Facebook Sub-Site Permissions

Hi,

I still don’t understand how this plugin works as far as the permissions and settings for sub-sites.

No matter what I set in the Network options, my Facebook API credentials are visible to sub-site admins. And, in the auto-post section, the dropdown menu shows all Facebook pages associated with my apps. Of course I don’t want sub-site users to have the ability to auto-post to my own Facebook pages.

Can someone please explain how to set this up so sub-site users have their own sets of permissions that don’t include the ability to see my API credentials or post to my pages?

Thanks,

Mark

  • thaibluesky
    • WPMU DEV Initiate

    There is an issue when people are using the same pc, like in an internet cafe or even the same home computer.

    If a person has an account registered at the site and decides to login with the facebook account, loads in the data from facebook and then declines – meaning did not login

    and a second person uses the same pc and browser and registers with facebook account something unacceptable happens:

    the second person is logged into the user account of the first person

    Message You are logged in already. No need to register again!

    We tested it further and closed the browser, cleared the cache and cookies. Yet after seeing the having vconfirmed the facebook account at http://forum.portico-bangkok.com/register/?fb_registration_page=1

    We are forwarded to the registration page at http://portico-bangkok.com/wp-login.php which we do not use. Clicking the back button logged me again in into the account of the first user that fetched all data from facebook and then closed the popup-window.

    Each of the two sites have own registration as not everybody wants classifieds scattered over the screen or looks for bargains and those that place adds do not want to necessarily use the forum. So we separated the users yet they all can login at the two sites with the same credentials and have on each site the data that is necessary to rent out their house on one site or make friends on the other.

    I would very much appreciate if you could take a look at it, also for your own sake.

    http://forum.portico-bangkok.com

    We cleared the browser cache yet IE9 repeated this again. It looks like data is saved and not killed when first user does not go through with the registration.Not in the browser but in WORDPRESS. Which in my opinion is a heavy security risk.

    This is buddypress default templates installation on wp 3.1.3 on a subdomain in a MU environment.

    I also wonder how the “Login with Facebook” in the topbar can be moved (surrounded by <p> tags without a css class) to the sidebar.

    And we also have the same issue like wpcdn has:

    site admin can view the settings of network admin’s app.

    The options should be configurable for each site – such as Network admin settings could be for the main site only or not visible to site admins as this is personal information.

    It could very well be that site admin of other blogs would like to have their users go to their own facebook page – right, which could be in the category Lifestyle when the main site is in the category Business – or not?

    For the rest I was impressed fetching data and connecting to facebook worked smoothly.

    On Events Manager page (plugin by Marcus) however the like and send button do not show when entered with shortcode, yet votes is displayed.

    Cheers and keep up the good work

  • Vladislav
    • Dead Eye Dev

    Hi,

    If I understand the issue correctly (please, correct me if I’m wrong), the problem is with the user remaining logged in to Facebook. From what I understand, the first user (the one that fetched the Facebook data and closed the popup) logged into Facebook, but didn’t log out afterwards, so the next user on the same machine and browser was able to use his login?

    As for clearing the cache in IE, it is possible that not all cookies have been removed in the process – I’m not 100% sure about IE9, but IE8 had a feature to “Preserve Favorites website data” (enabled by default), which will preserve cookies for your bookmarked sites. If this (or IE9 equivalent for that option) was enabled, it’s possible that the cookies for either site (or both WP and FB) remained.

    In the latest release (v1.0.5, just released) there are some changes under the hood, particularly to the registration process. In case I totally misunderstood the issue, can you please give it a go and see if it changes anything in the scenario?

    Also, in this release there is a new option in plugin settings, under “Facebook API” section, available only to network admins, labeled “Allow sub-sites to use these credentials”. If disabled, this option will prevent the API credentials propagation to the subsites, and the site admins will have to create and use their own apps.

  • wpcdn
    • Syntax Hero

    Hi,

    The login issue is not what I have been asking about. I’ve been asking about the fact that sub-site admins see the drop-down list of the Super Admin’s Facebook pages. This is not how it should be. I’ve asked about this several times, but no one has explained how to keep this from happening.

    I’ve tried every possible setting in the Network settings, for example whether to override sub-sites’ API info or to let the sub-site info prevail on the sub-sites.

    Please answer this and let me know how I can keep sub-site admins from being able to access my pages in the drop-down list in the settings.

    Thanks,

    Mark

  • wpcdn
    • Syntax Hero

    Also, in this release there is a new option in plugin settings, under “Facebook API” section, available only to network admins, labeled “Allow sub-sites to use these credentials”. If disabled, this option will prevent the API credentials propagation to the subsites, and the site admins will have to create and use their own apps.

    I replaced the previous version with the latest release of the plugin, but on sub-sites I can still see the credentials even with that checkbox off. Is there any way to “reset” this?

  • thaibluesky
    • WPMU DEV Initiate

    API credentials propagation to the subsites, and the site admins will have to create and use their own apps.

    We first have to built another App to see if this works well – yet I am very happy about this improvement.

    As now e can have two apps for the two sites.

    I will keep you updated.

    About the login issue – we will run another test as we have upgraded the script

    Picture this:

    2 people on 2 different pc’s – connected by the hub to the net – one is registered admin the other one not a member yet.

    1st

    Admin tests the login with facebook – when the screen pops up to grant the rights to fetch his stuff from facebook he declines and goes for coffee.

    2nd.

    new user registers with facebook login – grants the site the rights to import from facebook – and is logged in as the admin who has just left for the coffee -> 8-[

  • Philip John
    • DEV MAN’s Apprentice

    Hiya,

    As we haven’t heard back from you we’re going to assume the problem was sorted out and mark this ticket as resolved.

    If it wasn’t resolved, or you have any more questions related to this thread please feel free to post them below and tick the ‘Mark as Not Resolved (re-open)’ box below the post area (or else we’ll miss it!)

    Otherwise, thanks for using the forums, and for being a member of WPMU DEV, it’s a pleasure to help you out and we look forward to being of assistance in the future.

    Thanks!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.