Download & Extend
SIOC » Issues

Make ?q=sioc/site accessible with "access content" permission

Posted by quanton81 on June 24, 2009 at 10:36am
Project:SIOC
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:needs review

Issue Summary

Hi,
I have installed the SIOC module on my site. Which generates some xml pages inside my site according to SIOC. The problem is that when I try to access them with an external script it gave me access denied. I searched on the permissions but this module has no permissions. I want to read those xml pages but with a anonymous user I can’t access. Any idea of how I can modify the permissions of these files or how can a gave permissions to my script to work with these pages.

Login or register to post comments

Comments

#1

Posted by scor on June 24, 2009 at 2:23pm

can you paste the paths which give you access denied? the module reuse the permissions from other core modules, this might help:

  $items['sioc/blog/%'] = array(
    'access arguments' => array('access content'),
  );
  $items['sioc/user/%'] = array(
    'access arguments' => array('access user profiles'),
  );
  $items['sioc/node/%node'] = array(
    'access callback' => 'node_access',
    'access arguments' => array('view', 2),
  );
  $items['sioc/stories/%node'] = array(
    'access callback' => 'node_access',
    'access arguments' => array('view', 2),
  );
  $items['sioc/forum/%'] = array(
    'access arguments' => array('access content'),
  );
  $items['sioc'] = array(
    'access arguments' => array('access content'),
  );

#2

Posted by quanton81 on June 24, 2009 at 3:07pm

http://websemantico.altervista.org/drupal/?q=sioc/site this is the first link I try to parse with an external script and it gave me acces denied if I am anonymous user!

Maybe I have to modify something in

$items['sioc/site'] = array(
    'title' => 'sioc forum',
    'page callback' => 'sioc_page',
    'access callback' => 'sioc_access',
    'access arguments' => array('administer users', 'administer nodes'),
    'weight' => '9',
    'type' => MENU_CALLBACK,
  );
  $items['sioc'] = array(
    'title' => 'sioc',
    'page callback' => 'sioc_page',
    'access arguments' => array('access content'),
    'weight' => '9',
    'type' => MENU_CALLBACK,
  );

this part of the code to access it?

#3

Posted by quanton81 on June 24, 2009 at 3:46pm

I solved the problem with

$items['sioc/site'] = array(
    'title' => 'sioc forum',
    'page callback' => 'sioc_page',
    'access arguments' => array('access content'),
    'weight' => '9',
    'type' => MENU_CALLBACK,
  );

do you think this may cause any security problem??

#4

Posted by scor on June 24, 2009 at 5:50pm

yes that looks good. not sure why that got into the code, but this should be indeed open to anyone with the "access content" perm.

#5

Posted by quanton81 on June 24, 2009 at 7:46pm

Thank you very much for your help!!!! You are very kind! :))

#6

Posted by Freso on March 15, 2010 at 7:00pm
Title:Make visible internal xml pages» Make ?q=sioc/site accessible with "access content" permission
Category:support request» bug report
Assigned to:quanton81» Anonymous
Status:active» needs review

And here is comment #3 in patch form, ready to commit. :)

AttachmentSize
500714-06-access_content_site_access-d6.patch 664 bytes