Programmatically add user to site permissions using event listener

Dear Omeka S community,

We have a use case where we want to have a site’s content available to ( LDAP-)authenticated users only.
I found the module RestricedSites module that seems useful for this scenario.

With the RestrictedSites module, one should authorize users in the Site Settings - User permissions, giving them at least Viewer permission.

What I would like to achieve is that a LDAP-authenticated user is automatically authorized for the site.
In other words, I would like to make use of the ‘ldap.user.create.pre’ event and attach a listener that assigns the respective user the site’s Viewer role.

This is my current code in Module.php:

public function attachListeners(SharedEventManagerInterface $sharedEventManager) {

	  //The class identifier that triggers the event:  
	  // The named event identifier to listen to:  
	  // Any callback for the event (= action to take when the event occurs)  
        function () { 
          $logger = $this->getServiceLocator()->get('Omeka\Logger');
          $logger->info("Successfully attached to the event 'ldap.user.create.pre'");

//          TODO: Give the current user Viewer role on the site permissions 



At this stage I am not sure how to proceed. Is there already a class-method that I can use at this place? Should I create my own function?
Any help is appreciated.

Thank you very much.
Best regards,
Maarten Coonen, Maastricht University Library

Modifying site permissions happens, like many things in Omeka S, using the API. So you’d get the API manager object and issue a request to update the site you want to grant permissions to, using the o:site_permission key to define the permission you want to grant.

Though, you could also do it directly against the database using Doctrine: get the Site entity and add a new SitePermission entity to its sitePermissions array.

I was thinking I’d suggest just changing the ACL instead so all the roles that require login have access, but it looks like RestrictedSites doesn’t really use the ACL for this, it just checks for the site permission/role directly.

Thank you John!
We will try out the API approach and will report back here.


Hi all,
I’m just dropping by to reply to my own post and report that we did not continue developing this event listener code that would make the API calls.

The reason for that is that we stopped using the RestrictedSites module, as it does not fulfill our needs. The RestrictedSites module makes the site itself restricted, but all its items and media are still public and available to unauthenticated users via the Omeka S API.

To achieve our goal of restricting the site’s contents, we have put the entire Omeka S instance behind a proxy server, that handles the authentication outside of Omeka S.

Best regards,
Maarten Coonen

This topic was automatically closed 250 days after the last reply. New replies are no longer allowed.