Posted by jjeff on November 13, 2007 at 8:45pm
9 followers
| Project: | Drupal core |
| Version: | 7.x-dev |
| Component: | menu system |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
I'm trying to add a "register" link to my primary nav. However when I add a menu item with the path "user/register", I get a validation error stating: "The path 'user/register' is either invalid or you do not have access to it."
As a logged-in user, I do not have access to this path, but I still should be able to add it to the navigation to appear for anonymous users.
Comments
#1
Three options I can think of:
1.) use a special case check (yuck)
2.) or make the menu administration ignore access (insecure with multiple site admins of various levels)
3.) make user/register stop using user access to hide itself (instead showing its own error message of "you're already registered").
#2
Related to: http://drupal.org/node/190867
#3
This is one nice problem -- if you would be able to add, you won't see it as the menu overview page only shows whatever you have access to. If I fiddle with the callback (user_is_anonymous) then while editing the menu you will suddenly see things that you should not. Thus I need to fiddle with the way access check is run when menu module invokes it. Yuck.
#4
Do you mean things like node/%/edit, or..? Could we possibly handle this by checking for wildcard characters in the menu tree and outputting everything else?
#5
no but if you have links which are visible only to anonymous they will appear.
#6
We can do this. Fairly little impact. As I looked for type flags, I found a flaw in menu update, noone dealt with expanded, I fixed that and I am way too sleepy to file a separate issue for that.
#7
I am not saying this is ideal, that's why there are no doxygen for this new param. If we agree on it, I will add doxygen. We just say "these menu elements are visible by admin' and then 'hey, admin here'.
#8
Are there other examples where this could be an issue or is user/register sort of a special case? I guess other links could have the same problem.
I don't think it makes sense to manually 'tag' menu paths that should be visisble by an admin. Am I wrong when I say that an admin should be able to see _all_ menu paths? As such, the property should be implicit instead of explicit? Am I missing something? Please enlighten me. ;)
#9
Drupal has no admin conception. Just because you can administer menus, you can't administer filters. This strict access checking is a problem for anonymous only pages. We have remarkably few of those: login, register and forgot password (which I forgot to tag). I do think it's a useful feature in d6 that as menu admin you can't see all sort of pages otherwise you could not see.
I can offer another solution: a global $menu_admin variable which the user_is_anonymous (and other interested parties in custom modules) can check.
#10
OK, we like the global. Piece of cake, really. I will file the update glitch as a separate.
#11
I like #10 better. I'll leave it in the queue for a bit; maybe people have thoughts and or suggestions for improvement.
#12
Committed to CVS HEAD. Thanks.
#13
Automatically closed -- issue fixed for two weeks with no activity.
#14
I have this problem again in Drupal RC1: when I try to add menu item with path "user/register" I have an error:
The path 'user/register' is either invalid or you do not have access to it.
I thing this is concerned with problems like http://drupal.org/node/118498. Does RC1 needs a newer patch?
#15
Trivial fix.
#16
Committed.
#17
Automatically closed -- issue fixed for two weeks with no activity.
#18
Please read: #327230: user_is_anonymous() is ugly
#19
yes i saw but why are you reopening this?