Closed (fixed)
Project:
Content Management Filter
Version:
6.x-2.x-dev
Component:
Code
Priority:
Critical
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
25 Aug 2009 at 16:53 UTC
Updated:
28 Dec 2010 at 11:34 UTC
Jump to comment: Most recent
Comments
Comment #1
nancydruAre the users themselves seeing it, or is it the admin looking at them? The admin should see it, as should anyone else with 'access user profiles'. See #535590: Permission settings - per user/global/both.
Comment #2
XerraX commentedthe users do see it
users with "access user profiles" should not see cmf tab, but users with "view user content list" or something similar should
Comment #3
Bernardine commentedConfirming ... users logged into their own accounts/views (non admins) have the CMF tab on their profile.
Comment #4
sharrison commentedConfirming ... users logged into their own accounts/views (non admins) have the CMF tab on their profile.
Comment #5
nancydruThis is very strange. On my sites, users with "view user content list" get the tab, others do not, unless they have "access user profiles."
Comment #6
sharrison commentedOn my site, I have granted no permissions for the cmf module.
No one has permissions to filter and manage site content.
And no one has permission to view user content list.
But everyone's getting the tab.
Anonymous and authenticated users are all getting the tab.
Not sure what to do.
Comment #7
nancydruMake sure that cmf.module starts with
// $Id: cmf.module,v 1.2.2.19.2.2 2009/09/05 19:57:12 nancyw Exp $for the latest code. If you have Devel, rebuild the menus, otherwise, clear the caches. Make sure they don't have "access user profiles."Comment #8
XerraX commentedbut you need "access user profiles" to see user profiles! CMF should not depend on this!
Comment #9
mark. commentedSame problem here, I have only enabled "filter and manage site content" & "view user content list" for "custom role", but CMF completely ignores the permissions for "view user content list". All anonymous visitors have access to the CMF tab on user profiles.
Comment #10
pasquallethe tab is active for users with 'view user content list' or 'access user profiles' permission. It seems it is intentional by the module maintainers, but most users see this as a bug.
I also think it should be available for users with 'view user content list' AND 'access user profiles' permissions. Both permissions should be required.
Comment #11
mark. commentedPerhaps the maintainer would like us to believe that it is intentional and not a bug, but I have a hard time believing that.
If that is true, the maintainer is intentionally and severely reducing the usability of an otherwise, very usable module. It's awfully shortsighted to have this module interfere with the layout of every profile on a site (the primary content on many sites), without a choice.
...and I hardly view "if you don't want visitors to see the tab, then they can't see the profile at all!" as a choice.
However, if the permission "view user content list" actually granted that permission (regardless of which drupal core permission is, or isn't set), there would be no problem in the first place, which is why I have a hard time believing it was intentional.
*bonus reason: the permission is "access user profiles", not "access user profiles and access a tab that lists all of the content that the user has published", so I don't see any reason for a module developer to treat the permission as if it's name is the latter.
Comment #12
nancydru@zywiec: It is this kind of attitude and name calling that makes maintainers close an issue as "won't fix" regardless of how egregious it is.
There are two facts you are overlooking from my posts:
1) The intent of adding in the "access user profiles" permission was to allow those with admin access (not just user/1) to view this tab. I maintain several sites where I am not user/1 but am expected to use this feature to limit spammer impact.
2) On my sites, this feature operates as intended and as people are asking for. In short, "I cannot reproduce this bug" so I have trouble fixing it.
Comment #13
nancydruI reverted the access checking to what it was before and found that the user tab permission was backwards. I have committed a fix to 6.x-2.x-dev. It must be tested and marked RTBC before I will consider a new release.
Comment #14
nancydruComment #15
pasquallethe permission check for user cmf page should be:
user_access('access user profiles') && user_access('view user content list')
if you remove one of them then it makes an uncontrolled situation
problem with 6.x-2.x
permissions:
'access user profiles' - no
'view user content list' - yes
pages:
user/42 - no access
user/42/cmf - accessible
that does not seems right..
Comment #16
nancydruWith the fix I committed, 'view user content list' totally controls whether or not the user tab is shown. 'Access user profiles' is totally gone.
Comment #17
Bernardine commentedResolved for me with 6.x-2.x-dev, thanks NancyDru.
Comment #18
XerraX commentedthanks for the fix :-) works!
Comment #19
nancydruThe next tester should mark this as "reviewed and tested by the community." There will not be an official release to correct it until it is.
Comment #20
sharrison commentedIf installing the dev version isn't the same as "reviewing and testing by the community," please disregard this post.
I installed the new dev version and it works.
So, . . .
Comment #21
nancydruComment #23
sharrison commentedHI, NancyDru.
I wanted to let you know that the visibility issue has cropped up for me again.
When I tested the module fix back in October, only people who had the "view user content list" _and_ view "access user profiles" could see the CMF tab on the profile page.
Yesterday, when I went through my site under an authenticated user alias that doesn't have the "view user content list" permission, I was able to see and use the CMF tab on all user profile pages.
So, the prior bug seems to be back.
At present, I'm running Content Management Filter 6.x-2.0 and Drupal 6.15.
Here to help,
Stan
Comment #24
pasquallethe fix is not in the 6.x-2.0 release.
in 6.x-2.x release, only users with "view user content list" can access the CMF.
Comment #25
sharrison commentedSorry about that. I must have set the module back to an earlier state without thinking.
My apologies.
And thank you very much for the quick help.
Comment #26
marcoka commentedi needed to rebuild permissions. so far, working here, too