I have a site-editor user role with custom permissions. Currently they can access some actions in the admin menu, but they cannot access clear-cache.
I want to expose just that option to the non-administrator (site-editor) user role. I can't find an option that granular in the permissions.
I've found some alternative options, but they involve coding, custom pages, etc. I want a pure drupal GUI option (if any exists). Not: http://drupal.org/node/152983
The reason is that site-editors enter content, but I'm caching panels and views. I need them to be able to clear the cache so they can see the changes they've made.
If you really don't want to create a custom module, there is handbook page on creating a page to clear your cache that includes a snippet to add to a page using the PHP Input format and a refinement in the comments. Keep in mind, using the PHP Input Format is usually discouraged.
It wouldn't take many minutes to create a custom form with a clear-cache button that you can give your editors access to.
The function you need to call to clear the cache is drupal_flush_all_caches
I'm not sure how this option differ from a pure drupal GUI. They are built the same way after all.
Alternatively, you could write a bit of custom code, to clear your panels/views cache when content is created or edited, which would remove this need.
use the flush page cache module?
http://drupal.org/project/flush_page_cache
You can specify what to flush and permit specific roles
If you are using admin_menu, the flush cache ability is given to the 'administer site configuration' permission, which is way bigger than needed. I am thinking of creating a small module that simply does the following:
<?php
function flusher_menu_alter($items) {
$items['admin_menu/flush-cache']['access arguments'] = array('flush cache');
}
function flusher_permission() {
return array(
'flush cache' => array(
'title' => t('Flush the cachce'),
'description' => t('This allows non admins to flush the cache'),
);
);
}
How's that sound?
Check the new CacheFlush module for clearing cache with different roles also you can create presets for clearing the cache just you need helping to save time on development process.
Related
I need to implement field-level permissions in a Page model, in a SilverStripe 3.2 website.
Let's imagine I have an ArticlePage.php model. It has the usual fields like $MenuTitle and $Content, and I've added other properties like $Subtitle and $Author.
I can protect the whole model by using providePermissions() and the associated canEdit() methods, but I need to protect individual fields / page properties.
What I need to do is:
Admins should be able to edit all fields
Users in another permissions group should only be able to edit and save $Subtitle
Is this possible in SilverStripe 3.2? Is there a SilverStripe way of doing it?
If not, is there a way I can Identify the user group of the current user and then perhaps conditionally show the $field->addFieldToTab() code? Is it possible to stop the user saving a field by posting the data maliciously, perhaps by adding the missing fields via inspector?
Thanks in advance.
So here's my own answer. This post was helpful: https://www.silverstripe.org/community/forums/customising-the-cms/show/11693
You can conditionally show CMS fields and tabs using code like the post demonstrates:
public function getCMSFields()
if(!Permission::check('PERMISSION_LABEL'){
$fields->removeFieldFromTab("Root.Main","MenuTitle");
$fields->removeByName('BannerImages');
// etc...
}
// etc...
}
Having defined the permission:
public function providePermissions()
{
return array(
'PERMISSION_LABEL' => 'Can edit some fields',
);
}
My concern with this approach was that a user could still create a form field on the page using inspector or JS and submit values for fields they should not be able to see.
Having tested this it appears that field values are not saved if they are not listed on the page, but are sent with the POST data. Although I'd love to know if a SilverStripe expert could confirm that.
I would like to add a field / column to the Content Administration Overview page but it appears the easiest theme override to do this has been deprecated with D7.
In D6 I could just override the method:
theme_node_admin_nodes($form)
But this method no longer exists for D7. What's the equivalent replacement or do I actually need to hook into node_admin_nodes() now and modify the form directly?
For me it was super easy with these two modules:
views bulk operations (VBO)
administration views (needs VBO)
As soon as both modules are installed and activated you can go to your views (admin/structure/views) where now 3 additional views appear (Administration comments, Administration nodes, Administration users). You then just need to edit the view "Administration nodes", where you can add and arrange everything you want as usually with views.
I wanted to add a column displaying all content's nids. Worked super well!
You'll have to hook into the form, the theme element has been completely removed node_admin_nodes() in Drupal 7.
It's actually node_admin_content() that you'll need to hook into as node_admin_nodes() is no longer a form function, it just builds up elements that are used by node_admin_content().
Fortunately the elements in node_admin_nodes() and node_filter_form() (the two functions used in node_admin_content() to build up the page) are nicely structured and will be very easy to override.
I've been able to add an element to the bottom of the table. Although I am unsure how you ADD a coloumn into the body of the table?
function seven_form_alter(&$form, &$form_state, $form_id) {
drupal_set_message("Form ID is : " . $form_id);
//get node_admin_content
//$nodeAdmin = drupal_get_form("node_admin_content");
// Add a checkbox to registration form about agreeing to terms of use.
$form['node_admin_content']['poland'] = array(
'#type' => 'checkbox',
'#title' => t("I agree with the website's terms and conditions."),
'#required' => TRUE,
);
}
The Administration Views module replaces a lot of admin listings with real views (as in Views module) that you can edit and configure any way you want it.
Here's what I've been trying to figure out how to do for hours now.
