Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This patch adds an extra permission 'access recent posts tracker' to the permissions system of drupal. Now, if people have 'access content' permission, they do _not_ automaticcally have access to the 'recent posts' tracker..
I would like to use the 'recent posts' or registered users on my sites only, and I'm quite tired of patching this with every release of drupal. I hope you guys agree with me, and help me get this small patch in.
Please review, comment or apply...
Comment | File | Size | Author |
---|---|---|---|
#14 | tracker.patch | 1.95 KB | v8powerage |
#1 | tracker-module-permission_0.patch | 1.75 KB | Stefan Nagtegaal |
tracker-module-permission.patch | 2.26 KB | Stefan Nagtegaal | |
Comments
Comment #1
Stefan Nagtegaal CreditAttribution: Stefan Nagtegaal commentedCvbge told there was a typo:
'Implementatino' => 'Implementation'..
Rerolled and ready for more reviews...
Comment #2
Stefan Nagtegaal CreditAttribution: Stefan Nagtegaal commentedSetting to 'patch (ready to be committed)', because I'm using and testing this patch since tracker.module is in core...
Works as advertised, so please apply if you think the functionality is missing in core..
Comment #3
Boris Mann CreditAttribution: Boris Mann commentedSorry, but I can't see the use of this. Why would you not want to give all users (and especially search engines) a view of all activity on the site?
Just seems like we are mushrooming permissions.
Comment #4
Dries CreditAttribution: Dries commentedI'm with Boris on this one.
Comment #5
intu.cz CreditAttribution: intu.cz commentedI have come across the same problem and used path_access to solve it (but uncovered a different problem: the 403 access denied page that came up was in the wrong language - English instead of Czech - and I haven't managed to find a tracker.module issue page to submit there).
Now to the point: there clearly is a need for this. Imagine a corporate site where the admin has switched off the submitted by Username on date text when displaying posts in the global settings for Themes. The reason is simple: there is no need to show who wrote what - it's corporate communication. So here goes a cheeky nosy person, writes http://website.com/tracker and all the secret is out. All the kinky usernames...
Another reason might be security: when you want to hide usernames (some of them might be "unpublic", to put it mildly), the tracker page throws them into the open. Hiding usernames might be good for people concerned with malicious login attempts. No visible usernames seems safer to me in certain places...
Well, just my opinion on the use for a feature like this... (BTW: where should I file an issue concerning the tracker.module?)
Comment #6
here CreditAttribution: here commentedIf any sort of permissions are enable on a site, the title+time+user is far too much information to be giving out to anonymous users who shouldn't even know that content exists. This is only an issue if one considers permissions based access to content important -- and an obvious and serious issue when one does.
See here for extended further discussion: http://drupal.org/node/28653
In my case, perhaps not directly applicable to this core patch, but the same problem -- taxonomy_access fails miserably here as well.
Pardon me for returning status to active -- scold as necessary.
Comment #7
LAsan CreditAttribution: LAsan commentedStefan Nagtegaal: Can this patch apply in cvs?
Moving to cvs.
Comment #8
Stefan Nagtegaal CreditAttribution: Stefan Nagtegaal commented@LAsan: Please read the issues before bumping things to new versions or any of that. Damned!
You are making drupal.org mailinglist quite busy these days, without any value you add.
If you *did* actually read this issue, you could have seen in #4 that Dries was against this change, so it could be marked as Wont fix.
Now, please stop this annoyance by going through issues without even reading/testing things and just bumping things from version to version and asking most stupid questions!!
Comment #9
fletchgqc CreditAttribution: fletchgqc commentedI feel this functionality would be genuinely useful. Stefan is it technically feasible to create a module for it?
Comment #10
Boris Mann CreditAttribution: Boris Mann commentedYou can do this today by turning off core "tracker" module, and using the Views version of "tracker / recent posts" instead. Modify the view to only allow access by the roles you want to be able to see it. Done.
Comment #11
fletchgqc CreditAttribution: fletchgqc commentedThanks, I'll give that a shot.
Comment #12
agerson CreditAttribution: agerson commentedI too would like this permission to be included as part of tracker core in a 6.x release. I would like a way to show designated content authors their posts, but not the average user of my site. I will have a look at the patch and the views options.
Comment #13
izmeez CreditAttribution: izmeez commentedIn Views the Tracker view is disabled by default. If you enable that view the permission can then be changed from the default of unrestricted to multiple by role or by permission. But when you do this, you are still using the core Tracker aren't you?
There are several other views that may also need similar attention if you are using Organic Groups. e.g. the "og" view and "group/tracker", and if enabled "popular/all"
The bottom line is to check the settings for all Views on the site. Otherwise, this can leave content exposed to the public that should be private.
I'm not sure how this should be handled by default to prevent the problem.
Thanks,
Izzy
Comment #14
v8powerage CreditAttribution: v8powerage commentedI made tracker permission patch for D6.