I've installed the module - http://drupal.org/project/formblock (Enables the presentation of node creation forms in blocks)
I've enabled it for a particular content type and then exposed that block, to show when an Organic Group node is being viewed.
What I would like to do is hide that block if the current logged in user, is not the author of the Organic Group node being viewed. i.o.w I only want the organic group author to see that block.
thanks in advance :)
You can use 'PHP block visibility settings' to achieve what you want here. Using PHP you can query the database, and check whether the logged in user is the same user that created the node in the organic group.
There is an example already on drupal.org that I have adapted (you will probably need to customise this further) -
<?php
// check og module exists
if (module_exists('og')){
// check user is logged in
global $user;
if ($user->uid) {
// check we've got a group, rights to view the group,
// and of type "group_type" - change this to whichever group you want to restrict the block to
// or remove the condition entirely
if (($group = og_get_group_context()) && node_access('view', $group) && ($group->type == 'group_type') ) {
// check current user is a team admin as they should get access
if (og_is_node_admin($group)) {
return TRUE;
}
// check to see if the current user is the node author
if (arg(0) == 'node' && is_numeric(arg(1))) {
$nid = arg(1);
$node = node_load(array('nid' => $nid));
if ($node->uid == $user->uid) {
return TRUE;
}
}
}
}
}
return FALSE;
?>
Related
I need to grant users a specific role (Editor, Administrator, etc.) along with all its capabilities on the fly in Wordpress, but I don't want to update their role in the database (so that the next time they come back, they will have their original role). How can I go about doing this?
Here's what I ended up doing:
add_filter( 'user_has_cap', 'override_caps' );
function override_caps($allcaps){
if( ... ){ // When to override caps
$role_name = 'administrator';
$role = get_role($role_name); // Get the role object by role name
$allcaps = $role->capabilities; // Get the capabilities for the role
$allcaps[$role_name] = true; // Add role name to capabilities
}
return $allcaps;
}
I have a module that creates (and updates) Drupal 7 nodes programmatically.
Since the content of the body these nodes is changed by a program at random intervals I do not want anyone, including the administrator, to be able to edit them. Is there a way way to completely "turn-off" the interface that allows a administrator to edit a node?
If it's a standard user with an administrator role you can implement hook_node_access() in your custom module:
function MYMODULE_node_access($node, $op, $account) {
$type = is_string($node) ? $node : $node->type;
if ($type == 'the_type' && $op == 'update') {
return NODE_ACCESS_DENY;
}
return NODE_ACCESS_IGNORE;
}
If it's the 'super user' (user 1) you need to get a bit more creative as a lot of access checks are bypassed for that user.
You can implement hook_menu_alter() to override the access callback for the node edit page, and provide your own instead:
function MYMODULE_menu_alter(&$items) {
$items['node/%node/edit']['access callback'] = 'MYMODULE_node_edit_form_access';
}
function MYMODULE_node_edit_form_access($node) {
$type = is_string($node) ? $node : $node->type;
if ($type == 'my_type') {
return FALSE;
}
return node_access('update', $node);
}
I like both of Clive's suggestions, but one more option is to simply disable the fields using HOOK_form_alter. This will work for the User 1 account too. I've used this recently to disable a specific field that I don't want anyone modifying.
function YOURMODULE_form_alter(&$form, &$form_state, $form_id) {
if ($form_id == 'your_form_id') {
$form['body_field']['body']['#disabled'] = TRUE;
$form['body_field']['body']['#value'] = $form['body_field']['body']['#default_value'];
}
}
Admittedly, this solution isn't ideal if you're using the built-in body field because of the teaser. But it works great if you want to disable editing of certain fields while leaving other aspects of the node editable and the page intact.
I'm not sure why you need them to be an administrator. That role, honestly, should be reserved for people with absolute control -- and even those people should not use it as their "main" account due to the potential for destroying things. Why not just make an "editor" role or something similar, and give all the permissions you need?
I would like to redirect a user that logged in over the user login block. What I have is a module that contains the following code:
Appendix, 3.9.2011, 15:30h: Changed code according to the advice of kiamlaluno.
Appendix, 3.9.2011, 17:08h: Small Fix: Changed node/admin to admin.
Appendix, 3.9.2011, 17:24h: removed []
-> code is working like this now, but do not forget to change the module priority in DB.
function _MYMODULE_user_login_submit($form, &$form_state) {
global $user;
if ($user->uid == 1) {
$form_state['redirect'] = 'admin';
} elseif ($user->uid) {
$form_state['redirect'] = 'node/add/image';
return;
}
}
/**
* Modifies the outfit and behaviour of the user login block.