I want the author role to be able to upload content into the media library from their posts, and to be able to view the entire media library. What I don't want is to let the author role delete any media, even their own.
I've thought about automatically switching authors to a 'media' user upon upload completion, but I was hoping there'd be a cleaner way.
Any ideas?
There's no built-in capability for "delete_media." I think this is encompassed by "delete_posts," since uploads are treated as posts. (Note that authors can delete only their own posts and attachments.)
Adding a role or capability is possible, but you'd have to replace the default media admin screens, where the delete action is controlled by the "delete_posts" cap. You don't want to mess with the core files upload.php etc. So you'd have to restrict access to them, then write your own panels for authors. You probably don't want to do this. :-)
There's a better way, however. If you assign uploads to an administrator when they are saved then authors will not be able to delete them. You can use the add_attachment and edit_attachment action hooks to change the post_author to an administrator id.
Hope that helps.
There are a number of places where WordPress will let users delete images, so trying to hide them all can be challenging (and dangerous, because a new plug-in or version of WordPress could add another). However, you can add the following function to prevent deletions and throw an error (not pretty, but effective). You could enhance this by adding a custom capability for deleting images, if you wanted a finer level of control.
add_action('delete_attachment', 'DontDeleteMedia', 11, 1);
function DontDeleteMedia($postID)
{
if (!current_user_can('manage_options')) {
exit('You cannot delete media.');
}
}
add this code in your functions.php file:
add_action('media_row_actions','users_own_attachments', 2, 1);
function users_own_attachments( $wp_query_obj ) {
if( !current_user_can( 'delete_plugins' ) ){
unset($wp_query_obj['delete']);
return $wp_query_obj;
}
}
I'm using content access module to restrict certain nodes and node types for un-registered users.
But I would like to create a view where unregistered users can also see titles of those restricted nodes.
How can I do this ?
I haven't used this personally, but I just saw it pop up in the drupal.org module feed a few days ago, and it should help: http://drupal.org/project/views_ignore_node_permissions
ok if you just want to echo the node title in php (with in the node body ) enable php
then :
<?php
if (arg(0) == 'node' && is_numeric(arg(1))) $nodeid = arg(1);
$node = node_load($nodeid);
print $node->title;
?>
Blockquote
and you are done
If you want to restrict access to some fields and not to others, you really should be using permissions per field. I assume all fields are built with CCK, so just enable permission for the content-type, but disable for all fields.
That way, only the title is visible. I don't think you can disable permissions for the standard body field, but I always use a CCK text-area for that anyway, it's alot easier also for css since the standard body field isn't wrapped in default node printing.
You can write a simple module for this, which does the following:
query the node titles you want to show (called by hook_menu)
theme the result (hook_theme)
display the result (hook_block)
in the hook_perm you can create a new permission who you would like to show the node titles, if it is for everybody, just use 'access content'.
The solution is here:
In the views "Query options"-settings it's possible to set "Disable SQL rewriting" ("Disabling SQL rewriting will disable node_access checks as well as other modules that implement hook_query_alter().") which afaik makes this module unneeded with the latest views version.
I'm in the process of making some improvements to a live Drupal site that's using the Domain Access module to run a number of microsites. I'm trying to find a way of restricting the menus a user can post content to from the node edit screen. A user on one of the domains should only be able to post content to menus associated with that domain.
Is there a simple way of achieving this? I'm guessing there are some hooks I could use, but so far I have been unable to identify them. I'd prefer not to have to install further modules to achieve this and to be able to add some code to the current site to alter the forms. The site is struggling with the large number of modules we've had to install on it already.
According to the readme for the module, you need to set some specific permissions in user management:
To enable this feature, you should grant the 'edit domain nodes' and
(optionally) the 'delete domain nodes' permission to some roles. Then assign
individual users accounts to specific domains to assign them as Domain Editors.
From my experience many moons ago with the module, you can check the global $user object and figure out what domains the user should have access to. You can then use a form alter to remove any options from the select box that you don't want them seeing. As always with Drupal though, it's better to let someone else write the code - so if the Domain module provides this functionality, use it!
Here is some updated code for Drupal 7:
/**
* Implements hook_form_FORM_ID_alter().
*/
function MYMODULE_form_page_node_form_alter(&$form, &$form_state) {
global $_domain;
if (isset($_domain['domain_id'])) { // only display domain's primary links
$menus[domain_conf_variable_get($_domain['domain_id'], 'menu_main_links_source')] = $_domain['sitename'].' Main menu';
}
if (isset($menus)) {
$options = menu_parent_options($menus, $form['#node']->type);
$form['menu']['link']['parent']['#options'] = $options;
}
}
Eventually found a way of fixing this for the particular project I have been working on: in module_form_alter I've added the following:-
global $_domain;
if (isset($_domain['domain_id'])) { // only display domain's primary links
$menus[domain_conf_variable_get($_domain['domain_id']
,'menu_primary_links_source')] = $_domain['sitename'].' Primary links';
}
if ( isset($menus) ) {
$options = menu_parent_options($menus, $form['menu']['#item']);
$form['menu']['parent']['#options'] = $options;
}
This restricts the menu options to just the current domain's primary links menu which is just what we wanted.
Thanks to Fabian who pointed me in the right direction earlier.