n addition to the "create" and "edit" premissions that are standard to most modules access, why not add a "view" permission?Many people want to have certain feature like private forums. There are several heavy duty modules that can handle node access, but they are overkill for many and often require the user submitting content to specify access. Is there a line of code that could easily accomplish this or would this require a core change?

Comments

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Version: 4.6.5 » x.y.z

If this gets addressed, it is much more likely to get addressed in the version after 4.7, so I'm changing the "version" to cvs to indicate that.

In that category, it will be much more likely to be seen by someone who might do it (or explain how this can currently be implemented).

jasonwhat’s picture

jasonwhat commented

Implementing this seems easy enough unless I did something wrong. I just added a call in hook_access

if ($op == 'view') {
    return user_access('view forum topics');
  }

and added this to hook_perm:
'view forum topics'

If I did this right, it seems pretty easy to achieve manually, but I can't think of an argument for not including this in core node types.

markj’s picture

markj commented
Version: x.y.z » 4.6.5

In 4.6.5 (haven't tested other versions), this method of restricting access can be circumvented by anonymous users who know or find the URL to the taxonomy term that the forum is attached to (such as taxonomy/term/11). The body of the posting is displayed but when the anonymous user clicks on the link to the forum node, they are denied access.

moshe weitzman’s picture

moshe weitzman commented
Status: Active » Closed (works as designed)

this can't be done properly without using a node_access module. the code posted here will block viewing of a single node but not when presented in a list of nodes like home page, taxo listing, search results, etc.

markj’s picture

markj commented
Title: Add a simple access call to all node types » Why no node_access in forum.module?
Component: node system » forum.module

I still don't understand why forum.module doesn't have node_access already built in like comment.module and node.module do. Is there some architectural issue that would not allow inclusion of a call to node_access in forum.module? If not, I don't mind trying (but with the caveat that although I have some PHP skills I am still getting my head around drupal's internals).

dkabal’s picture

dkabal commented

Sorry, this seems like an obvious feature for the next version to me as well. I was surprised to see that "forum view" wasn't an option in the user permissions. It's oft-requested, and implemented in other content-management systems quite well (e107 has this as a core capability).

Dave Kabal