Closed (fixed)
Project:
Heartbeat
Version:
7.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
13 Feb 2012 at 19:22 UTC
Updated:
24 Mar 2012 at 09:33 UTC
Hi,
I am currently using this great module, but have found a shortcomings - which is probably easily fixed from my side but as of yet cannot find an easy way to do it.
I use ACL and Forum Access to make certain forums and nodes private except for a few select roles, but any update in these places are met with the creation of an activity.
So my question is, is it possible for this to not happen? Thank you.
Comments
Comment #1
Stalski commentedI am not sure what you mean with your question but I can see that you are trying to prevent heartbeat from logging activity in certain conditions?
The concept of heartbeat is that there is a very dumb logging utility and a clever display mechanism. So you always have the choice to log activity when you want it too be logged. This is done in code when you use the api or in the rules UI conditions if you use rules ofcourse.
When do you keep a message from being logged?
As soon as there is no reason for it to be in the database, meaning NEVER displayed.
E.g. a private message for certain roles or conditions is a reason to DO log the activity as you plan to show those messages for the right users.
In heartbeat there is currently a check by node_access which will result in not showing messages with links where the user does not have access too. Strange this is not working for you then.
This means you have to fix your problems on display time. So you'll need to play with the streams configurations (or in the worst case use two streams (E.g. one for roles A,B and another for roles C, D).
You can also play with the heartbeat template configurations so the messages are kept "private" or shown for certain roles. That alone could fix your problem.
So the logging is normal, the display is harder.
Currently, worst case scenario is when all of the above does not work or does not fit your custom needs.
Then you need to implement a hook_heartbeat_messages_alter (see heartbeat.api.php) to unset messages where you can check the access for yourself.
Does this answer your question (then close this issue) , otherwise please be more specific in how heartbeat can help check access in a generic way.
Comment #2
trillex commentedI had seen that in most cases, if a user does not have permissions to view something, there will not be a link in the stream - but this doesn't seem to work for Views or ACL based permissions.
But the above showed me where I should look, so I will put this to closed. Thank you. :)
Comment #3
trillex commentedHrm, sorry to bother - but where exactly is the node_access check? I want to see if I can change it to check for other content access modules. I have tried looking, but the only reference I can find to it is in the Drupal 6 version, in includes with the message templates.
As I just require a quick fix, I think this is the best means to do it. For a bigger, more elaborate project, I'll probably make several streams or templates.
Your answer was great, though - really professional. :)
Comment #4
Stalski commentedDamnd, that is not included yet then :(
I know the data needed to check node_access is there (I think it is).
What do you mean by "other access checks" ? There is no system in drupal now where you can easily obtain the check that corresponds to a path (what is in hook_menu).
- Edit - In drupal6 version, there was such a check and it was configurable, meaning people could leave messages as they are if they want it to. I guess this system needs to go back in then, but it makes heartbeat much more complex and more difficult to comprehend by people implementing it.
Comment #5
Stalski commentedHi again.
I added the code, but it is not configurable yet. I tested with the OG private group and group post setting which results in writing extra realms in the node_access table.
So this check is added, without node_load (very important).
Thx for pointing this out to me. Thought I already put that in.
Comment #6
trillex commentedAh, I had misunderstood just how node_access worked - so disregard my "check for other modules". Glad I could be of (some) assistance, I will await it eagerly. :)
Comment #7
Stalski commentedYou don't need to wait, it's fixed and committed :)
Comment #9
Valc commentedIt still does not seem to work. Heartbeat still shows node related updates (note added, note updated and node commented) even if the user has no access to the node itself. I'm using the default Heartbeat setup together with Forum Access and ACL. Also clicking on the link in the heartbeat only shows the access denied page. Im running the latest dev build.
EDIT: It seems to be a problem with Forum Access/ACL as the heartbeats are properly hidden with e.g. the Domain Access Module.
EDIT 2: Ok, it seems its realy a problem with ACL and Domain Access colliding. Sorry for borthering :)