Overview
with this update of BwPostman TimeControl come some basic changes.
The plugin and the events are changed to Joomla! 4 native. That means, that BwPostman TimeControl 2.0.0 doesn't work with Joomla! 3 anymore. But therefore it is future-proof and now works with Joomla! 5. Nevertheless the update to version 2.0.0 should take place with Joomla! 4, an update at Joomla! 5 is only possible with a workaround.
Next the authentication at start of the cron server has changed from username/password to authentication by Joomla API Token. That means, that the password of the user, who shall send the newsletters by cron server, is obsolete. Instead one has to create a Joomla API Token for this user.
To be able to work with the API, which BwPostman provides, another plugin BwPostman Webservices Plugin is needed, which is delivered with BwPostman since version 4.3.0, including the needed routes for the API and their processing. For this BwPostman has to be updated to version 4.3.0 before updating BwPostman TimeControl, if not done so.
Steps needed for the update:
- Login for the update to backend as usual. If the cron server is started, stop it.
- Update BwPostman to version 4.3.0.
- Update BwPostman TimeControl to version 2.0.0, and only then - if desired - update Joomla! to version 5.
But the update to Joomla! 5 is not necessary for the function of BwPostman and BwPostman TimeControl, both also still work with Joomla! 4. - Ensure the Joomla!-Plugin API Authentication - Web Services Joomla Token is activated.
With this the authentication by API is basically enabled for this Joomla! installation. - Ensure the plugin BwPostman Webservices Plugin is activated.
With this the API of BwPostman is activated. The plugin should be activated automatically while updating BwPostman TimeControl. - Assign the user, which is entered at the options of the plugin BwPostman TimeControl, to the Joomla! user group "Super Users".
- Logout from backend and login at backend as the user, which is entered at the options of the plugin BwPostman TimeControl, to be able to create the Joomla API Token for this user.
- Edit this user and save. While saving the user the token is created automatically by Joomla!.
- Logout from backend and login to backend as usual, test, ready.
Why has the user, which shall start the cron server, has to be Super User?
Basically it would suffice, if the user, who shall send the newsletters by cron server, is able to operate for the maintenance of BwPostman and send newsletters. But for this the user has to authenticate at the back end. Joomla! currently does not offer the possibility to authenticate by API for other user groups than Super Users. Thus the user for the cron server has to be added to this user group, hopefully ephemeral.
Why login to backend as user, that shall start the cron server in between?
That is a question of security. The token, with that one authenticates by API, has the same level as a password. A password should not be known by anyone but the specific user, not even a Super User. If the token is created, it is displayed at the tab to be able to copy it if necessary. For that reason Joomla! has restricted the creation of a token to the specific user.
For BwPostman TimeControl it is not necessary to make a note of this token. BwPostman TimeControl works out of this Joomla! installation, even if the authentication to start the cron server works by API. So for BwPostman TimeControl the possibility exists to get the token automatically.