anonymous users do not have access to the buddylist profiles, when they access is granted under access control "view buddy lists". subscribing to buddylist feed would be nice for anonymous users too.

http://yoursite.om/buddylist/4/buddies/recent/

Comments

BoarK’s picture

The buddylisting pages were originally designed to only show if the user is the owner of the buddylist or a site administrator. To make it behave the way you want, you have to dig into the code.

The two functions you should be looking at are buddylist_menu() and buddylist_buddylisting_page.

Regards,
Nathan.

kylehase’s picture

Nathan,

I've been trying to do the same thing. I've played with the buddylist_buddylisting_page function but still can't get it to work right.

Here's what I have.

function buddylist_buddylisting_page($uid = NULL, $mode = 'buddies') {
  global $user;

  if (empty($uid)) {
    $uid = arg(1);
  }
/*      elseif ($uid != $user->uid && !user_access('administer users')) {
    // a normal user can only view own buddylist
    drupal_access_denied();
    exit();
  }
*/

This is half working. I'm no longer getting the access denied page as anon but I'm getting 's buddylist I think I'm having a probelm catching the uid argument from the url.
As admin the following synax works http://example.com/buddylist/uid. This is of course using clean urls.

I may have to tweak it a little to check for the uid in the URL first and use that listing page else go to the user's own buddy list if no uid is given.

Thanks in advance,
Kyle

kylehase’s picture

Sorry, just noticed something else. When admin is able to list the page, the syntax is http://example.com/buddylist/uid.

When anon user tries to access the page, the same url gives page not found but using http://example.com/buddylist/user/uid gives 's buddy list with no user name.

kylehase’s picture

Sorry to keep posting but I also noticed this.
I created a block to spit out the actual php get array for troubleshooting.

the url http://example.com/buddylist/uid
gives array(1) { ["q"]=> string(0) "" } as anon or normal user but gives
array(1) { ["q"]=> string(13) "buddylist/uid" } as admin. Is this a problem with my .htaccess setting?

quicksketch’s picture

This issue makes a really good point. Right now all users can only view their own buddies, unless they have the privilege 'administer users', then they can view anyone's. It will make much more sense to let anyone who maintains their own buddy list to view their own buddy list (duh). Anyone with the 'view buddylists' privilege (including anonymous users) should be able to view any buddy list. This makes a lot more sense than being able to 'maintain' a buddy list, but not be able to view it, which is the only function of the view buddylist privilege right now.

I'm currently working on a patch to correct this strange behavior.

quicksketch’s picture

StatusFileSize
new33.89 KB

Here's a module available for testing (the patch will follow). Please give this code a good testing, as will be necessary before posting to CVS. The behavior is now as follows:

  1. 'maintain buddy list' permission:
    1. Users may view their own buddy list
    2. Users may add or remove buddies to their lists, even if they cannot view others' buddy lists or profiles
    3. The anonymous user may never add or remove a user to a buddy list
  2. 'view buddy lists' permission:
    1. Allows a user to view any buddylist, even if they cannot view the other user's profile
    2. The anonymous user's ability to view is no different than other user groups
    3. The anonymous user does not have a viewable buddy list
    4. The XML feeds follow these same criteria

    I believe that summarizes the changes. All of the permissions were moved to the hook_menu function for simplicity.

quicksketch’s picture

StatusFileSize
new10.72 KB

Here's the patch. Make sure to apply against the latest HEAD release.

quicksketch’s picture

Status: Active » Needs review
kylehase’s picture

quicksketch,

It seems to be working so far. THANKS!!! Great work.

quicksketch’s picture

Status: Needs review » Fixed

Thanks for the report Kyle. I've done extensive testing and the code functions as designed. I've committed to CVS, expect to see a sync with 4.7 branch soon.

Anonymous’s picture

Status: Fixed » Closed (fixed)