Access control broken for blocks
sonicDread - July 31, 2007 - 15:16
| Project: | Members |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | wmostrey |
| Status: | postponed (maintainer needs more info) |
Description
I can't get my Member List to display for Anonymous users. I've tried setting the permissions in the Access Control ares, the Created Member List itself and the Block by it still doesn't show.
Thanks for the help,
Sonic
#1
#2
It is an excellent and very needed module, unfortunately I also have similar problem. Except not only members blocks don't show up for anonymous users, but for administrator only block titles and table headers are displayed, but no data. I only have this problem if I'm trying to display members with blocks, but if I use pages, members module works as expected. I'm using nodeaccess module for access control.
#3
I'm about to lose all my hair on this one, I have managed to get the members list page to work:
http://www.bni-rendezvous.com/v2/members
... but as anonymous I can't view the individual member profiles. I need this to work very urgently, any workaround coming up soon?
#4
To view individual member pages, you need to give the anonymous role access to "access user profiles". That is not related to this module.
#5
Actually, this is the problem, I have checked and re-checked, that the setting has been ticked as you can see in the screenshot. This is not the first time I set up a Drupal site, I guess I won't miss this. You can view the page here, try click on any members name to see what happens?
#6
Sorry, here's the link:
http://www.bni-rendezvous.com/v2/members
#7
Are you sure you're using the latest version? The link to users normally goes to user/$uid while in your example it goes to members/$name. Or did you adapt the module for instance? Or set up autopath?
#8
#9
What kind of info do you need???
I've set up a basic drupal site, and only installed the following modules: token, pathauto, and members. The members module works fine - overall, but as mentioned in this thread: Members-blocks does not show for anonymous users!
The error seems to be in function members_view_block($name) in the way the array_intersect method is utilized!
#10
I might have fixed the bug, but I havn't tested the solution thoroughly enough to say for sure.
You can fix it by substitute the array_intersect parameter $access with $member->access so the line looks like this in function members_view_block($name) :
$access = array_intersect($member->access, $roles[$account->uid]);This makes the previous line obsolete and it can be outcommented (or deleted). The whole function then reads:
function members_view_block($name) {
$member = members_load_settings($name);
if (!$member || !$member->block) {
return NULL;
}
global $user;
$account = $user;
$roles[$account->uid] = array_keys($account->roles);
$roles[$account->uid][] = $account->uid ? DRUPAL_AUTHENTICATED_RID : DRUPAL_ANONYMOUS_RID;
$access = array_intersect($member->access, $roles[$account->uid]);
if (!$access && $user->uid!=1) {
return NULL;
}
$content = members_page($member->mid, "block");
// $content = "test";
if ($content) {
$block['content'] = $content;
$block['subject'] = filter_xss_admin($member->block_title);
return $block;
}
else {
return NULL;
}
}
#11
I've changed this code in my installation, and I still have the problem with unauthenicated users.