Closed (won't fix)
Project:
Administration menu
Version:
6.x-1.3
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
20 Jan 2009 at 16:57 UTC
Updated:
14 Apr 2010 at 23:10 UTC
hi!
though my role "editor" has no permission for creating, editing or deleting new page content the item "content management->create content->page" is shown in the menu.
also there is shown "user management" and "site building" in the admin menu allthough the user has no rights.
why is that and how could i get these items out of the menu?
is there any way to decide which items should be shown and which should be hidden for different users?
thanx!!!
-----
Browsaers: IE7, Firefox 3
Comments
Comment #1
headkit commentedno one?
:-(
Comment #2
justageek commentedI have the exact same problem and was going to post a bug, I have upgrade to 6.1.3 and it does same thing, cleared cache, wiped and rebuilt menus, etc.
Comment #3
gaia commentedsame problem here with drupal 6.9 and admin menu 6.1.3
Comment #4
s.daniel commentedRegarding the edit/delete/create content:
headkit I told you why you are seeing this behaivor and others have done so as well. http://www.drupalcenter.de/node/15801
As I said: If you give a user the right to "administer nodes" than this also means that user is allowed to create/delete/edit content - any kind of content!
I told you how to get around the limitation...
Regarding Admin menu:
As far I know there are thoughts about making admin menu more customizable but in first place the module is focused towards administrators.
If you want a custom solutions for your users there are hints on how to do this on the modules page: http://drupal.org/project/admin_menu
Comment #5
tfranz commentedI have the same "problem" but with the story-node (Drupal-Version 6.9 german).
If i activate the permission to "administer nodes", the editor can add a story although i didn't activate "create story". It seems "administer ..." overrides "don't create ...".
Makes sense – maybe only at the second view ...
The only "problem" is: you have to directly load the page you want to edit, but you have not a (administer) list where you can click on "edit".
As s.Daniel wrote: you have to build your own list with views, if you want to have a list.
(I wouldn't set this thread to a "critical bug report" ... ;-)
Comment #6
s.daniel commentedJus in case someone stumbles across this issue with the same question:
Take a look at http://drupal.org/project/views_bulk_operations - install it along with views and create your own customizable administer nodes list in 5 minutes with configurable permissions.
Comment #7
headkit commentedstill hoping for a change-of-concept...
Comment #8
justageek commentedI did this, but I cannot get admin module to use my url to my custom content list, I have even gone into Site Building -> Menus and edited the Navigation menu, found the 'List all content' entry, and changed the url to my custom url. I wiped and rebuilt the menu, I cleared all cached content. Admin menu still points to the default admin/content/node/overview
Comment #9
sunComment #10
headkit commentedintersting?
http://drupal.org/node/296693
Comment #11
headkit commentedfor now i solved the problem by installing the module Views Bulk Operations and hacking the admin_menu.module, adding a link to the selfmade content admin link via views (selfmade by the module Views Bulk Operations, which brings this as a preset)by changing the function admin_menu_admin_menu() in the file admin_menu.inc from line 126, adding:
Comment #12
sunThe second issue/question is clearly a duplicate of #296693: Restrict access to empty top level administration pages.
Is the first still an issue (Content management -> Create content -> Page shown without user having permission) with the latest development snapshot? I cannot replicate this issue on any of my sites.
This will be the last fix/change for the 6.x-1.x series. Thus, I'd like to close this issue as soon as possible.
Comment #13
sunMaybe I did not make my point clear. To resolve this issue (not the Drupal core issue), I need each and every information you can provide, because I cannot replicate this bug.
If no debugging information is provided within the next 3-5 days, I will mark this issue won't fix.
Comment #14
sunComment #15
horse80 commentedI know it is a bit too late, but can i have a little more explicit information on what information shall i provide to you? Status reports? The whole database, and the files? Is there any tool with which i can let Drupal create these infos?
Comment #16
horse80 commentedOk, to provide some information, i created a new site with a brand new drupal installation of 6.13. I wanted this to be as simple and as close to the defaults as possible, so i barely changed anything, didn't install a different language or any other profile, though I did some changes of course:
* admin/user/settings: at 'User registration settings' i set 'Public registrations:' to 'Only site administrators can create new user accounts.'
* created a user, set username, password and e-mail, but nothing else here.
* admin/user/permissions: added the following permissions to authenticated user
create page content
delete any page content
delete own page content
edit any page content
edit own page content
* logged in as the created user and found that user could create a Page content
* switched back to admin again (i used different browsers for admin and user, so from here there weren't any login or logout)
* admin/user/permissions: added the following permissions to authenticated user
create story content
delete any story content
delete own story content
edit any story content
edit own story content
* switched to user and found that i could create a story or a page (one at the time, of course) :)
* now, i installed module cck 2.4 (i did 'tar xvzf cck-6.x-2.4.tar.gz' in /sites/all/modules/), and turned on all cck modules (meanwhile switched to admin again, of course) (ok, maybe this wasn't an important move, going to check it)
* admin/user/permissions: now i _revoked_ (or unchecked, and yes, i clicked "Save permissions") the following permissions from authenticated user:
create story content
delete any story content
delete own story content
edit any story content
edit own story content
* switched to user, and found that i could still create a story! Yes, double checked, clicked to 'My account' first and then back to 'Create content', and then i saw 2 options: Page and Story.
So i think, i could recreate the problem.
Comment #17
horse80 commentedForget it! Cck is not responsible.
I tried the previous test again, but doing it even more simple way:
* setup the whole thing again from scratch, dropped all tables, cleared the sites directory, reinstalled drupal, set only database name, dbuser and password, set site name, site e-mail, admin, admin password, admin e-mail.
* created a user again (set user name, password and e-mail)
* admin/user/permissions: added the followings to 'authenticated user' group:
administer nodes (i think i added this as well in my previous effort, just didn't recognise that it is not set by default, thus forgot to mention)
create page content
create story content
* logged in as user, found Page and Story under 'Create content'
* admin/user/permissions: revoked the following from 'authenticated user' group:
create story content
* switched to user, found Page and Story under 'Create content'
Ok, from this i played for a while with the mentioned permissions and found that if 'administer nodes' was granted, user could create Page and Story, regardless wether 'create page content' or 'create story content' was granted or not.
So i think this is the problem.
Comment #18
mattgilbert commentedsubscribing. would love to see either:
- 'administer nodes' and 'create page content' permissions both needed to see Create Content > Page link in admin menu
or
- ability to add a views-generated content list page to the admin menu.
might end up using the method in comment #11, though i'd love to see a way to do this without editing module code.