Drupal.org currently uses a hack so that anonymous users can not use the personal contact form. Some details can be found in #362143: Review existing core patches, port what is still required.

There should probably be a new permission so that this behavior can be configured.

CommentFileSizeAuthor
#11 371621.001.patch8.75 KBkarschsp
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

webchick’s picture

Issue tags: +Novice

This sounds like something that'd be pretty easy for a new contributor to do.

KarenS’s picture

I was just looking to see if there was an issue about this. I'll work on it if no one else does, but would be happy to see someone else do it.

Dave Reid’s picture

The 6.x contact module doesn't actually allow anonymous users to access the personal contact form by design. See #58224: Allow anonymous users access to a members personal contact form and _contact_user_tab_access():

/**
 * Determine if a user can access to the contact tab.
 */
function _contact_user_tab_access($account) {
  global $user;
  if (!isset($account->contact)) {
    $account->contact = FALSE;
  }
  return
    $account && $user->uid &&  // <--- User must be logged in and not anonymous
    (
      ($user->uid != $account->uid && $account->contact) ||
      user_access('administer users')
    );
}
David Strauss’s picture

This is a usability issue. If we don't show users what they're not getting when they're anonymous, they won't have incentive to sign on and use such functionality. Plus, it's confusing to users who have been signed on and suddenly see missing options.

Dave Reid’s picture

We can't really add a new permission, because if the anonymous user does not have the permission, then they will get an access denied message, right? I tested the current behavior on d.org: going to user/1/contact as an anonymous users just showed me Dries' profile page (like at user/1). Is this the intended behavior? Let me know, I'd like to help with this d.org upgrade patch.

alexanderpas’s picture

subscribing...

also, i think the user should be able to select who is able to contact him.
e.g.
Contact Settings:
- Hide Personal contact form
- Show Personal contact form to authenticated users only
- Show Personal contact form to everyone (only shows when site allows anonymous use of contact form.)

KarenS’s picture

There are definitely situations where this would be desirable -- I have staff contact information that I *want* anonymous users to see and I *want* anonymous users to be able to access their contact forms. At the same time I have other users whose contact forms should not be visible to anonymous users. Currently Drupal won't let me control that, it hides contact forms from all anonymous users.

We need to add a new permission, then alter the code above to use the permission, something like:

/**
* Determine if a user can access to the contact tab.
*/
function _contact_user_tab_access($account) {
  global $user;
  if (!isset($account->contact)) {
    $account->contact = FALSE;
  }
  return
   (user_access('access contact form') && // <--- User must have permission to view the contact form
      $user->uid != $account->uid  && $account->contact) ||  
      user_access('administer users');
}

But alexanderpas brings up a good point, there should maybe also be a way for the users to control this, so some change to the user edit form might be needed too, and that value should also be taken into account in the access formula.

alexanderpas’s picture

improved _contact_user_tab_access some more ;)

/**
* Determine if a user can access the personal contact form.
*/
function _contact_user_tab_access($account) {
  global $user;

  // user administrators have always access to the contact form.
  if (user_access('administer users')) {
    return true;
  }

  // never show the contact form when it is turned off
  if (!isset($account->contact)) {
    return false;
  }
  
  // the user himself has always access to his own contact form,
  // even if he is not allowed to acess the contact forms of other users.
  // unless he has turned his own contact form off.
  if ($user->uid == $account->uid) {
    return true;
  }

  // don't show form when you're not allowed to access it.
  // this does not count for the users own contact form.
  if (!user_access('access contact form')) {
    return false;
  }

  // Show the contact form, but only show to anonymous users
  // when the user has explicit selected to show it to them.
  if ((user_is_logged_in() && $account->contact) || $account->contact_public) {
    return true;
  }

  // for privacy, do not show contact form by default.
  return false;
}
David Strauss’s picture

@alexanderpas There are at least two syntax errors in your post. Please fix and roll a proper patch. :-)

alexanderpas’s picture

@#9
sorry, didn't have time... might do later...

karschsp’s picture

Status: Active » Needs work
FileSize
8.75 KB

Here's a rough first stab at a patch based largely on @#8. I do a lot of if ($user->uid != 0) , not really sure if that's the best approach.

Anyway, there's a new permission, 'access personal contact form' as well as a new option for authenticated users to choose whether or not they want anonymous users to have access. if an anonymous user goes to the contact page, assuming the correct permissions are set, they see textfields for "From" and "Email", however i'm using variable_get('site_mail'); as the actual from: address.

let me know if i'm on the right track.

thanks!
steve

Dave Reid’s picture

Status: Needs work » Closed (duplicate)

This issue is now officially duplicating the work done in #58224: Allow anonymous users access to a members personal contact form. Please merge your patch into that issue.

MakeOnlineShop’s picture

And Do you know how i could hide the "Contact settings" and the tickbox in users account when users click Edit to edit their account ?

Thanks.