CVS edit link for gpk

The motivation for my application is for a module that enables anonymous users to contact other site users via their personal contact form.

http://drupal.org/node/58224 #58224: Allow anonymous users access to a members personal contact form may implement a solution for this for 7.x, by adding a "access personal contact form" permission, but for 6.x there is no easy way for an anonymous user to contact another user via their contact form.

The issue is also discussed to some extent in http://drupal.org/node/310895 #310895: Port Anonymous Contact to Drupal 6. At first sight I thought Anonymous Contact was what I needed, but what it does is to allow you to contact a node author "Anonymously", i.e. without knowing who they are, rather than specifically allowing anonymous users to contact other users (provided the latter have enabled (or not disabled) their personal contact form).

So since I need this functionality for 6.x, and there appears to be a need beyond my own, I propose a new module "Personal Contact Permission" that implements something like #58224: Allow anonymous users access to a members personal contact form for 6.x. It is actually very similar to Dave Reid's #6 in #310895: Port Anonymous Contact to Drupal 6, with a few refinements (as detailed in the .module file itself). I have the module running on a site at present, in conjunction with CAPTCHA.

CommentFileSizeAuthor
#14 personal_contact_permission_0.tar_.gz4.3 KBgpk
#1 personal_contact_permission.tar_.gz4.28 KBgpk

Comments

gpk’s picture

gpk commented
Status: Postponed (maintainer needs more info) » Needs review
StatusFileSize
new personal_contact_permission.tar_.gz4.28 KB
dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

Note that I've actually been working to implement a backport of #58224: Allow anonymous users access to a members personal contact form integrated into #310895: Port Anonymous Contact to Drupal 6 that should work nicely. I don't see a need for a second anonymous contact project when it should work with just one.

gpk’s picture

gpk commented

> I don't see a need for a second anonymous contact project when it should work with just one
Thanks for the reply Dave, I was taking the view (as some others did in #310895: Port Anonymous Contact to Drupal 6) that the module you uploaded at #6 in that thread is actually rather different from the original. Your module (and mine) creates a new permission defining access to personal contact forms; the existing Anonymous Contact module allows people to contact a node author without necessarily knowing who they are (this is what is meant by Anonymous in the context of the "Anonymous Contact" module). From what I can see there is no overlap in either functionality or code, just in terminology ;-).

I should add that I only stumbled across your module having written my version, and what I have submitted here is a combination of both, and is still probably about 95% the same as yours. I don't claim any originality, but am just eager to have a released module running on the site in question rather than my own custom code.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented

Considering the complexity of this module, I would think that one module is enough.
As Dave is already planning, or back-porting the code from Drupal 7, I would reject this application request.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

@gpk No problem. I was planning on merging the existing functionality of contact_anon with my backport of the D7 patch. That way if people are searching for how 'anonymous' users can use the 'contact' forms, or if people are searching for a way to make the 'contact' forms 'anonymous', they'll find the same module which helps out both cases.

gpk’s picture

gpk commented

@Dave: Thanks, in one sense I'm not really too fussed as long as there is a solution.

However while the backport does allow the possibility of anon users accessing personal contact forms, that is merely one use case for it. If anyone wants to use the backport to restrict access (via the 'access personal contact forms' permission) to more privileged users then that is also possible. This points to not having the backport as part of the Anonymous Contact module (and is why I proposed a name such as Personal Contact Permission). If someone is looking for the ability to restrict access then they'd probably not expect to find it in Anonymous Contact.

OK here are the arguments for having a separate module, or not, for the record:
PROs for a separate module:
- module name accurately states what it does rather than describing a possible use case, so avoiding confusion
- there is very little if any code/functionality overlap, although the problems they address are to some extent related. The convention as I understand it is to keep separate bits of functionality separate. Most people will I suspect want one or other, not both (e.g., personally I am not at all interested in the existing functionality of Anonymous Contact - and so ignored it when I first saw it!).

PROs for combining with Anonymous Contact
- saves having yet another project
- people looking for a way of allowing anonymous users to access personal contact forms should be able to find it easily (though TBH I'd have though a link on the Anonymous Contact project page would do the trick)

Hope this is a fair summary and apologies for going on at some length about it, I think it is worth clarifying the issues at this stage.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Issue tags: +Module review
authentictech’s picture

authentictech commented

I'm looking for this functionality (described by gpk) and I would not want to have it combined with the Anonymous Contact module as the need is entirely separate (related by terminology only) and I do not require the features of the Anonymous Contact module.

