By l8a on

How can I allow some (registered) users to bypass the maintenance site - so that they could use the page as normal as the site would not be in maintenance mode?

[I dont want to give them administrator rights! If needed I would edit the core files - but where?]

Any hints ?!

Sincerally l8a

Categories: Drupal 5.x

Comments

imrook’s picture

imrook commented

WARNING: having users working on a site while it is being modified/updated is potentially dangerous. Data may be lost corrupted and may even cause your site to cease to function. You have been warned.

Having said that, the code that actually does the check for offline mode is in includes/menu.inc. The relevant function is pasted here.

<?php
function _menu_site_is_offline() {
  // Check if site is set to off-line mode
  if (variable_get('site_offline', 0)) {
    // Check if the user has administration privileges
    if (!user_access('administer site configuration')) {

I would create a new permission in a custom module.

<?php
function custom_perm() {
  return array('bypass maint');
}

Then change the menu.inc code to include a check for the new permission like so:

<?php
function _menu_site_is_offline() {
  // Check if site is set to off-line mode
  if (variable_get('site_offline', 0)) {
    // Check if the user has administration privileges
    if (!user_access('administer site configuration') || !user_access('bypass maint')) {

Then enable the new module, assign the 'bypass maint permission' to the appropriate role/roles and they will be able to use the site as normal while it is in maintenance mode. Oh yeah, and if the site blows up on you... see the first line of this post.

StevenSokulski’s picture

StevenSokulski commented

Inline with the above post I must beg the question why? Perhaps if you explain what it is you are looking to do with this we could propose a better, safer solution. You will inevitably need the Maintenance system at some point and will likely wish you hadn't cannibalized it for another purpose somewhere down the road.

l8a’s picture

l8a commented

Thanks for your answers!

"Why?" - Simple Answer.
When I (as admin) have bigger chances to do on my site - I set it into maintenance.
When I`m finished with it I will set the page back to 'online'.
But between this two steps I e.g. like to show somebody special the changes, without giving him admin access and without setting the page back to 'online' for the masses.
So my idea was to just add an account 'guest' for example - allowing to bypass the maintenance for that user - and just give the 'special person' the user pass of the 'guest' account.

jastraat’s picture

jastraat commented

Instead of writing a separate module, what about not using maintenance mode, and instead, temporarily remove the 'access content' permission for anonymous users? (putting up an appropriate page for the access denied error page)

------------------------------
http://fraggles.artsci.wustl.edu (Drupal user documentation and development blog)

otosi’s picture

otosi commented

It would be nice for times when one person is working on content, and the admin is working on CSS or layout, but the site is not yet open to the public. That's why there should be a way to allow a "soft" maintenance mode vs. a "hard" maintenance mode. Soft would allow a permitted user to work on content and see the site at the same time the Admin sees it. "Hard" would be used for upgrading, etc.

I like your Alternate Solution jastraa, but unfortunately, I don't think it works.

Drupal serves the 403 and 404 pages. If the permissions are set to deny anonymous users access, they won't see a custom 403 and 404. I tested this idea. Don't know if this is possible, but it would be really handy.

O

durum’s picture

durum commented

Works by me and its enough.

zmove’s picture

zmove commented

The alternate solution you mention is not that good. I tried it on a website, and it don't remove access to all the website.

Exemple, users still have access to page generated with views, and probably with others modules, I didn't make an exhaustive list.

So it's very annoying to have to edit all your views to remove access to user roles you want to temporary block. That's why a "bypass maintenance page" permission is, IMHO, the best solution to implement.

This should be in core.

durum’s picture

durum commented

zmove, does

access all views

in ACL not work? Of course you should also disable all other modules in ACL and some blocks in block settings pages.

l8a’s picture

l8a commented

After trying out several methods and modules - I found the module "Token authentication" - it enable users to join (and bypass maintenance mode) by adding ?token=some_secret_token .

(You can specify which pages are accept ?token auth - so you can forbid to admin/ etc. ).

imrook’s picture

imrook commented

Oaky, so this thread has been used to demonstrate yet again how Drupal provides many ways to solve a problem. What it hasn't covered yet is best practices. Maintenance mode is a convenient way to inform users while maintaining a low load on your server while maintenance is performed. It should NOT be used for making changes to a live site. Drupal provides many mechanisms to avoid testing on a live site. High on this list is it's multisite capability. You can easily run two sites from a single code base and even share some tables between the two if needed. You can create a second site where only your "special" users can log in and test out cool new features. When they are ready for prime time that's when you use maintenance mode! Take the site down for a minute, copy the modules or themes or whatever over to the production site then turn maintenance mode off. No need to hack the core or create special bypass tokens that can be easily sniffed anyhow. It might be okay for you to turn this particular website off when you need to, but sooner or later you'll (hopefully) be running a site that you can't. Won't it be great to be able to say "no problem, I can demo those modifications to the customer?"

hedac’s picture

hedac commented

An option is....
copy all the database to an alternative database. and copy all the files to a subfolder....
change the settings.php base_url to use the subfolder as base path.
Delete all users in that copy of the site.. and enable only the ones you want with access.
When all changes are done in the copy site... copy back the database (except users tables) and copy files back... (except setings.php)
not the ideal thing to do.. but is an option... and i have not done it yet... just thinking... would be possible?

selinav’s picture

selinav commented

I'm interested with your solution, but I don't well understand how to do for a site with a only one domain name.

My site isn't finish and I want to show the modification to my customer.

How process to display an other version of the site to my customer.

imrook’s picture

imrook commented

Drupal's multisite is mostly geared toward toward running sites on different domains, but it can be done on a single domain as well. I usually do this by moving Drupal one level down from the document root and then creating symlinks at the top level. So the document root directory structure might look like this:

drupal/
site1 -> drupal/
site2 -> drupal

Then in sites/ I would have the following config files:

default/settings.php
domainname.site1/settings.php
domainname.site2/settings.php

If you're Drupal is installed in the document root, you'll have to do a bit of extra work on your webserver configuration. Options include:

  • Have apache (or other webserver) listen on multiple ports and use the nonstandard port configuration from Drupal's settings.php
  • Create a symlink inside your Drupal root directory to itself. Then add the appropriate directory config file in sites/ (ie.e domainname.symlinkname/settings.php) Note: this creates a loop on the filesystem and can have bad side effects.
  • More complex options involve setting up name based virtual hosting and using mod_rewrite and mod_proxy to redirect certain requests to the alternate hostname on the server itself.

You're likely to fumble around a bit while setting up your first multi-site install. I recommend doing it on a non-production machine until you are comfortable doing it. An easy way to check if the configuration is ready to handle multi-site is to modify the settings.php to change the site name for your test site and keep the rest of the config the same. That way, when you see the page load with a different site name, you know multi-site is working. Good luck!