Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hi,
currently, when you are trying to get to a forum for which you have no viewing permissions, you'll get a "Page not found" when entering the URL directly. I feel like that should rather be an "Access denied", however.
This request is not only for the sake of cleanliness (although of course it would be cleaner, too); I actually bumped into this with a very practical problem. On our website there's a forum for which we only allow administrators' access, but still want to provide RSS functionality to the admins. The "HTTP authentication" comes in handy, but this one only kicks in when a page is actuallly "Access denied".
Opinions?
Cheers,
Nico
Comments
Comment #1
salvisFA is working as designed in this respect, so I won't take this as a bug report. However, I appreciate your reasoning.
What type of URL are we talking about?
Comment #2
nschloe commentedsorry, don't get that. url type?
Comment #3
salvisIt seem like you're talking about a feed per forum. What's the url of one such feed? I don't do RSS, so you'll have to help me find my way. What makes you think that FA could control that url?
Comment #4
nschloe commentedah, i see. the url would be /taxonomy/term/1/0/feed which i admit doesn't seem to have anything to do with FA, but as soon as i turn on this module i have no access to the feed anymore (which is good).
Comment #5
salvisNo, FA can't do anything about that. Access control works through the db_rewrite_sql() function which modifies queries in such a way that nodes, terms, users, etc. that aren't accessible to the current user are not retrieved from the database. Thus the calling code need not (and typically does not) distinguish between inexistent and inaccessible NIDs, TIDs, UIDs, etc.
The calling code would have to run the same query twice, once with db_rewrite_sql() and once without, and then sort out which is which, at the cost of performance loss, and taxonomy.module (which is most likely behind taxonomy/term/1/0/feed) doesn't do that.
You can either write your own module and duplicate/specialize that part of taxonomy module (at a different url), or you can use the SecureSite or the HTTP Authentication module to provide authentication for your feeds. Both of these can do what you want.