By Lcribb on

My site's authorisation for non-registered users is set so that they cannot add content (e.g. Blogs). The message that is displayed is "You are not authorized to access this page. " - I would like to change that to something else - can anyone tell me where that message is sourced from?

Thanks

Lev

Comments

madivad’s picture

madivad commented

edit at your own risk, I just tried this on my test server and it worked without a hitch, but I don't know how well it would generally be received.

I've been researching since I read this topic and found the 'best' way is to do it utilising whats referred to as a portable language template file (.pot). But everywhere I read is for creating new languages, not customising existing ones.

There have been multiple posts on this type of thing with some positive results, and others without response, but since I found yours, here is the solution.

Open the common.inc file in your includes directory using a friendly editor (if you're using windows, dont use notepad, use write or wordpad). Do a search for the word authorized and it should be the second hit.

Modify, save (after having backed up the old file first) and upload back to the includes directory and you have your desired result.

There should be an alternative way of doing this without actually editing the files, such as using these .pot files (or .po for non-templates) but nowhere actually explains how to do it for alternative english languages, such as British or Australian english as opposed to the US hack of the language [/tongue in cheek]

Have fun.

andre75’s picture

andre75 commented

Just add a page (node/add/page) that says whatever you want it to say. Remember the url of this page and put it in your .htaccess as a custom error page (just like the 404 defined already, i believe the error code is 403).
Try it out on http://www.opentravelinfo.com/files (access to files is restricted to everyone ;-)

Andre

-------------------------------------------------
http://www.opentravelinfo.com
http://www.aguntherphotography.com

madivad’s picture

madivad commented

...That is perfect! I never thought of that. But one better yet, you dont need to edit the .htaccess file, you can do it all from inside the administrator settings.

Log in to the administrator/settings page and it will allow you to identify the node/{insert#} that you want for each 403 and 404 error.

This doesnt help changing language preferences for other strings and if you have an answer to that one, many MANY people would be happy.

Thanks again, I am now in the process of designing my own denied and unauthorised pages ;^)

andre75’s picture

andre75 commented

Log in to the administrator/settings page and it will allow you to identify the node/{insert#} that you want for each 403 and 404 error.

Strangely that did not work for me, but I didn't bother looking for a reason, I simply did the .htaccess thingy.

I haven't played around with language packs yet, but I assume that you should be able to change any text string when you have the Internationalization (locale) module do the trick.
You could for instance have a php 403 file that recognizes language settings and blurps out a different string, but that is too much work for me ;-)
If your site only runs two languages you may get by by having a dual language 403 file.
Or you could bounce the user to the create login page via .htaccess. Unfortunately there is no way to distinguish between general 403 (files directory) and role permissions (create book page).

Andre

-------------------------------------------------
http://www.opentravelinfo.com
http://www.aguntherphotography.com

andre75’s picture

andre75 commented

.htaccess gives you even more options ;-)

100 Continue
101 Switching Protocols
200 OK
201 Created
202 Accepted
203 Non-Authoritative Information
204 No Content
205 Reset Content
206 Partial Content
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
303 See Other
304 Not Modified
305 Use Proxy
400 Bad Request
401 Authorization Required
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Time-Out
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URL Too Large
415 Unsupported Media Type
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Out of Resources
504 Gateway Time-Out
505 HTTP Version not supported

-------------------------------------------------
http://www.opentravelinfo.com
http://www.aguntherphotography.com

madivad’s picture

madivad commented

It's been a while since I've edited the .htaccess manually. How do you have it integrate gracefully with drupal?

For example, could you just give me a sample line of your .htaccess file for any of those pages?

Thanks

andre75’s picture

andre75 commented 
ErrorDocument 403 access_denied

access_denied is the path to the page I have created.
If it doesn't work specify the full url
-------------------------------------------------
http://www.opentravelinfo.com
http://www.aguntherphotography.com

madivad’s picture

madivad commented

I have to assume access_denied is a custom page created outside of drupal. I was expecting to see something like:
ErrorDocument 403 node/37
Not to worry, I've got the idea, I'll start experimenting. Thanks

andre75’s picture

andre75 commented

I have a path alias for the node. It is a drupal page, you are right.
You could use a html file too, but I prefer to run it through drupal so it uses the same theme and the navigation bars are there and and and ...

-------------------------------------------------
http://www.opentravelinfo.com
http://www.aguntherphotography.com

vthirteen’s picture

vthirteen commented

i have set a node to be displayed as a 403 (forbidden) page and it works ok (i mean, if i try to open a non existant node, that page is displayed).

i want this page to be displayed when an non authorized user tries to publish a story. but this is not what drupal displays in this case.

that is, instead of the 403 page, a simple message is displayed (" You are not authorized to access this page.") in the "create content" page (?q=node/add).

how can i modify that?

crolex’s picture

crolex commented

It seems to me that:

1) allowing unauthorized users to read content but not create it would be a commonly used configuration and...
2) this looks like a bug: all other pages honor the 403 setting in the admin page but node/add does not.

Any update?

cmsproducer’s picture

cmsproducer commented

In Drupal admin->settings, you can select a custom page for 403 and 404 errors (ofcourse create tha pages in advance and remember the node IDs) If you enter those page paths in the provided space, it should work like a charm. I have it setup like that 4.66 and it has always worked for me.

Make sure that you do not have the wrong syntax for the path of the 403 error page... cause it's not meant to return a page-not-found error, but rather a permission-denied error.

Please clarify.

I do not see the need to put t his in .htaccess cause the more you tweak out-of-drupal settings, the more you have to remember and re-tweak when you upgrade (I once spent hours fighting with my perl settings having forgotten that I blocked *.pl in my .htaccess).

Keep notes of your changes in all cases

-----
iDonny - Web CMS Development, Design, and Web Marketing Advice

crolex’s picture

crolex commented

Yes, I have the 403 and 404 paths setup in the admin page and, as mentioned above, they work for everything but access to "node/add".

Note that in the user roles page the "Create story" and "Create page" fields are un-checked for anonymous users. This results in unauthorized users clicking the "Create content" menu button and getting a fully themed page (menu, header, footer, etc.) but the node renders as "You are not authorized..."

Perhaps this is a 4.6 issue that has been fixed since.
---
Update: for what its worth, I do believe this is a current bug after some investigation.

The node_add() in 4.6.5 does test for user access but just calls message_access() on failure. message_access() does not honor the 403 page setting variable. To fix this in Drupal 4.6.5, use the following patch to node.module:

%diff -u node.module~ node.module
--- node.module~        Thu Sep  8 23:14:24 2005
+++ node.module Tue Apr 11 14:14:11 2006
@@ -1429,7 +1429,8 @@
       $output = t('Choose the appropriate item from the list:') .'<ul>'. implode('', $item) .'</ul>';
     }
     else {
-      $output = message_access();
+      // $output = message_access();
+      $output = drupal_access_denied();
     }
   }

A look at Drupal-4.7.beta6 shows that it has changed but not for the better. It now doesn't call any external handler and instead writes a static string on line 1815:

      $output = t('You are not allowed to create content.');

I suspect that the same patch would work on 4.7 but haven't tried it yet.

Treesong’s picture

Treesong commented

I have 4.7, and I too am looking to change the error that says "You are not allowed to create content."

It's very odd that they just did a $output for it rather than actually handling it in some way that the admin can control without hacking code. But oh well... at least it's only one line of code to hack, I guess. I'll give it a try, but let me know if there are any better solutions out there.