if a role doesn't have "access wishlists" it should not see wishlist items but it can using URL (node/471 for example).
I want that only registered user can access wishlist. And this is ok: I don't set "access wishlists" under "anonimous user" and anonimous users can't access it.
But I also want that only registered user can see the items. An anonimous user that write the direct URL to the item can see it.

Comments

scott.mclewin’s picture

This has been a problem with every content type on Drupal, where the data can be accessed via the direct node view even if module specific permissions prevent access on other pages.

Drupal 5 introduced new permission functionality that I gather allows for per-node access controls. I'm not at all versed in how it works.

If you roll and test a patch for this I'll review it for inclusion into the wishlist module.

scott.mclewin’s picture

Status: Active » Postponed (maintainer needs more info)

A patch for this remains welcome. If you wait too long I will have moved onto the D6 version of the module and may not patch prior revisions.

scott.mclewin’s picture

If this remains important to you, patch it against the Drupal 6 branch. I will no longer accept patches for anything but security issues on the D5 and lower versions of this module.

I'm also about ready to close this issue as it does appears to not be relevant enough for somebody to cook up a patch.

TyraelTLK’s picture

Version: 5.x-2.0 » 6.x-2.2

Hi, excuse for time before responding.
I'm not a php developer.
Can you leave this open for 6.x version?

scott.mclewin’s picture

Sure. I'm still willing to accept a patch for it on the 6.x line (but no longer under 5.x).

scott.mclewin’s picture

Status: Postponed (maintainer needs more info) » Closed (fixed)

I don't think a patch is really on the way for this. Closing. File a new issue (or reopen this one) if this remains important.