I'm creating an admin module for my client that gives them access to some administration functionality concerning their content. I'm starting off by adding some permissions in my module by implementing hook_perm:
function mymodule_perm()
{
return array(
'manage projects',
);
}
I can then create my menu by adding to the admin section that already exists:
function mymodule_menu()
{
$items['admin/projects'] = array(
'title' => 'Projects',
'description' => 'Manage your projects.',
'page callback' => 'manage_projects_overview',
'access callback' => 'user_access',
'access arguments' => array('manage projects'),
'type' => MENU_NORMAL_ITEM,
'weight' => -100,
);
$items['admin/projects/add'] = array(
'title' => 'Add project',
'access arguments' => array('manage projects'),
'page callback' => 'mymodule_projects_add',
'type' => MENU_NORMAL_ITEM,
'weight' => 1,
);
return $items;
}
This will add a Projects section to the Administration area with an Add project sub section. All good.
The behavior I want is that my client can only see the Projects section when they log in. I've accomplished this by ticking the "manage projects" permission for authenticated users in the permissions section of my module. Now to give my client actual access to the Administration area I also need to tick "access administration pages" under the "system module" in the users permissions section. This works great, when I log in as my client I can only see the Projects section in the Administration area. There is one thing though, In my Navigation menu shown on the left column I can see the following items:
- Administer
- Projects
- Content management
- Site building
- Site configuration
- User management
I was expecting only the see Administer and Projects items, not the other ones. When I click e.g. Content Management I get a Content Management titled page with no sub-sections. Same for Site Building, Site Configuration and User Management. What's really odd is that Reports is not being shown which is also a top level Administration section.
Why are these other items, besides my Projects section, being shown and how can I make them stop from appearing if I'm not logged in as an administrator?
Your problem is that they are allowed to view those pages.
From the system module's hook_menu:
$items['admin/build'] = array(
'title' => 'Site building',
'description' => 'Control how your site looks and feels.',
'position' => 'right',
'weight' => -10,
'page callback' => 'system_admin_menu_block_page',
'access arguments' => array('access administration pages'),
'file' => 'system.admin.inc',
);
So when you gave them access administration pages you gave them access to the site building section, but not any item in it. A quick way to solve this is to:
Use hook_menu_alter to change the access settings for those menu items to something they don't have access to. Either make your own perm or use an existing one.
You could also use your theme to just hide the items.
I'm not sure exactly why the menu router displays those. But I may be able to help...
Why don't you change your path to something like:
projects/add
projects/%/edit
This is similar to the node module's menu hook. It may not be exactly what you're looking for but if you don't want these user's having access to admin stuff it could be the right way.
Related
I have added a tab to the node edit form in Drupal 7 like this (code snippet from hook_menu implementation, irrelevant lines removed):
'node/%/products' => array(
'title' => t('Products'),
'page callback' => 'some_function',
'page arguments' => array(
1
),
'access callback' => TRUE,
'type' => MENU_LOCAL_TASK
)
The tab shows up and works, however, the page is shown in the site's default theme, not in the admin theme. Also the other tabs are missing from the page that is displayed.
I tried fixing this by including this inside an implementation of hook_admin_paths, but it didn't make a difference:
return array(
'node/%/products' => TRUE,
);
How can I enforce my page to show in the admin theme and display the other tabs for the node edit form (such as "Edit", "Revisions" etc.) ?
EDIT: The box Use the administration theme when editing or creating content at admin/appearance is ticked, and system-defined pages such as node/%/edit display in the admin theme, but my new page does not.
I found out what I was doing wrong. In hook_menu % is used to denote an argument; in hook_admin_paths, these have to be replaced by asterisks. The following change to my implementation of hook_admin_paths solved it:
return array(
'node/*/products' => TRUE,
);
On /admin/appearance page, at the bottom of the page where you set the administration menu, check the value of the tickbox "Use the administration theme when editing or creating content".