*/
function MYMODULE_form_user_login_block_alter(&$form, $form_state) {
unset($form['#action']);
// removes the forgot password and register links
$form['links'] = array();
// Redirects the user to the image upload page after login
// This cannot be done by a rule, the rule based redirect is only
// working for the login page not the user login block.
$form['#submit'] = array('_MYMODULE_user_login_submit');
}
It doesn't redirect users; it seems like _MYMODULE_user_login_submit() is simply ignored.
What I know already:
I cannot use Rules/Triggers, because I do not login over the login page but the user login block
It is always said: "use logintoboggan" on posts, but there I only have redirection options for "on registration" and "on confirmation", but I need "on authentication" or "after login".
Anyway, I do not want to use more modules, I prefer a few lines of PHP.
Your code doesn't work because user_block_login() sets the "#action" property for the form; in that case, redirecting the form after submission doesn't work.
$form = array(
'#action' => url($_GET['q'], array('query' => drupal_get_destination())),
'#id' => 'user-login-form',
'#validate' => user_login_default_validators(),
'#submit' => array('user_login_submit'),
);
To make it work, you should first unset $form[#action], and then executing the code you already execute in your hook_form_alter() implementation.
As side notes, I will add:
If you want to be sure your code effectively redirect the user where you want, be sure your module is executed for last; if any other module that implements hook_form_alter() adds a form submission handler to redirect the user to a different page, and that module is executed after yours, then your module would not have any effect. To make sure your module is executed after the others, you should use code similar to the following during the installation of the module, or in an update hook. (Replace "MYMODULE" with the short name of the module.)
db_query("UPDATE {system} SET weight = 100 WHERE name = 'MYMODULE');
Instead of using MYMODULE_form_alter(), you can use `MYMODULE_form_user_login_block_alter(), which would not require to check the form ID.
You should append new form submission handlers, instead of replacing the existing ones. This means you should use $form['#submit'][] = 'user_login_submit_redirected';.
Functions implemented in a module should be prefixed with the short name of the module, which means "MYMODULE_" or "_MYMODULE_" (the latter is for private functions). Not using such prefix could create a compatibility issue with other module, such as the User module, as the function you are using has a name starting with "user_."
can u try this please
function user_login_submit_redirected($form, &$form_state) {
global $user;
if ($user->uid == 0) {
$form_state['redirect'] = 'node/admin';
drupal_goto('node/admin') ;
} elseif ($user->uid) {
$form_state['redirect'] = 'node/add/image';
drupal_goto('node/add/image') ;
return;
}
}
I can't figure out how to set up a block view for this in Drupal 6:
Users submit a picture. If it is approved, I upload it to the site.
There is a node that shows the details of the picture and the author information. I want to have a block that says, MORE BY THIS AUTHOR. This block would list more images that this author has submitted. How can I do this?
The URL is: mysite/content/name-of-image so I don't know how to create a view that shows all the images by this author since the user name is not in the URL. Can someone tell me how to do this?
Thank you.
Add a user:uid argument to the view.
choose "provide deafult argument" option for this argument.
choose "php code" as default argument type.
enter following php code:
if (arg(0) == 'node' && is_numeric(arg(1))) {
$node = node_load(arg(1));
$uid = $node->uid;
}
return $uid;
in your case you want the uid from a cck field of the node, so the php code should be this:
if (arg(0) == 'node' && is_numeric(arg(1))) {
$node = node_load(arg(1));
//if the field contains a user id
$uid = $node->field_authorid[0][value];
//if the field contains a username
$user = user_load(array('name' => check_plain($node->field_authorname[0][value])));
$uid = $user->uid;
}
return $uid;
Now you'll have the author user id from the node in url.
Now you can add fields to the view from nodes created by this author.
NOTE: the view preview won't show any results, so you'll have to save this view and test it outside the views builder.
What block visibility PHP snippet would show a block only on node pages that the loged-in user can edit? The user may not own the node. In my case, I want to show the Content Complete block to people who can actually populate missing fields.
check for node_access("update", $node) (more on http://api.drupal.org/api/function/node_access/6)
//first check whether it is a node page
if(arg(0) == 'node' && is_numeric(arg(1))){
//load $node object
$node = node_load(arg(1))
//check for node update access
if (node_access("update", $node)){
return TRUE;
}
}
Following is barraponto's solution rewritten for noobs like me and to support multiple conditions.
<?php
$match = FALSE;
// Show block only if user has edit privilges for the node page
// first check whether it is a node page
if(arg(0) == 'node' && is_numeric(arg(1))){
//load $node object
$node = node_load(arg(1));
//check for node update access
if (node_access("update", $node)){
$match = TRUE;
}
}
return $match;
?>