Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The stat counter display used to be restricted both by the statistics_display_counter global setting, and the current users access right to statistics. Since this access right is kept in the HEAD version of the module, I doubt it was not intended to only print out the view number to those with proper access rights. This simple patch adds the proper check.
Comment | File | Size | Author |
---|---|---|---|
Drupal-utilize-stat-access-right.patch | 724 bytes | Gábor Hojtsy | |
Comments
Comment #1
Dries CreditAttribution: Dries commentedShouldn't that be
user_access('access statistics')
instead ofarray('access statistics')
? (Easy enough to fix.)Note that 'access statistics' allows access to the administration pages so I'm not sure this patch is a good idea.
Food for thought/dicussion.
Comment #2
Gábor HojtsyYes, I meant user_access(), sorry. There needs to be a way to hide the view counters from those not authorized. Now if the view counters are turned on, everyone can see the view counters, regardless of their rights. If the counters are turned off, then noone can see the view counters. This used to be working that only those with proper right can see the counter if the counter is turned on. IMHO this should be restored.
Comment #3
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedPatch not ready.
Comment #4
Uwe Hermann CreditAttribution: Uwe Hermann commentedComment #5
Jaza CreditAttribution: Jaza commentedThis patch is no longer needed, as statistics.module now has a 'view post access counter' permission, and this permission is checked in statistics_link().