Is there an alternative module or way that I can query a drupal database to return results from a table for example, the users table, and have the search results visible even for anonymous users? I have tried using the views module but only a logged in user is able to see the results. I have changed the access permissions to no avail. I am working with Drupal 6. Please help!!!
There is no reason a view should only show up to logged out users, unless the data being loaded in the view is not available to logged out users. The view itself has permissions. Assuming you're in Views 3 (though 2 is similar) and depending whether it is a page or a block, the middle column will have "Block Settings" or "Page Settings" under which one of the options is "Access". You can tie the view to a specific permission, use custom PHP, or specifically enable it for certain roles. You can also choose "none" here and completely bypass permissions -- then the view will be available to everyone to see the data in, regardless of their permission to the data itself. However, be careful with that if there's any sensitive data on your site.
Views is definitely the best way to create an advanced search in Drupal. I'm sure there are alternatives, but this is exactly what Views is for, and Views is the #1 tool and #1 reason people use Drupal. What I recommend is opening a new issue for help figuring out why your view does not show to anonymous users.
Related
I have created several pages in my drupal website and set permissions to each of the page depending upon the roles I have.
The problem is if I know the URL, I can access that page even though I am not a registered and authorized user.
This will be a problem if some random person/hacker plays around with the URLs and comes across a page that is supposed to be viewed by an authorized user.
I am new to Drupal and any help is appreciated.
If you correctly set the permissions it will restrict access based on roles regardless if they know the URL. Are you sure that when you are testing it you are actually signed into or using a role that doesn't have access to that page?
Drupal lets you set permissions for who can Create, Edit and Delete content types. You need a contributed module for setting who can 'View' permissions of individual pages/nodes.
Download Content Access from https://drupal.org/project/content_acces. After you install it and configure the default values for the content type, you will need to click the content access tab after you create the page.
'Taxonomy Access Control Lite' is very light and more user-friendly; permissions are set within the edit view (normal fields), however, it takes some effort to understand how it works and to set it up.
See a comprehensive list of node access modules at https://drupal.org/node/270000
Tip: Don't use more than one module for node access permissions.
i am in involving in developing the site builder by using Drupal. since it is site builder,user able to create a site based on needs and manipulate his menu items but other user won't edit this menu items.is it possible do like this.
Any one guide me how to control the menu items.
You did not mention your Drupal version, if you want to do this in code or through the UI...
So I am not really sure how well the answer will fit.
You need to have permissions set upon block creation for all users (IE: anonymous) to have access permissions on that block and it's content.
I believe there are permissions that may also need to be allowed on the permission configuration page in admin/user/permissions on Drupal 6. Look for the permissions that allows users access to other user content, most content usually allows anonymous viewing by default, though if I remember correctly.
Blocks can also be configured individually through the UI and by permissions set by ROLE, so you may want to check in the block configuration page also if you plan to do any changes to that blocks permissions manually.
Too lazy to log in to get screenshots, but it should give you clues on where to look.
On a sidenote, you should post your Drupal questions on drupal.stackexchange.com, you will get more Drupal users there to respond than here.
Hope that helps, good-luck
My Drupal / ubercart install has a bizarre issue. Anonymous users can access an edit page /node/44/edit for s SINGLE node only - an ubercart product. I have created a new version of the node, which does not have the issue. The tabs (view / edit) are also available on the product page to anonymous users. The issue became clear when the page was edited by a spam bot.
Is there any way I can output the decision making process which Drupal makes to the screen? For example can I output the variables to the screen which Drupal uses to make the decision about whether the user has access to a given URL or not?
Thanks in advance.
There may be a better way, but to start, you could create a custom module that implements hook_menu_alter, then dump the contents of the $items array, to see the access callback associated with /node/44/edit or /node/%/edit.
One thing to try would be to "rebuild node permissions" You do this from the admin/content/node-settings page. It might be as simple as the permissions being jacked up, which is rare but does happen sometimes.
I have to build a site that receives some custom report from my users and store them in a database. The users are able to view their reports and the department administrator comments on it. I was creating this myself using PHP although it was good but it's full of security holes and I get lost after a while when my code grows bigger.
I think if there is a module for drupal or wordpess that can benefit from grouping my users into separate groups that would be much easier.
Does anyone know if there is such plugin or would you recommend me some keywords to search with.
Thanx in advance
Sounds like Drupal would be a good fit for this. There would be (at least) two roles (one for regular users and one for administrators), and there would be a 'report' content type. Regular users would be able to upload reports and view their own reports and administrators would be able to comment on reports.
Drupal + CCK (and possibly the FileField module if users are uploading document files) would be able to handle all of this pretty easily.
Drupal with the CCK & FileField modules would work great (as Mike mentioned). Two roles would suffice (admin & regular user).
As for security, make sure to use the latest versions in Drupal 6 & stay on top of when those 2 modules get updated although Drupal makes it super easy for you through site notification. Along the lines of security, you'd want to 'hide' the login box from the homepage & use www.sitename.com/user for your users to login.
I am building a DMS for our intranet and use a taxonomy hierarchy because we need access control that way. All company locations manage (upload,edit) their own documents but should be able to access all. This is inherited to the child terms and works fine.
Additionally we want simple 3-step workflow (draft,published,archived). So i introduced roles for editor, publisher and docadmin and set permissions for the transitions. Also triggers to effectivly (un)publish documents.
But (of course) a user of role publisher can do the transition for ALL documents. But we want publisher for each company location (top taxonomy level, see above).
Could this be achieved? Do i have to set it up by myself (i guess "rules" is appropriate to do this) or is there another module helping.
role inheritance was a guess, but that is only about roles (naturally).
"module grants" i use and checked first option. That way my thoughts are going. I hope you get my idea resp. problem.
drupal 6.16 current
edit:
I reread the docs and found ie. http://drupal.org/node/408018 Revisioning for categorized content. Will reread that.
It seems you're running into a know issue in Drupal 6's node access api. Grants only work as an approval, so if any access module says a user can perform an action no other module can take it away. The only other solution I can think of would be a mash of the modules to calculate based on both criteria, obviously a potentially complex task.
Certainly not recommended, but you could apply your own logic to scan the grants tables to remove entries for users that don't match up with both criteria. You would have to find the right hook to have it perform its work after both other modules have calculated their values and saved them to the database.
Good news: this is fixed in D7. Bad news: D7 will be a while.
Drupal 7 will allow modules to approve, deny, or abstain from node access decisions. As such, your taxonomy module could say the users are approved for these terms, denied for others. As well, workflow could approve for some stages and deny for others. A user would require at least one approval and no denials.