marcus

Haven't found the time to install it and fiddle with it yet - but this looks exactly like the module I was describing in the original post, including solution via sub tree with references. Thanks!

They appear to have reconsidered

I see, this one needs a whole lot of cooking before it gets into the recipe book

Nice one! For larger installations and/or a larger set of roles this will really be a boost. As for naming, I'd root for "Permissions Overview"

What about using user roles for this scenario instead?

Here's a link to said site profiles. Though not intending to showcase best practices or certain approaches, you can find http://processwire-recipes.com's code (almost completely) here on GitHub. As LostKobrakai said, many template approaches are possible, one of them is to use Twig, and this installation does.

I see this approach is also loosely based on my GitHub Login "fork" of apeisas FB module Can you debug what is returned from... $ghUserData = json_decode(file_get_contents($access_url, false, $context)); ...and if $ghUserData contains the Google Mail address in the first place? That was the approach, to get a value (above its the GitHub Id) from the JSON and persist it on a certain user as a field value. Theoretically this should work as well with the email, which would then become $u->email. Also, this... // Add stream context $options = array('http' => array('user_agent'=> $_SERVER['HTTP_USER_AGENT'])); $context = stream_context_create($options); ...was somehow necessary for GH, but not in apeisas original module. It's quite interesting how often apeisas module appeared here lately. Screams for a generic OAuth2 module, doesn't it? // edit: It seems that the "grabs first user, changes their password, logs them in" phenomenon has its cause here: public function processLogin($ghUserData) { $id = $ghUserData->id; // (1) $u = $this->users->get("google_id=$id"); // (2) // First we create random pass to use in login $uniqid = uniqid(); $pass = sha1($uniqid . $id . $ghUserData->updated_at); // User has logged in earlier with Google id, great news let's login if ($u->id) { // (3) $u->of(false); $u->pass = $pass; // (4) $u->addRole(self::name); $u->save(); } Assumptions: (1) is empty/null (2) possibly translates as ->get() = ->first(), so returns first user (3) this is true, but the wrong user id (4) overwrite first users password // edit2: Your thread got me tweaking my GitHub Login module a little bit. I learned that I can only retrieve the (GitHub) user's email if its set to 'public'. Maybe thats similar in Google's API - either you aren't able to get the email at all, or it has to explicitly set as public. However, I think you have to solve said "phnomenon" first.