Needs work
Project:
Empty Page
Version:
7.x-1.x-dev
Component:
User interface
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
28 Mar 2012 at 16:07 UTC
Updated:
11 Apr 2016 at 03:31 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
jpklein commentedTry the attached patch and let me know your thoughts. To use it, first go to admin/structure/empty-page/settings and enable the access control setting. After that, you should be able to set role-based permissions on each of your callbacks.
I originally wrote this patch so that I could restrict access to custom admin pages I had created composed entirely of blocks. But it turned out not to be so useful since the block module's access system doesn't respect the node-access system, and the blocks still showed up on the 403 page until I manually went through each block and configured their visibility settings.
Someone could possibly pick this up and write some handlers to propagate the access-control settings to blocks whose URL is the same as the given callback, but in my case I'm gonna try giving the context module a shot instead.
Hope it helps!
Comment #2
Nick Robillard commentedYeah I considered this at the beginning. But I decided that I didn't want to try to duplicate other modules. If you want features like that, I'd recommend trying ctools Page Manager. That being said, if it makes sense to allow basic customization of hook_menu $item (title, description, menu name, context, etc.) and various access control options, then maybe it should be in the add-on module.
Comment #3
a1russell commentedctools page manager gives all types of features that I don't want or need, though, with variants and the like. This module is the closest thing I can find to a frontend for hook_menu(); I think that making configurable the "access arguments" part of that, at least in a limited fashion, falls reasonably within this scope.
Comment #4
jpklein commentedPer your comment Nick, I've reworked the previous patch to move the access-control routines to the empty_page_extras module.
My aim was to make as little impact on the main module as possible, though I altered the load/save routines in order to handle $callback->data as a serialized array.
Let me know what you think.
Comment #5
a1russell commentedComment #6
jpklein commentedUpdated the patch with a separate uninstall routine for the empty_patch_extras module.
Please review this one instead of #4; I forgot to do "git diff HEAD" so it didn't include the newly-added empty_page_extras.admin.inc & empty_page_extras.install files.
Comment #7
bleen commentedBy in large I think this looks really good. A couple of minor questions/points below.
Why are we returning an empty(ish) callback object? Or asked a different way, why would we call empty_page_get_callback with a null $cid
whitespace
whitespace
nice catch ... oops :)
"no new line at end of file"
Comment #8
jpklein commentedThanks for the review. RE: "why would we call empty_page_get_callback with a null $cid"
Comment #9
jpklein commentedHere's the updated patch.
Comment #10
SolomonGifford commentedConfirmed this patch works as advertised.
Comment #11
askibinski commentedYes, work great!
Comment #12
Nick Robillard commentedNice work. Thanks for the help. Seems to work well.
Question: In function empty_page_uninstall() why replace
drupal_load('module', 'empty_page');withmodule_load_include('module', 'empty_page');? I don't get any errors when uninstalling empty page that would imply the original is not working. Am I missing something? (Fyi, this part of the patch failed for me because your patch did not remove the originaldrupal_load('module', 'empty_page');line. Maybe you were missing this and is why you got the error?)Also, I don't really see a need for the "Enable role-based access control" checkbox in settings. The user has already enabled the extras module. I don't see a need for yet another opt-in.
Thoughts?
Comment #13
flaviovs commentedMore food for thought...
At least, shouldn't Empty Page emit a 403 (i.e. call
drupal_access_denied()) when the current user's role doesn't have the "access content" permission?The module produces "pages" (albeit empty ones), which ordinarily are not accessible by users without "access content" in Drupal. So, does this make sense?
My use case: I'm developing a private site where as content can be accessed only by logged in users. In other words, only the "authenticated user" role has the "access content" permission.
I tried to use the module to provide some empty pages with only (restricted) blocks, to no avail. The page is accessible to anonymous users, instead of showing my 403-"you must login" page.
(Also, Drupal won't return a 403 HTTP header on such use cases. This allow search engines to index the -- empty -- page, which can create duplicate-content problems on SEs.)
Comment #14
donapis commentedThis patch save my life. Nice work.