I am using a drupal 6. I need to restrict access to certain pages to my site for only the authenticated users. All these pages are having their own primary navigation parent menu, mouse hover on which it shows the sub menu to these pages. Once user clicks on it, it should show the page content if user is authenticated otherwise should show "Access Denied".
I tried to use Content Access module, though it restricts the access to the pages but it does not even show the menu link to anonymous user in menu list.
Is it possible to show menu in menu list, but on clicking on link it should show the access denied message of user is anonymous?
There are 2 ways you can go about this, the field permissions module if you just want to limit to specific fields or you can make a PHP block, call global $user within it, and if the user's role doesn't match on the node type for who you need to be, then call drupal_access_denied()
http://api.drupal.org/api/drupal/includes!common.inc/function/drupal_access_denied/6
The block method is going to be much more efficient because you won't have to configure a billion checkboxes if you have a lot of fields and because if you make the block within a custom module, it will be exportable easily to other Drupal sites.
Related
I have a View with a Page display that only allows the returned data to be linked if the user is authenticated/logged in.
I simply want to remove that restriction. There is another view that looks the same except it's for Public and shows all the same data but not linked. (the data are pdf files).
On the authenticated display, next to Access in the Basic Settings it has: authenticated user. If I click that user role (not the gear for options), then I'm allowed a list of:
Domain
None
Permission
Role
…for access restrictions. I click "None", save. But, the links are not there as an anon visitor. Same if I try by changing the user to Anonymous User. Note: In the permissions, anon has the right to see webfm attachments.
I noticed the url is like: documents-public or documents-auth so I made it just documents. No luck.
I visited the actual custom-page-type which puts the View in a content pane. I re-ordered the variants, removed all Selection Rules and that didn't do anything either.
Flushed all caches.
Somewhere, the view is still only showing a view based on whether a user is authenticated or not even though I've removed the access (it says "unrestricted" next to access) on both displays and removed all selection rules on the actual page.
I'm stuck where else to look.
The setting you're changing (Access restrictions) is for the entire page - the page URL will return a 403 error if the criteria are met.
As to where the logic is to display/not display the link, four things come to mind:
If the "view mode" is set to node or teaser, it could be in the node template file.
The logic might be in a specific view template (click on the theme information link and see if any of the templates have been overridden).
The developer might have user Views Custom Fields to put the logic directly in the fields.
The linked content is actually restricted.
I'm sure there are other possibilities too. The main point here though is that if access was restricted for anon users, they would see a 403 error, not just some missing fields.
I'm currently working on a website that is for a restaurant. I have created everything I need to but I'm confused on one part:
I have created two roles: Admin and Customer. I have a page that displays a menu.
My main problem is, how would I display this page to the customer as a simple menu page, and how would I display this page to the admin where he would be able to edit the items within the database?
Would I need to create two different pages, one for a standard customer and one for the admin, or could it be done through the sitemap, where a link (the edit menu page) is visible/invisible based on the user who is signed in? (How would I accomplish that?)
You can write your custom code for this, as you have yourself created two roles. you can use the following steps
1) Create form authentication ticket for your roles on login and add it so that you'll be able to authenticate user/roles and write authentication rules in web.config.
2) either create two different page for admin and customer or you can use single page that renders differently based on the role, if you creates a single page make sure you should hide secure admin menu items at server side itself so that it will not be rendered and thus no change can be made at client side for security reason or just add items based on roles dynamically always.
Let me know if you need more details.
Very simple question that i'm stuck with.
I'm making a very simple 'classifieds' website; i have a content-type of type 'classified' i'd like to give access to that content-type for registered users only; i edited the permissions so only 'authenticated' users can 'create classified' and also created a menu link to 'node/add/classified'.
The problem is that when anonymous, i don't see the 'create classified' menu link (right, because the user doesn't have the right to 'create' one) but I still want this menu item to appear and i'm redirecting to my custom 403 page that says 'hey, you have to create an account first before posting a classified'.
What's the best 'elegant' way to achieve this ?
My solution would be to create a new page (via hook_menu) at, say "classified/add". In this page, check the user's id = if it's 0, then display your friendly message about joining the site.
If they aren't 0, then append/return node_add('classified'). (Note that node_add is in node.pages.inc, so you'll want to include that when needed.)
I have actually done the same thing for a classified ad system. Creating absolute URLs as menu items works for me and is quite simple.
For example, instead of making the menu item path 'node/add/classified', set the path to 'http://example.com/node/add/classified'. When you click the menu item when logged out (as anonymous), Drupal will try to go to the create classified page, but will fail the permissions check and redirect to your custom 403 page.
Try creating a new menu item manually (Admin > Site building > Menus > Menu name > Add item), to point to the node/add/classified URL.
Update: You could try linking to /node/403?destination=node/add/classified (where node/403 is your custom 403 error page).
How can I in Drupal define that menu item link is available only for registered users, and not for users that are not loged in?
Just make sure the node this menu item leads to can be accessed only by registered users. Try access control modules if there's no inbuilt mechanism that works for you. I sometimes use Content Access for that, although it's primarily for controlling access per content type. You can try Nodeaccess, which controls access per node.
What I need to accomplish is this:
If an anonymous user visits the site, show regular site content.
If a user logs in to the site, then user-related content appears in place of the regular content.
I would like to accomplish this using the Views module.
I have looked at the Premium module, but it seems to be abandoned. I would like to avoid using the content-access module if at all possible, since I already have other access controls in place.
If you are creating a page display for the views, you can accomplish this with view's access controls. Views will show the first available display that the user has permissions to.
Create a display for the authenticated user view
Set the page path
Set the Access restrictions (eg., by Authenticated role)
Create a display for the anonymous user view
Set the page path to the same value
Optionally restrict access to the Anonymous role (not necessary, since if views can load the authenticated display for the user it will not bother with this one, but may keep it's use clear)
Since you cannot re-order the displays in a view (yet), you must define the views in the order of most restrictive to least restrictive.
For more complex displays, you can use the Panels Pages module to render the page differently based on a user's role.
If you only want to differentiate between anonymous and authenticated users, you can specify that different content blocks are visible to each role.
On my own site, I needed to differentiate between Administrators and everyone else, so I could not use the authenticated user role to define access for individual items. Similar to Views, with Panels Pages you can define multiple variants of pages that use the same path. Administrators have access to the first variant, and all other users fall through to using the second.
You could try using the CCK content permissions and set permissions on a per field basis. Then have different fields for different content that you want to publish. I believe this is included with the CCK module.