Home » Forum » General » News and announcements

Restrict your Drupal site with PathAccess module

budda - August 31, 2005 - 15:39

I've put together a proof of concept module to allow administrators of Drupal sites to restrict access to ANY pages of their site, wether there is sufficient access control options or not.

Configuration works in much the same way as the block visibility settings, using Drupal paths and wildcards.
If a match is made then the user is greeted with a 403 Access Denied page.

You can download the module and brief documentation from http://www.ixis.co.uk/drupal-modules/path-access.

It has not been used on any live sites yet and I'd very much like to hear feedback about any problems and/or suggestions for improvements.

» Login or register to post comments

Hmmm...

Boris Mann - August 31, 2005 - 17:41

Sounds very interesting. I'm trying to see how this would protect nodes that are visible in other contexts -- e.g. tracker, taxonomy listings, etc.

Login or register to post comments

If you include the path

budda - September 1, 2005 - 12:57

If you include the path taxonomy/term/* is would block all taxonomy pages from certain role groups. Or if you used pathauto to produce urls such as news/[title] then a path of news/* would block access to all nodes who have a path alias of news/*

Best to have a play and see.

--
www.gadgetspy.co.uk | www.bargainspy.co.uk

Login or register to post comments

Does it block RSS?

Shane Birley - September 1, 2005 - 20:27

I am going to run a few tests on site I am developing. It would assume it would block a feed as well as the content on the site.

-
Shane Birley
Vicious Bunny Creative
http://www.vbcreative.com

Login or register to post comments

Blocking RSS feed links

budda - September 5, 2005 - 12:27

Yeah you can block the actual feed - but it wouldn't be much use?
External RSS readers/aggregators would need to login to access the RSS xml, and you can't do that from a non web interface - as far as I know.

For reference: You'd block the RSS by setting anonymous users to have access to all pages except 'rss-*'. Anonymous users would then get the 403 page.

--
www.gadgetspy.co.uk | www.bargainspy.co.uk

Login or register to post comments

No, I understand that

Boris Mann - September 2, 2005 - 16:45

I understand how paths can be used to block access to *pages*. But, it doesn't sound as if it protects the underlying nodes. i.e., if I block taxonomy/term/18, and then there is a node with a term 18 on the front page, it would still display.

Certainly useful in certain concepts, but not true node-level security.

Login or register to post comments

missing download

micha_1977 - September 1, 2005 - 07:09

there is no download link on http://www.ixis.co.uk/drupal-modules/path-access

-micha
work in progress with Drupal 4.6: langmi.de

Login or register to post comments

Permissions amended for

budda - September 1, 2005 - 12:54

Permissions amended for anonymous users. Sorry! :)

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.