Restrict Access to a Node Drupal 7 - drupal

I would like specific nodes to only be available to authenticated users in drupal 7. Most modules that I have seen are still in development.
Effectively I need to create a few members only pages. Basically any content in this node cannot be accessed is visitor is not logged in

I would probably go ahead and use the node access module even though it's in dev. The warnings are mostly the author trying to say he doesn't want to be held responsible.
Otherwise you'll need to manually do it by implementing hook_node_access in a custom module

The Node Option Premium module might do what you want.
This module adds a new node option Premium content along with core publishing options (Published, Promoted to front page, Sticky at top of lists).
When a node is published as premium content, only users with proper privileges may view the full content of the node.
Non-premium users can still access premium nodes but only get the content rendered in teaser context, even when trying to view the full content. An additional message informs them that the content is available to premium users only.

Related

Restricting access when using URL - Drupal

I have created several pages in my drupal website and set permissions to each of the page depending upon the roles I have.
The problem is if I know the URL, I can access that page even though I am not a registered and authorized user.
This will be a problem if some random person/hacker plays around with the URLs and comes across a page that is supposed to be viewed by an authorized user.
I am new to Drupal and any help is appreciated.
If you correctly set the permissions it will restrict access based on roles regardless if they know the URL. Are you sure that when you are testing it you are actually signed into or using a role that doesn't have access to that page?
Drupal lets you set permissions for who can Create, Edit and Delete content types. You need a contributed module for setting who can 'View' permissions of individual pages/nodes.
Download Content Access from https://drupal.org/project/content_acces. After you install it and configure the default values for the content type, you will need to click the content access tab after you create the page.
'Taxonomy Access Control Lite' is very light and more user-friendly; permissions are set within the edit view (normal fields), however, it takes some effort to understand how it works and to set it up.
See a comprehensive list of node access modules at https://drupal.org/node/270000
Tip: Don't use more than one module for node access permissions.

Menu visiblity control

i am in involving in developing the site builder by using Drupal. since it is site builder,user able to create a site based on needs and manipulate his menu items but other user won't edit this menu items.is it possible do like this.
Any one guide me how to control the menu items.
You did not mention your Drupal version, if you want to do this in code or through the UI...
So I am not really sure how well the answer will fit.
You need to have permissions set upon block creation for all users (IE: anonymous) to have access permissions on that block and it's content.
I believe there are permissions that may also need to be allowed on the permission configuration page in admin/user/permissions on Drupal 6. Look for the permissions that allows users access to other user content, most content usually allows anonymous viewing by default, though if I remember correctly.
Blocks can also be configured individually through the UI and by permissions set by ROLE, so you may want to check in the block configuration page also if you plan to do any changes to that blocks permissions manually.
Too lazy to log in to get screenshots, but it should give you clues on where to look.
On a sidenote, you should post your Drupal questions on drupal.stackexchange.com, you will get more Drupal users there to respond than here.
Hope that helps, good-luck

Drupal wrongly allowing access for anonymous users to a single edit page

My Drupal / ubercart install has a bizarre issue. Anonymous users can access an edit page /node/44/edit for s SINGLE node only - an ubercart product. I have created a new version of the node, which does not have the issue. The tabs (view / edit) are also available on the product page to anonymous users. The issue became clear when the page was edited by a spam bot.
Is there any way I can output the decision making process which Drupal makes to the screen? For example can I output the variables to the screen which Drupal uses to make the decision about whether the user has access to a given URL or not?
Thanks in advance.
There may be a better way, but to start, you could create a custom module that implements hook_menu_alter, then dump the contents of the $items array, to see the access callback associated with /node/44/edit or /node/%/edit.
One thing to try would be to "rebuild node permissions" You do this from the admin/content/node-settings page. It might be as simple as the permissions being jacked up, which is rare but does happen sometimes.

Drupal Private Publishing

Is there a way to have a content type that is only viewable to admins AND the person who created it, including comments? I feel like I know the answer to this but its escaping me.
Try the Nodeaccess module. Some more details about this module (from its project page):
Nodeaccess is a Drupal access control module which provides view, edit and delete access to nodes. Users with the 'grant node permissions' permission will have a grant tab on node pages which allows them to grant access to that node by user or role. Administrators can set default access controls per content type, and also define which roles are available to grant permissions to on the node grants tab.
The upshot is, this module allows you to do things like 'node 123 can be viewed by authenticated users and edited by admin users and joeuser'. As an added bonus, update and delete permissions are separated, so you can make sure users with edit permissions cannot accidentally delete pages.
If the content type is defined by your own module, you can use hook_access to do this.
If the content type is defined by CCK or another module, things are a bit trickier. You can install a patch that adds an access op to hook_nodeapi, but unfortunately that's a hack to the core Drupal code, with all the potential upgrade pitfalls that ensue.

How does Drupal provide an edit/review/publish model?

How does Drupal support a means to update and review a website before it is published?
Does it only allow you to preview a page at a time before you publish it or is there a way to create a site with multiple pages, review it and then publish it?
Is it best or easiest to create two Drupal Sites and push the contents of one to the other regularly (as a publish method)?
There are some modules that allow this functionality on a single site. The workflow module allows you to invoke hooks when content types are created, edited, published, ect. I use this on a production site to notify me when new content is created so I can publish it. Another module is the revision moderation module. You can allow users to edit nodes, but new revisions go into a queue for approval instead of being published immediately.
You can preview each page at a time before publishing it, but that is generally-user controlled. Sounds like you want more of a 'writer submits to editor who proofs and publishes' model?
Workflow module is all you need for that functionality. It will also involve a couple user roles (writer, editor, etc.). This is a model done many times, you can do it fairly easily.
2.5 Also Modr8 (Moderate) module may be simpler for you: http://drupal.org/project/modr8
Running a test site is more appropriate for site (code) development, not so much for just publishing content.
The workflow module will help you achieve this. It interacts with the actions module.
I set up two roles: writer and editor, the writers submit their content and then the editors can review and publish the content, if they don't want to publish it they can set it as needs work which means the writer need to redo and then submit the content again before it is reviewed again.
The action module means that the content is accessible by the appropriate roles as the content moves through the workflow.

Resources