Posted by tsavino on June 12, 2008 at 5:04pm
Jump to:
| Project: | IndexPage |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Issue Summary
I found this when a anonymous user come to the site the Operation at the bottom of the page showed Create ne content and it should not, don't know if it is a bug but this is what I did to fix it
$links['indexpage-create'] = array(
'title' => t('Create a new entry'),
'href' => 'node/add/'. $type,
'attributes' => array('title' => t('Create a new !type node.', array('!type' => $type))),
'query' => $dest,
);And changed it to this.
if (user_access('administer content types')) {
$links['indexpage-create'] = array(
'title' => t('Create a new entry'),
'href' => 'node/add/'. $type,
'attributes' => array('title' => t('Create a new !type node.', array('!type' => $type))),
'query' => $dest,
);
}Hope this helps...
Comments
#1
Fix committed to both branches.
I would not allow anonymous users to IndexPage, unless you are absolutely certain it doesn't compromise the security of your site.
#2
Automatically closed -- issue fixed for two weeks with no activity.
#3
I was still seeing the word 'Operations' even without proper perms.
So on line 287 of indexpage.module, I changed:
$output .= '<h3>'. t('Operations') .'</h3>';$dest = drupal_get_destination();
to
if (user_access("create $type") || user_access("create $type content")) {$output .= '<h3>'. t('Operations') .'</h3>';
}
$dest = drupal_get_destination();
Seems to be working.