Home » Download » Modules » Dash Media Player » Issues

Access all Views - Need to disable this, but player won't work without it?

Sansui - May 5, 2009 - 17:14
Project:Dash Media Player
Version:6.x-1.5
Component:Documentation
Category:support request
Priority:normal
Assigned:Unassigned
Status:reviewed & tested by the community
Description

I would like my anonymous viewers to be able to see the video playlists on display, but I've also noticed in the documentation that "Access All Views" is required apparently. Is this absolutely a must? We have a number of sensitive views that should not be accessible to anonymous users (case tracking for webforms, for example), so we can't leave this permission checked for them.

We really like Dash player, and we were hoping to use it on client sites soon, but this issue is pretty much a deal breaker if it can't be used without "access all views" for anon :(

» Login or register to post comments

#1

Sansui - May 5, 2009 - 17:34

Looking at the module

<?php
  // Check access
  if (!views_access($view)) {
    return services_error('You do not have access to this view.');
  }
?>

I can see this is where the check fails without access all views. Is this because of the services module? I see a thread here with an issue regarding services and and views_access() - http://drupal.org/node/318274

I changed it to the below, and it seems to work fine for anonymous - my video view has unrestricted access, and I've removed access all views. Travist, can you verify if this is appropriate?

<?php

  // Check access
  if (!$view->access('default')) {
    return services_error('You do not have access to this view.');
  }
?>

Login or register to post comments

#2

Sansui - May 5, 2009 - 17:37
Status:active» needs review
Login or register to post comments

#3

spatz4000 - May 5, 2009 - 17:53
Status:needs review» active

There is no patch.

Login or register to post comments

#4

jriedel - May 13, 2009 - 14:06

Patch file or not, what file are you changing in what module, Dash Player or Services?

I have two different sites I can try this on quickly and let you know if it does work. Right now I'm doing some silly things to "hide" some views from people. Getting rid of the sillyness would help me greatly.

Login or register to post comments

#5

Sansui - May 13, 2009 - 15:04

oh hah, forgot about this issue

It's in dashplayer.module, line 186

Login or register to post comments

#6

jriedel - May 14, 2009 - 09:35
Status:active» reviewed & tested by the community

Thanks.

I just made the change on a site running Dashplayer 1.5 and another running 1.4. Turned off the access all views permission and everthing works just fine.

Login or register to post comments

#7

travist - May 14, 2009 - 12:49

Great information everyone! I will make this change as soon as possible.

Thanks,

Travis.

Login or register to post comments

#8

design.er - July 31, 2009 - 12:23

It would be great if this change could go into the next release of the Dash Media Player to improve the security.

Thanks a lot, Travis. You rock! :)

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.