Just adding the issue, since I found this elsewhere on the site, and it really should be indexed here under issues... I need this functionality sooner than later...

http://drupal.org/node/151169

mkalbere - June 12, 2007 - 10:24

Tokenauth is a great module, (http://drupal.org/node/150180) thanks to moshe for publishing.
It allow to access content (like rss feed) respecting permissions. I integrate it to my differents feeds but had to modify some files to make it work correctly.

I don't know the status of the module, but some features are missing:

a) a simple function to get the current token
---------------------------------------------------------
function getToken(){
global $user;
if (!$user->uid) return "";
$token = db_result(db_query("SELECT tt.token FROM {tokenauth_tokens} tt WHERE tt.uid = %d", $user->uid));
if ($token)
return "token=$token";
}

b) a simple function to rewrite the url relativelely to the $_REQUEST['token']
---------------------------------------------------------
function getTokenLink($link){
$token=(isset($_REQUEST['token'])?"?token=".$_REQUEST['token']:"");
if (preg_match("/#/",$link))
$link=preg_replace("/#/",$token."#",$link);
else
$link.=$token;
return $link;
}

c) The feed authorisation work to get the list but not to view it so hacking common.inc
---------------------------------------------------------
function format_rss_channel($title, $link, $description, $items, $language = 'en', $args = array()) {
// arbitrary elements may be added using the $args associative array

$output = "\n";
$output .= ' '. check_plain($title)." \n";
$output .= ' '. getTokenLink(check_url($link))."\n";

and

function format_rss_item($title, $link, $description, $args = array()) {
$output = "\n";
$output .= ' '. check_plain($title) ."\n";
$output .= ' '. getTokenLink(check_url($link))."\n";

Hope it could help somebody ... or could be cleanly integrate to drupal ... I dont know if it is possible to override format_rss_item without modifing common.inc ...
Marc

Comments

sethcohn’s picture

sethcohn commented

While not a perfect solution (see note below), I've borrowed a bit of the above, to solve some of this via a purely themed function:

function [Themename]_feed_icon($url) {
  global $user;
  if ($image = theme('image', 'misc/feed.png', t('Syndicate content'), t('Syndicate content'))) {
  	$token = db_result(db_query("SELECT tt.token FROM {tokenauth_tokens} tt WHERE tt.uid = %d", $user->uid));
    	if ($token) { $oldurl = $url; $url .= "?token=$token"; }
    	drupal_add_link(array('rel' => 'alternate',
                          'type' => 'application/rss+xml',
                          'title' => "private feed for $user->name ($oldurl)",
                          'href' => $url));
 
    return '<a href="'. check_url($url) . '" class="feed-icon">'. $image. '</a>';
  }
}

The drupal_add_link is to deal with the problem that common.inc's drupal_add_feed [ http://api.drupal.org/api/function/drupal_add_feed/5 ] contains code which autoadds the non-tokenized url to the top of the page in the head section, for use by browsers/etc looking for feed info. By adding a second (correct) feed to the top of the page, while a bit ugly, no core module hacking is required. Removal of the older feed from the head is left to the reader as an exercise. Post your patch if you do.

moshe weitzman’s picture

moshe weitzman commented

thnaks ... FYI, i got better link rewriting into drupal 6 using custom_url_rewrite_outbound() so we won't need dirty hacks anymore. just minor, approved hacks.

sethcohn’s picture

sethcohn commented

Good place to add this...

The site required letting anonymous access stay open, but through some theme, limiting content to only certain pages, and forcing a redirect for all other pages.
The only problem was that then left RSS feeds still wide open (as part of 'access content'), broadcasting node content that wasn't otherwise readable.

The following code put into a new module fixed the problem, in a graceful manner.

function rss_private_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL)
{
    switch($op)
    {
        case 'rss item':
		if (($user->uid == 0) && (!$_SESSION['tokenauth_auth'])) {
                 	$node->title = 'Private Content';
                	$node->teaser = 'This site requires you that you login.';
		}
        break;
    }
}
moshe weitzman’s picture

moshe weitzman commented
Status: Active » Postponed (maintainer needs more info)

I added #1. Not so sure about the other two. I think they will live on here as documentation for those who want it.

moshe weitzman’s picture

moshe weitzman commented
Status: Postponed (maintainer needs more info) » Fixed
Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.