I support gpk's rationale (high cohesion/low coupling of functions) for providing a separate module to allow anonymous users to access personal contact forms.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Status: Needs review » Needs work 
  1.     $title = filter_xss(theme('username', $recipient), array());
    drupal_set_title("Contact $title");
    $output = drupal_get_form('personal_contact_permission_mail_user', $recipient);

    theme_username() already calls check_plain(); there is no need to call filter_xss() too. 

  2.     drupal_set_title("Contact $title");

    The string should be translatable.

gpk’s picture

gpk commented

@9: many thanks for the review.
The filter_xss construct is bascially following the argument here: #229660-15: Use theme_username() in the personal contact form. Looks like it might not be strictly necessary but pwolanin seemed happy with it.

I'll sort out the translateability problem and post a new version.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented

It is normally not a good idea to filter a string twice.

gpk’s picture

gpk commented

Yes, I was wooed by pwolanin's comment that filter_xss() would strip any tags "plus do some other checks." However, as he notes, the <a> tag round the themed username will, if present, be removed in http://api.drupal.org/api/function/template_preprocess_page/6 since strip_plain() is used on the page title. And since Jan 2008, http://api.drupal.org/api/function/check_plain/4.7 has protected against XSS attacks on IE6. So yes, the filter_xss() is probably redundant.

[update] We still need something like:

    $title = strip_tags(theme('username', $recipient));
    drupal_set_title(t('Contact !title', array('!title' => $title)));

because the title is also shown as the page heading, and we don't want an <a> tag in there from theme_username()...

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented 
    $title = strip_tags(theme('username', $recipient));
    drupal_set_title(t('Contact !title', array('!title' => $title)));

That code makes more sense, IMO.
Between the two things I reported, the translatable string is the most important one. I will not surely block the approval of your CVS for the other part; I was just pointing out that (sometimes) passing a string to two different filter functions (or to the same filter function twice) can cause some unwanted effect (& shown as &amp;, in example).

gpk’s picture

gpk commented
Status: Needs work » Needs review
StatusFileSize
new personal_contact_permission_0.tar_.gz4.3 KB

Thanks, I think I understand a bit better now exactly what filter_xss() and check_plain() do and don't do so that's no bad thing.

New version attached.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Status: Needs review » Fixed 
      $message['body'][] = strip_tags(theme('username', $recipient)) . ',';
      $message['body'][] = t("!name (!name-info) has sent you a message via your contact form (!form-url) at !site.", array('!name' => $sender->name, '!name-info' => $sender->uid ? url("user/$sender->uid", array('absolute' => TRUE, 'language' => $language)) : $sender->mail, '!form-url' => url($_GET['q'], array('absolute' => TRUE, 'language' => $language)), '!site' => variable_get('site_name', 'Drupal')), $language->language);
      $message['body'][] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$recipient->uid", array('absolute' => TRUE, 'language' => $language))), $language->language);
      $message['body'][] = t('Message:', NULL, $language->language);
      $message['body'][] = $params['message'];

The placeholder used for the URLs is normally the character @ (the same you have already used in other code lines).

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

I'm still planning up updating contact_anon with both features because it makes more sense to me since they would share code. Don't want the actual anonymized contact forms? Don't enable the "use node contact forms" permission. Want anonymous users to be able to use the personal contact forms? Enable the "user personal contact forms" permission. I don't see why we need a sep module for this, but I've put my argument out there and won't say anything else.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented

@Dave: I interpreted your @gpk No problem. as a way to say that it was fine for you to have this module in CVS, or that you changed your mind about the module you were planning to do.

I have already not accepted CVS applications when the user was proposing a module that was a duplicate of an already existing module; even in the case I accepted a module that apparently was a duplicate of an existing module (I mean it seemed a duplicate from the short description given from the user), I first asked in what the module would differ from the already existing one.
It is also true that I keep in mind what Dries said about duplicate modules.

Status: Fixed » Closed (fixed)
Issue tags: -Module review

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +Module review

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Component: Miscellaneous » new project application
Assigned: Unassigned » avpaderno
Issue summary: View changes
Status: Closed (fixed) » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.