Forum access privilege [#298510]

Hello,
i needed to create a private forum on public page and to my surprise Drupal doesn't have a possibility to restrict access to forum... I don't know why it is that way but to me it should be fixed (not by module but in core - we have controll over access to nodes, comments, menus etc. so why not over forum?!)

Patch is trivial so i hope it will be accepted. Perhaps it should be ported to -dev and 6.xx.

This is my first contribution to Drupal so have mercy... ;)

Comment	File	Size	Author
#3	forum-2.patch	1.21 KB	lordzik
	forum.patch	839 bytes	lordzik

Comments

Comment #1

lordzik commented 22 August 2008 at 10:05

I'm digging deeper and deeper into Drupal's forum module and i can't believe that things are made the way they are made now. Each page added to Drupal is a 'node'. That's ok. But why the hell each 1st new topic added to forum has type 'node' too???! How can i distinguish pages and forum posts?? As i said, i have to make forum private. With a patch i proposed i can make cointainers and forums private but i can't do the same with forum topics and posts! Oh, i can do this with posts as they are type... 'comment'! But what about the topics? Why forum topics are type 'node' and not eg. 'topic'?? If anyone can access my page and i restrict access to forums then still anyone can view forum topics by guessing their node number (trying node/1 node/2 node/xxx in browser's address bar).

What should i do? Any advice is appreciated.

Comment #2

naheemsays commented 22 August 2008 at 10:41

Have you looked at the contrib forum_access module? I think it should match your needs. It also allows having some forums as private, but not others, while the attached patch seems to be the sledgehammer approach - all or nothing.

As for new features, they go into the development branch first and then may be considered to be backported if the branch maintainer thinks it is important enough.

Comment #3

lordzik commented 22 August 2008 at 12:09

Status	File	Size
new	forum-2.patch	1.21 KB

Got it! I should understand the code i'm trying to fix before i complain...

Fixed patch is attached.

--- modules/node/node.module.old 2008-08-22 13:35:47.000000000 +0200
+++ modules/node/node.module 2008-08-22 13:36:51.000000000 +0200
@@ -2754,6 +2754,10 @@ function node_access($op, $node = NULL)
return FALSE;
}

+ if ($op == 'view' && $node->type == 'forum' && !user_access('access forum')) {
+ return FALSE;
+ }
+
if (user_access('administer nodes')) {
return TRUE;
}
--- modules/forum/forum.module.old 2008-08-22 13:38:53.000000000 +0200
+++ modules/forum/forum.module 2008-08-22 13:33:03.000000000 +0200
@@ -38,7 +38,7 @@ function forum_menu($may_cache) {
$items[] = array('path' => 'forum',
'title' => t('Forums'),
'callback' => 'forum_page',
- 'access' => user_access('access content'),
+ 'access' => user_access('access forum'),
'type' => MENU_SUGGESTED_ITEM);
$items[] = array('path' => 'admin/content/forum',
'title' => t('Forums'),
@@ -128,7 +128,7 @@ function forum_access($op, $node) {
* Implementation of hook_perm().
*/
function forum_perm() {
- return array('create forum topics', 'edit own forum topics', 'administer forums');
+ return array('access forum', 'create forum topics', 'edit own forum topics', 'administer forums');
}

/**

As for the advice about the module - thank you but i don't want to have 1000 modules that add essential things to Drupal - as in this case. If forum module is a part of Drupal then it really should have at lease simple access controll... I hope someone will apply this to development branch and backport to 5.xx.

Best regards!