Download & Extend
Dash Media Player » Issues

Access all Views - Need to disable this, but player won't work without it?

Posted by Sansui on May 5, 2009 at 5:14pm
Project:Dash Media Player
Version:6.x-1.5
Component:Documentation
Category:support request
Priority:normal
Assigned:Unassigned
Status:reviewed & tested by the community

Issue Summary

I would like my anonymous viewers to be able to see the video playlists on display, but I've also noticed in the documentation that "Access All Views" is required apparently. Is this absolutely a must? We have a number of sensitive views that should not be accessible to anonymous users (case tracking for webforms, for example), so we can't leave this permission checked for them.

We really like Dash player, and we were hoping to use it on client sites soon, but this issue is pretty much a deal breaker if it can't be used without "access all views" for anon :(

Login or register to post comments

Comments

#1

Posted by Sansui on May 5, 2009 at 5:34pm

Looking at the module

<?php
  // Check access
  if (!views_access($view)) {
    return services_error('You do not have access to this view.');
  }
?>

I can see this is where the check fails without access all views. Is this because of the services module? I see a thread here with an issue regarding services and and views_access() - http://drupal.org/node/318274

I changed it to the below, and it seems to work fine for anonymous - my video view has unrestricted access, and I've removed access all views. Travist, can you verify if this is appropriate?

<?php

  // Check access
  if (!$view->access('default')) {
    return services_error('You do not have access to this view.');
  }
?>

#2

Posted by Sansui on May 5, 2009 at 5:37pm
Status:active» needs review

#3

Posted by spatz4000 on May 5, 2009 at 5:53pm
Status:needs review» active

There is no patch.

#4

Posted by jriedel on May 13, 2009 at 2:06pm

Patch file or not, what file are you changing in what module, Dash Player or Services?

I have two different sites I can try this on quickly and let you know if it does work. Right now I'm doing some silly things to "hide" some views from people. Getting rid of the sillyness would help me greatly.

#5

Posted by Sansui on May 13, 2009 at 3:04pm

oh hah, forgot about this issue

It's in dashplayer.module, line 186

#6

Posted by jriedel on May 14, 2009 at 9:35am
Status:active» reviewed & tested by the community

Thanks.

I just made the change on a site running Dashplayer 1.5 and another running 1.4. Turned off the access all views permission and everthing works just fine.

#7

Posted by travist on May 14, 2009 at 12:49pm

Great information everyone! I will make this change as soon as possible.

Thanks,

Travis.

#8

Posted by design.er on July 31, 2009 at 12:23pm

It would be great if this change could go into the next release of the Dash Media Player to improve the security.

Thanks a lot, Travis. You rock! :)