|
Raycheal Murphy
|
October 4, 2013 at 8:03 pm
For the mobile ticketing app, my testing shows that any user can log into the app and scan a ticket’s QR code. Can this be changed to restrict the users that have access to login to the app? Example – can Admins ONLY log in to the app to control who is accepting tickets?
|
|
Dean
|
October 7, 2013 at 3:52 am
Hi,
What version of the Ticketing addon are you using? What app are you using(iOS or Android?) and what version is that?
By default, while any user can log into the app, only admins have access to the events and thus the scanning of tickets.
Currently access is by user role (admin etc) and can only be changed with a code edit.
|
|
Raycheal Murphy
|
October 7, 2013 at 9:28 am
I am using the iPhone app, version 2.1. I am also using this same app version on the iPad as I can’t get the JSON API to work correctly, so the iPad app version 1.6 won’t connect.
I use the WordPress Plugin s2Member Pro v130816 to handle my user registration. Members that signup through s2Member get set to a User Role of “Members” – a role that I believe we created and was not a default WordPress role. When accessing the Event Espresso iPhone app with the user credentials of a user who has the “Members” User Role, that user is able to scan and check in attendees to the event.
Ideally, I would like for the scanning/check in of attendees to ONLY be handled by users with a User Role of “Board Members” – another custom User Role setup by s2Member.
You say that this could be corrected through a code change – can you offer some direction on how this could be accomplished?
|
|
Dean
|
October 8, 2013 at 12:22 am
Hi,
Thanks for the information, I will get this looked into. In the meantime I would suggest double checking your Member roles capabilities to make sure they don’t have higher access than they need.
Members is not a WordPress default role.
We don’t recommend modifying core files, but if you still wish to, please see this thread – https://eventespresso.com/topic/limiting-who-can-scan/
Josh has a solution here, should you wish roles other than admin to scan https://eventespresso.com/topic/user-role-only-scanning/
|
|
Raycheal Murphy
|
October 22, 2013 at 8:05 pm
Dean,
Thanks for your response. (Sorry, I know it was a while ago)
I did try doing the code modification you offered as an option. After placing that code on the page, I was still able to login to and scan with the iPhone app (v2.1) with a user that has a member-level of “Members”.
Prior to doing this code change, I did not have the “espresso-services” add-on installed. I added that to allow for editing the code. I’m not sure if that has any importance to this at all.
What I’m wondering is if your point about the role capabilities isn’t the culprit – my Members account has more capabilities that it should. Do you know what capabilities the Event Espresso looks for to allow for scanning? I’m wondering if it’s one capability in particular that the app looks for and I could remove that from my Members user role and not jeopardize the other functions that these members are allowed access to.
http://codex.wordpress.org/Roles_and_Capabilities#Capability_vs._Role_Table
Though now that I say that, I’m wondering if that’s not the issue… I removed the core file modification I tried above, and logged into the iPhone app with a user who has a role of “Editor” – this being a default WordPress role. This user was able to login and scan without an issue. Is that normal?
|
|
Dean
|
October 23, 2013 at 5:16 am
Hi Nicole,
The espresso Services should only be needed if you are using an older version of the iPhone app or an Android phone. Newer versions of the iPhone app and the iPad app use the JSON API plugin.
As far as I can tell the ticketing add on is looking for the role/capability espresso_group_admin.
There is definitely something conflicting or wrong with your user set up if an editor can log in AND scan.
While they can log in, no data should be shown to them, making the app effectively useless to them.
|
|
Raycheal Murphy
|
October 23, 2013 at 6:38 am
Dean,
I just installed this plugin to try and get a better understanding of my users roles/capabilities.
With that, I’m not seeing the capability you mentioned (espresso_group_admin), or any others that relate to Event Espresso.
The Editor role has:
– read
– manage links
– moderate comments
– unfiltered html
– upload files
– access s2member level0
– access s2member level1
– access s2member level2
– access s2member level3
– access s2member level4
– email multiple users
– email single users
– email user groups
– email users notify
– Level 7
While the Members user has only:
– read
– access s2member level0
– access s2member level1
Both of these users have scanning ability in the app.
Is there configuration in the JSON API plugin that I may have missed?
Thanks.
|
|
Josh
|
October 24, 2013 at 2:46 pm
The key is to get the JSON API to work correctly. When you try to use the JSON API are there any errors that are thrown?
|
|
Raycheal Murphy
|
October 25, 2013 at 5:45 am
I get no response from the API.
Is there further configuration that I’m missing?
|