I had the same problem and I solved with the following hook_menu :
<?php
function <mymodulename>_menu() {
$items = array();
$output['node/%node/mypath'] = array(
'title' => t('Title'),
'type' => MENU_LOCAL_TASK,
'page arguments' => array('node', 1),
'page callback' => 'callback_function',
'theme callback' => 'variable_get',
'theme arguments' => array('admin_theme'),
)
}
function callback_function() {
return 'My New Page.';
}
I think you need to have %node inside the path because that's the right way to "auto load" the node (Drupal take care of this) and pass it as an argument to callback_function where you can use the loaded node.
I'm not really sure what direction to go in.
I have a box on multiple pages that displays the status of various items. I want it easily update-able and would prefer it to be updated via a module. I'm not sure what direction to go in and just need a gentle push.
I have created a table in the drupal sql db but not sure how I would go about creating an admin tool in the drupal control panel to make changes to it.
Does anyone have any ideas of how I should go about this?
p.s. I'm using drupal 7
Custom admin pages can be defined as follows:
function mymodule_menu() {
$items['admin/def'] = array(
'page callback' => 'mymodule_abc_view',
'page arguments' => array(1, 'foo'),
'access arguments' => array('administer nodes'),
'title' => 'Foo settings',
'type' => MENU_NORMAL_ITEM,
);
return $items;
}
Where mymodule is the name of your module and mymodule_abc_view is the function that returns the markup for your admin page
How to prevent unauthorized url access in drupal?
I already tried 'access arguments' => array('access administration pages') but it didn't work
Its clearly given in the Drupal documentation on how to use the Access Arguments.This example is as per Drupal documentation,just to make it more clear for you on how to use this.
$items['test/myPage'] = array(
'title' => 'myPage',
'description' => 'Welcome',
'page callback' => 'mypage_info',
'access arguments' => array('Anyone can access this'),
);
//Define user permissions.
function hook_perm() {
return array('Anyone can access this');
}
Now go to the permissions page [Administer --> User Management -->Permissions), there you can see a list of strings you used for access arguments.You could find the access argument named 'Anyone can access this' in your corresponding module.Give the necessary permission for your required user roles.
You could get more information on the following links
https://drupal.org/node/553368
https://api.drupal.org/api/drupal/developer%21hooks%21core.php/function/hook_perm/6
I am developing a Drupal 7 module. I have created a table in the drupal database for that module directly in phpMyAdmin. I have set te permissions for that module to be viewed by authenticated users. The module works fine when I log in as an administrator. But it gives "access denied" when I log in as the authenticated user.
Anyone any suggestions how I can also give authenticated users access?
Thanks!
Probably, the issue is in the menu hook. Please check its access argument.
It should be something like this:
$items['abc-url'] = array(
'title' => 'Page abc',
'page callback' => 'page_abc',
'type' => MENU_CALLBACK,
'access arguments' => array('access abc'),
'file' => 'my_module.admin.inc',
);
Then you need to define it(in Drupal 7 like following):
function my_module_permission() {
return array(
'access abc' => array(
'title' => t('Access abc'),
'description' => t('This will provide permission to abc.'),
),
);
}
Then clear the cache, go to user permissions page & give authenticated user permission to "Access abc".
Hope this will help.
You need to add list of users to datatbase permission property whom you wants to allow access.
Check this link.
MySQL: Grant **all** privileges on database
In a Drupal multilingual site, for custom modules, (not nodes) what is approach to assure
that user navigates to same page in new language?
example: en/mypage to de/mypage
edit:
menu hook looks like this:
// add menu item
$items['my_module_name'] = array(
'title' => t('My Page Title'),
'menu_name' => 'menu-my-menu',
'page callback' => 'call_this_function_below',
'access arguments' => array('access content'),
);
You mean how to program a module with multilanguage support? Well, I would say you use a placeholder in the menu path you are registering your module for (hook_menu). In that way your module will get the request no matter what language identifier is used, so it will react for en/mypage as well as de/mypage. Of course in your module you must add custom processing logic to deliver the content in the requested language.