Filter permission needed while weblinks_filter is disabeld
Summit - October 2, 2009 - 23:19
| Project: | Web Links |
| Version: | 6.x-2.3 |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Description
Hi,
I want someone else to give access to inserting weblinks. But as I can see it correctly..I can only grant access including the filter-access, on which the Filter-settings of my whole drupal-instance are open for her.
If I do not grant filter access. My weblink node gives "Access denied".
WHy is this so, while I already have disabled the weblinks_filter module, that still drupal-filter permission is needed?
Thanks for going into this.
Greetings, Martijn
#1
There is a "create weblinks" permission that should allow her to enter links. Is that not working correctly?
#2
No. When I would like to show her which weblinks are allready there (admin/content/node).
And give her the possibility to edit an already excisting weblink.
She is not able to edit the weblink without filter-permission.
Greetings, Martijn
#3
Either "edit group weblinks" or "administer weblinks" might get you by for now. Perhaps we need a "edit all weblinks" permission.
BTW, you might want to look at Content Management Filter to replace "admin/content/node".
#4
Hi Nancy,
No all permissions within the weblinks block are NOT sufficient..I need to set also permission to: module filter: control filter otherwise the edit function of the weblinks node is not working..
I disable weblinks filter. But may be there is somewhere still a connection...
Thanks for the suggestion of CMF will look into that :)
greetings,
Martijn
#5
What is "module filter"?
#6
The filter module. It says within permissions:
* Module filter
-----control filter [ ] <== here can you set the permission. Without this checking I am not able to get access to edit the weblinks node.
greetings, Martijn
#7
I have no idea what that is. It does not come from Web Links.
#8
Hi Nancy,
I have made a screenshot what may be explaines what I mean. I need to enable the core filter module, to have enough permissions to edit the weblink.
Greetings, Martijn
#9
At the bottom of the general settings page, there is a collapsed fieldset that sets a default filter for things like the overall page text. So I think, yes, you are going to have to have the core filter module enabled and whatever filter is specified will have to be available to the end-user. These text fields must be filtered or we will have a security issue opened on us. Even if we used only filter_xss_admin, it would require the filter module. However, the core filter module is in the "Core - Required" group, so it should always be there.
#10
I just added Filter as a dependency.
#11
Hi Nancy,
Thanks for your remarks! Do you know if it is possible to have this dependency, but not to show the filter admin settings url to the user? I do not want to give the content-providing user the possibility to change the filter..
Thanks again in advance for your reply!
greetings, Martijn
#12
Filter admin requires the "administer filters" permission, so if they don't have that, they can't change filters.
#13
Okay, I also added a check for "administer filters" to that setting.
#14
Automatically closed -- issue fixed for 2 weeks with no activity.