Menu visiblity control - drupal

i am in involving in developing the site builder by using Drupal. since it is site builder,user able to create a site based on needs and manipulate his menu items but other user won't edit this menu items.is it possible do like this.
Any one guide me how to control the menu items.

You did not mention your Drupal version, if you want to do this in code or through the UI...
So I am not really sure how well the answer will fit.
You need to have permissions set upon block creation for all users (IE: anonymous) to have access permissions on that block and it's content.
I believe there are permissions that may also need to be allowed on the permission configuration page in admin/user/permissions on Drupal 6. Look for the permissions that allows users access to other user content, most content usually allows anonymous viewing by default, though if I remember correctly.
Blocks can also be configured individually through the UI and by permissions set by ROLE, so you may want to check in the block configuration page also if you plan to do any changes to that blocks permissions manually.
Too lazy to log in to get screenshots, but it should give you clues on where to look.
On a sidenote, you should post your Drupal questions on drupal.stackexchange.com, you will get more Drupal users there to respond than here.
Hope that helps, good-luck

Related

Only site administrators should be able to set default display view of folders on Plone 4.3

All logged-in members of my plone site have the permission to edit, create and publish content. Unfortunately, they are also able to change the default display view of a folder. This leads to a lot of problems as the site members sometimes - accidentically - change to a view template that a folder is not suitable for.
How can I change plone the way that only role administrator is able to set the default view of all folders? Normal site members should not be able.
Since I trust my members something like a JS+CSS solution that hides the display menu for everybody except site administrators would be acceptable, too.
The permission you are looking for is called Modify view template. All roles with this permission can change the template. If your Workflow manages the permission, give it only to the Administrators.
If your Workflow does not manage the permission you can change it globally by change the security configuration on the plone root.
Goto: http://plonesite/manage_access (Security-tab in ZMI)
Search for Modify view template.
Change the configuration. In your case only allow Administrator to change the view template.

Restricting access when using URL - Drupal

I have created several pages in my drupal website and set permissions to each of the page depending upon the roles I have.
The problem is if I know the URL, I can access that page even though I am not a registered and authorized user.
This will be a problem if some random person/hacker plays around with the URLs and comes across a page that is supposed to be viewed by an authorized user.
I am new to Drupal and any help is appreciated.
If you correctly set the permissions it will restrict access based on roles regardless if they know the URL. Are you sure that when you are testing it you are actually signed into or using a role that doesn't have access to that page?
Drupal lets you set permissions for who can Create, Edit and Delete content types. You need a contributed module for setting who can 'View' permissions of individual pages/nodes.
Download Content Access from https://drupal.org/project/content_acces. After you install it and configure the default values for the content type, you will need to click the content access tab after you create the page.
'Taxonomy Access Control Lite' is very light and more user-friendly; permissions are set within the edit view (normal fields), however, it takes some effort to understand how it works and to set it up.
See a comprehensive list of node access modules at https://drupal.org/node/270000
Tip: Don't use more than one module for node access permissions.

Drupal My Account Block Personalisation

When users login into my new Drupal site they and go their my Account page, they are greeted with several options including the ability to change their times zones. Weirdly they are also greeted with a Customization block to switch on or off the Main Menu. However the configuration for this is set to no personalisation and is called superfish not Main-Menu. How can i find out what is setting this to allow users to customize?
thanks
Lee
It most certainly is a permissions issue. Go to your permissions logged in as an administrator and remove permission to personalize blocks for whatever role your users are.
Let me know if you have any questions

How do I add a new user in a ScrewTurn wiki?

We have an internal development wiki setup that uses ScrewTurn, but I am struggling with the most basic of tasks which is to add new users or edit existing ones. This was setup by a former colleague that is no longer employed at the company and no one has any experience of the administration side of it.
Based on the information available this should be a very simple task, however the "Accounts" tab described and pictured in the previous link simply does not exist in the administration section of our wiki.
The tabs we have are Admin Home, User Groups, Wiki Pages, Categories, Snippets/Templates, Nav. Paths, Content Editing, System Log, Providers and Configuration.
We have 8 registered users, all set as administrators (confirmed in the front end and databased) and these are set granted as having full control.
So what am I missing? Can the "Accounts" section be hidden? Are we using a different version (the listed version is 3.0.5.600 which reports itself to be up to date)?
It looks simple enough to setup users in the database, but I'd like to be able to use the front end.
Select Administrators under User Groups and grant full control to your admins and uncheck unwanted restrictions under "Deny".
If you are cannot access the User Groups tab, try to login as super administrator to verify the permissions of your Administrators group.
To login as super administrator, add this to your web.config under <appSettings>:
<add key="MasterPassword" value="YourSecretPasswordHere" />
Then login with the user admin and the password you set.
And make sure to remove that setting after you sort things out.
The admin menu was probably modified. Try going directly to the page AdminUsers.aspx (so something like "http://yourwikidomain.com/AdminUsers.aspx").
To fix the menu, download the Screwturn install files from the web site (http://www.screwturn.eu/Download.ashx) and copy the "Admin.master" page to your site. You may want to compare them first to see what changes were made.

Drupal wrongly allowing access for anonymous users to a single edit page

My Drupal / ubercart install has a bizarre issue. Anonymous users can access an edit page /node/44/edit for s SINGLE node only - an ubercart product. I have created a new version of the node, which does not have the issue. The tabs (view / edit) are also available on the product page to anonymous users. The issue became clear when the page was edited by a spam bot.
Is there any way I can output the decision making process which Drupal makes to the screen? For example can I output the variables to the screen which Drupal uses to make the decision about whether the user has access to a given URL or not?
Thanks in advance.
There may be a better way, but to start, you could create a custom module that implements hook_menu_alter, then dump the contents of the $items array, to see the access callback associated with /node/44/edit or /node/%/edit.
One thing to try would be to "rebuild node permissions" You do this from the admin/content/node-settings page. It might be as simple as the permissions being jacked up, which is rare but does happen sometimes.

Resources