Closed (fixed)
Project:
Wishlist Module
Version:
6.x-2.2
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
3 Sep 2007 at 15:46 UTC
Updated:
19 Apr 2009 at 03:07 UTC
if a role doesn't have "access wishlists" it should not see wishlist items but it can using URL (node/471 for example).
I want that only registered user can access wishlist. And this is ok: I don't set "access wishlists" under "anonimous user" and anonimous users can't access it.
But I also want that only registered user can see the items. An anonimous user that write the direct URL to the item can see it.
Comments
Comment #1
scott.mclewin commentedThis has been a problem with every content type on Drupal, where the data can be accessed via the direct node view even if module specific permissions prevent access on other pages.
Drupal 5 introduced new permission functionality that I gather allows for per-node access controls. I'm not at all versed in how it works.
If you roll and test a patch for this I'll review it for inclusion into the wishlist module.
Comment #2
scott.mclewin commentedA patch for this remains welcome. If you wait too long I will have moved onto the D6 version of the module and may not patch prior revisions.
Comment #3
scott.mclewin commentedIf this remains important to you, patch it against the Drupal 6 branch. I will no longer accept patches for anything but security issues on the D5 and lower versions of this module.
I'm also about ready to close this issue as it does appears to not be relevant enough for somebody to cook up a patch.
Comment #4
TyraelTLK commentedHi, excuse for time before responding.
I'm not a php developer.
Can you leave this open for 6.x version?
Comment #5
scott.mclewin commentedSure. I'm still willing to accept a patch for it on the 6.x line (but no longer under 5.x).
Comment #6
scott.mclewin commentedI don't think a patch is really on the way for this. Closing. File a new issue (or reopen this one) if this remains important.