Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
After working on the second fully-fledged Drupal administration demonstration site I realized that Demo could provide a new sub-module that alters some bits of Drupal to make full-admin demos secure:
- .info: required = TRUE
- remove Block module's PHP permission
- remove PHP module
- disable locale's translation features
- make the HTML filter unremovable/unconfigurable
Comments
Comment #1
sunThese were (partially) the dirty hacks I applied:
However, just for reference - it doesn't need to be that dirty.
Comment #2
sunAlso, we want to disallow changes to demo settings and demo snapshots while the module is enabled. I fear that most of the logic would have to be triggered by a custom variable in settings.php.
Comment #3
meba CreditAttribution: meba commentedThis is exactly what I was thinking when using the module.
My idea: introduce a settings.php "password" to the secure module, allowing you access only if you type correct password - therefore even uid 1 won't be able to make snapshots and reload them
Comment #4
sunHey, that's not a bad idea. :)
Comment #5
meba CreditAttribution: meba commentedYes :-)
The only question is how to do that. Either make all admin forms two step, which might be a PIAS to code or introduce a _GET param to the form?
Third option might be to introduce something like update.php free access:
$demo_admin_free_access = TRUE/FALSE;
Comment #6
gaurav.kapoor CreditAttribution: gaurav.kapoor at OpenSense Labs commented