By irray on

I'm having serious trouble figuring out the drupal permissions system. I run a site for a small organization with a very simple user structure:

a) general public (not authenticated)
b) paying members
c) admins

Using taxonomy_access I have achieved control over forums visibility to general public (I don't want just anybody to see our members only forums), and basic access control over general content. Now to my problem: how do I control menu items using permissions/roles? I don't want non-members to see the links in the menu that will only lead to "not authorized" pages.

I have not been able to find anything on the 'net, despite extensive searches both here and on Google -- any help will be greatly appreciated.

Categories: Drupal 4.6.x

Comments

nedjo’s picture

nedjo
he/him/his
Primary language English
commented

The menu items you're seeing are generated by modules using the _menu hook. Menu items may have access restrictions set (they have an 'access' property). create content > page, for example, should only be visible to users with the 'create pages' permission. Some items you can customize by enabling and using the menu module.

But beyond that, to gain full contol over who sees what, I think you'd have to either (a) edit the modules' _menu functions, overriding the standard access permissions, or (b) create your own custom menus instead of the standard ones.

irray’s picture

irray commented

Most of the links in my navigation lead to static pages and I'd like to be able to control who sees which of these links, so it's basically single hard links, not families of menu items I want to control.

pwolanin’s picture

pwolanin commented

I've been working with a friend to try to set up a site with a similar scheme. I've been using Drupal 4.7 (CVS), but I think it essentially the same works for 4.6.

There are a number of PHP snippets related to this. Basically, you have to use PHP code that will only show the block containing the menu if the user is authenticated:

http://drupal.org/node/13266

http://drupal.org/node/27690

You can also have pages that look different for anonymous and authenticated users:

http://drupal.org/node/23449

For example, we have a member login page, and only on this page the login block appears in the left column. Using the type of code described in the above node, for anonymous users, the content of the page directs them to log in. After they log in, the content thanks them for logging in and directs their attention to the newly visible member menus.

---
Work: BioRAFT

anner’s picture

anner commented

I've done it for blocks without problem, my issue, and I think the issue of the person who started this thread, is with menus, not blocks. When you create your own menu (I'm using menu_otf.module in drupal 4.6), it automatically creates a block for you, but no where can you access that code to add the php snippets like you've included. And the only thing you can edit for a menu is it's title.

Has anyone managed to make menus they created accessible by role?

pwolanin’s picture

pwolanin commented

I've been only using 4.7, where each menu creates a bock, and for each block you can set PHP-code dependent visibility.

For 4.6, I think you can make a block with code like this:

global $user;
if ($user->uid) {
if ($menu = theme_menu_tree('91')) {
$menu = "<div class=\"menu\">". $menu . "</div>";
}
}
return $menu;

The only trick is to figure out which menu number you want to plug in.

---
Work: BioRAFT

anner’s picture

anner commented

You are my savior :) Thanks. To find out which menu, you can just over over the edit for that menu. Works like a charm

shayne-1’s picture

shayne-1 commented

Hey pwolanin

Can I ask what PHP snippet(s) you're using to restrict visability? I too need to solve this basic problem in 4.7. Is it different from the 4.6 solution you posted? Thanks.

I would love to see role-based restriction of menu items in a future release.

pwolanin’s picture

pwolanin commented

It's easier in 4.7, since you only need to return TRUE or FALSE. See, for example:

http://drupal.org/node/56641#comment-107384

It would be nice, I aggree, to have easier blocks-per-role settings in 4.8, if only to make it easier to also have per-page visibility as well without a complicated snippet.

---
Work: BioRAFT