Jump to:
| Project: | Knurl |
| Version: | 6.x-1.0 |
| Component: | Documentation |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
I have just added knurl to my site to replace something I had written myself for the old hand made version of my site, pre-drupal.
But when I created a link and sent it to somebody they got an access denied message.
I investigated and found that links only work if you are logged in to drupal, which to my mind defeats the purpose of this mod.
I dug around and found that in knurl.module, in the function knurl_menu, there are settings for access to the various parts of knurl, or rather, various paths that are handled by knurl. In there, the url/ path uses the user_access callback which, unsurprisingly, grants users access to that urls, so people who are not users get access denied.
I replaced the line:
'access callback' => 'user_access',
with:
'access callback' => TRUE,
disabled the module, re-enabled it and now if I am logged out I can still follow a known url and it will redirect.
I don't know if this needs to go in as a bug fix, or how to go about doing this, but I thought I would post it here just in case anybody else would find this small change useful. I did search for knurl issues but didn't see this, I apologies if this is a duplicate of anything or if I put this in the wrong place.
Cheers.
Comments
#1
Sorry to reply to myself.
My confusion above was caused by something else and I shouldn't have just side stepped the permissions system altogether.
Knurl gives three permissions, create, remove and access, but under the menu system, all parts of knurl are set to require access only, so in giving anonymous users access I found that they could create and remove links also, which is what led me to do the above.
Instead of that, I have amended the module file so the access arguments use the appropriate permissions for create and remove.
Now I can have registered users create and remove links while still allowing anonymous to list them and follow them (access).
Which is the better solution and a bug fix that perhaps should be committed back to CVS.
Cheers and sorry for the noise.
#2
Could you post the amendments?
#3
Subscribing, greetings, Martijn
#4
Sorry for the massive delay, I've been very busy recently.
Here is the output form a cvs diff on knurl.module:
Index: knurl.module===================================================================
RCS file: /cvs/drupal/contributions/modules/knurl/knurl.module,v
retrieving revision 1.1.2.1
diff -r1.1.2.1 knurl.module
46c46
< 'access arguments' => array('access knurl'),
---
> 'access arguments' => array('create knurl'),
Line 46 is in knurl_menu() and is part of the $items['knurl'] array. It's my understanding that it is connected to the permissions needed to Create a new URL short cut. The CVS version seems to suggest you need access permission, I changed that to require create permissions. I got the permissions argument string from the array defined in knurl_perm()
Of course, it's possible I have the wrong end of the stick here and have misunderstood something, so if this makes sense, but I'm wrong, let me know. If I'm right, and this is an oversight on the part of the developer, I hope this helps.
Martin...
#5
This is fixed in the latest release.
#6
Automatically closed -- issue fixed for 2 weeks with no activity.