Drupal publishing - drupal

I am working on a Drupal website. It has been designed by someone else.
I want to change the settings from automatically publishing post to not automatically publishing. I set the option in content types, my content type (edit), publishing options. It is set to "not published". Every time I add a new post, it still is published though.
Where is this going wrong? Do I need to change something in the code? if yes, where do I change it?

There are a number of configuration options that could cause this that can be adjusted via the user interface without delving into code.
It's possible that anonymous users have permissions to view unpublished content.
It's also possible that you have a views configured to return results unfiltered by published = true.

Related

Restricting access when using URL - Drupal

I have created several pages in my drupal website and set permissions to each of the page depending upon the roles I have.
The problem is if I know the URL, I can access that page even though I am not a registered and authorized user.
This will be a problem if some random person/hacker plays around with the URLs and comes across a page that is supposed to be viewed by an authorized user.
I am new to Drupal and any help is appreciated.
If you correctly set the permissions it will restrict access based on roles regardless if they know the URL. Are you sure that when you are testing it you are actually signed into or using a role that doesn't have access to that page?
Drupal lets you set permissions for who can Create, Edit and Delete content types. You need a contributed module for setting who can 'View' permissions of individual pages/nodes.
Download Content Access from https://drupal.org/project/content_acces. After you install it and configure the default values for the content type, you will need to click the content access tab after you create the page.
'Taxonomy Access Control Lite' is very light and more user-friendly; permissions are set within the edit view (normal fields), however, it takes some effort to understand how it works and to set it up.
See a comprehensive list of node access modules at https://drupal.org/node/270000
Tip: Don't use more than one module for node access permissions.

Menu visiblity control

i am in involving in developing the site builder by using Drupal. since it is site builder,user able to create a site based on needs and manipulate his menu items but other user won't edit this menu items.is it possible do like this.
Any one guide me how to control the menu items.
You did not mention your Drupal version, if you want to do this in code or through the UI...
So I am not really sure how well the answer will fit.
You need to have permissions set upon block creation for all users (IE: anonymous) to have access permissions on that block and it's content.
I believe there are permissions that may also need to be allowed on the permission configuration page in admin/user/permissions on Drupal 6. Look for the permissions that allows users access to other user content, most content usually allows anonymous viewing by default, though if I remember correctly.
Blocks can also be configured individually through the UI and by permissions set by ROLE, so you may want to check in the block configuration page also if you plan to do any changes to that blocks permissions manually.
Too lazy to log in to get screenshots, but it should give you clues on where to look.
On a sidenote, you should post your Drupal questions on drupal.stackexchange.com, you will get more Drupal users there to respond than here.
Hope that helps, good-luck

WordPress page deleted from database, still showing up even in a new browser

I am trying to set up a new custom post type and create a page (based off the custom post type archive template) and keep it private until it's ready to be published. I created a page and made it private, but it was visible to everyone (although not in the dropdown like it normally would be, just from entering the permalink URL). So I deleted that from the database (in phpMyAdmin) and tried again just leaving the page a draft. The permalink URL still shows the page template for the custom post type archive. I deleted the draft in phpMyAdmin and still the URL shows the page template (should be giving a 404). I tried this in a different browser where it had never been opened and it also gives the page template.
Does anyone have any idea why this is happening? Why isn't it working to privately publish and why aren't the deleted pages going away?
You propably only deleted the content of your page, but there are more relations to the page. See the database diagram on wordpress how posts are connected to other tables in the database as well. You'll have to delete every record pointing to that post!
I really recommend you not to play around in the database of wordpress, there's a reason why WP gives you the opportunity to administer everything in their admin panel!
To leave a page/post invisible to others, just don't publish it! As a draft, no one can access it unless he/she has access to your admin panel and the required rights to see drafts!
As soon as you publish it - it's published. You can also just use the preview view to see how it would look like! Why your private page was visible to everyone is another question, maybe you made some mistakes with your DB...hard to reckon without any further information. Try to set it up as a normal post/page and publish it privately, log out and see what happens!

Drupal wrongly allowing access for anonymous users to a single edit page

My Drupal / ubercart install has a bizarre issue. Anonymous users can access an edit page /node/44/edit for s SINGLE node only - an ubercart product. I have created a new version of the node, which does not have the issue. The tabs (view / edit) are also available on the product page to anonymous users. The issue became clear when the page was edited by a spam bot.
Is there any way I can output the decision making process which Drupal makes to the screen? For example can I output the variables to the screen which Drupal uses to make the decision about whether the user has access to a given URL or not?
Thanks in advance.
There may be a better way, but to start, you could create a custom module that implements hook_menu_alter, then dump the contents of the $items array, to see the access callback associated with /node/44/edit or /node/%/edit.
One thing to try would be to "rebuild node permissions" You do this from the admin/content/node-settings page. It might be as simple as the permissions being jacked up, which is rare but does happen sometimes.

How does Drupal provide an edit/review/publish model?

How does Drupal support a means to update and review a website before it is published?
Does it only allow you to preview a page at a time before you publish it or is there a way to create a site with multiple pages, review it and then publish it?
Is it best or easiest to create two Drupal Sites and push the contents of one to the other regularly (as a publish method)?
There are some modules that allow this functionality on a single site. The workflow module allows you to invoke hooks when content types are created, edited, published, ect. I use this on a production site to notify me when new content is created so I can publish it. Another module is the revision moderation module. You can allow users to edit nodes, but new revisions go into a queue for approval instead of being published immediately.
You can preview each page at a time before publishing it, but that is generally-user controlled. Sounds like you want more of a 'writer submits to editor who proofs and publishes' model?
Workflow module is all you need for that functionality. It will also involve a couple user roles (writer, editor, etc.). This is a model done many times, you can do it fairly easily.
2.5 Also Modr8 (Moderate) module may be simpler for you: http://drupal.org/project/modr8
Running a test site is more appropriate for site (code) development, not so much for just publishing content.
The workflow module will help you achieve this. It interacts with the actions module.
I set up two roles: writer and editor, the writers submit their content and then the editors can review and publish the content, if they don't want to publish it they can set it as needs work which means the writer need to redo and then submit the content again before it is reviewed again.
The action module means that the content is accessible by the appropriate roles as the content moves through the workflow.

Resources