Striping menu id 1 from the admin/menu page

Posted by effennel on April 20, 2006 at 1:34am

Hello,

On the admin/menu page, two menus can be seen: Navigation (mid1) and Main (mid3), the latter being the actual site navigation. I need to acheive the following:

Users with role x & y should be able to view and edit the Main menu while not being presented with the Navigation menu.
These users should also be kept away from the possibility of editing any items belonging to the Navigation menu.
User with role z should have access to view and edit both menus.

Any suggestions?

Thank you
Francis

Comments

Bleh

Posted by coreyp_1 on April 20, 2006 at 5:21am

I don't see any way of doing this without hacking core.

3 steps are needed:

Define a new permission
Supress the Navigation menu from showing up when the user visits "admin/menu"
Supress the Navigation menu from showing up in the "Parent Item" checkbox

here are the three hacks in menu.module:

line 98:
change
return array('administer menu');
to
return array('administer menu', 'administer navigation menu');
line 383
change
$output .= theme('box', $menu['items'][$mid]['title'], $table);
to
$output .= (($mid != 1) || (($mid == 1) && (user_access('administer navigation menu')))) ? theme('box', $menu['items'][$mid]['title'], $table) : '';
line 486
change
if ($child != $mid) {
to
if (($child != $mid) && (($child != 1) || (($child == 1) && (user_access('administer navigation menu'))))) {

Please let me know if it does/doesn't work.

As always, back up your core files before modifying them!

Good luck!

-Corey

- Corey
http://www.thefreecollege.com

Success

Posted by effennel on April 22, 2006 at 10:27pm

Hi Corey,

Successful!

This is a nifty feature to implement when you have a "superadmin" who wants to retain some control over other "admins".

Thanks for you help.
Francis

:)

Posted by coreyp_1 on April 22, 2006 at 10:52pm

Glad it worked for you!

- Corey

- Corey
http://www.thefreecollege.com

This is indeed very helpful

Posted by steffen on July 22, 2006 at 11:28am

This is indeed very helpful for super-admins. Thanks :)

...but could there possibly be any way of doing this without hacking core? Any way of doing it through template.php or a module? I'm using the same core for a multiple of sites...

Edit: replying to my own question - the only way I see this would be possible would be to have a separate copy of the menu.module into each of the sites/domain.ext/modules/ directories

Exactly what i need

Posted by k3vin on March 4, 2007 at 11:08pm

Thank you for your nice hack :)

Disable administer menu

Posted by p0ppe on May 20, 2006 at 8:54pm

Hi Corey,

thanks for the advice. Been pulling my hair out with that particular problem. Would really like to see the menu access permissions become more granular.

Would you happen to have a hack for drupal 4.7.0 as well? :)

the three hacks for 4.7.1

Posted by coreyp_1 on May 29, 2006 at 6:43am

the three hacks for 4.7.1 should be as follows:

line 166:
change
return array('administer menu');
to
return array('administer menu', 'administer navigation menu');
line 612
change
$output .= theme('box', $menu['items'][$mid]['title'], $table);
to
$output .= (($mid != 1) || (($mid == 1) && (user_access('administer navigation menu')))) ? theme('box', $menu['items'][$mid]['title'], $table) : '';
add this code to line 734:
if (($pid == 1) && !(user_access('administer navigation menu'))) { return $options; }

it should work

- Corey
http://www.thefreecollege.com

Thanks!

Posted by p0ppe on May 30, 2006 at 11:01pm

Works great! I'm much obliged!

Line 612 looked somewhat different, but I modified it based on your sample.

oops

Posted by coreyp_1 on May 30, 2006 at 11:19pm

again, a case of scanning the code too quickly. If it works, great, but here is a better match for line 612:

change:
$output .= theme('box', check_plain($title), $table);
to:
$output .= (($mid != 1) || (($mid == 1) && (user_access('administer navigation menu')))) ? theme('box', check_plain($title), $table) : '';

- Corey
http://www.thefreecollege.com

Menu Permissions -- Drupal 5

Posted by stenson on July 30, 2008 at 3:19pm

Hi,

I am having this same issue in Drupal 5. I would like to give authenticated users (my clients) the ability to edit a menu of content (eg, static pages that they add to their site) while not allowing them to edit the Admin Menu.

I am just getting into Drupal dev't, and I basically get the idea of what your code patch is doing. However, I am not confident enough in my own skills to go headlong into changing the code for the D5 Menu Module. May I ask for help?

#1. this change is the same in D5 (adding a permission).

On #2 & 3, the code is different from D4.7, I get lost. Could you give me any pointers? I would be extremely grateful for any help!!!

BTW, I have tried the Module Menu Subtree Permissions, but it appears not to work (a search produces several posts verifying this) & unsure if it is being maintained.

Many thanks for any help!!!

I wrote this hack when I was

Posted by coreyp_1 on July 31, 2008 at 4:10am

I wrote this hack when I was first starting with Drupal (it was for 4.6, after all!) and didn't feel as strongly against hacking core as I do now. It would be better to do this from a module (I know how to do it now), but most of my time is spent on paid development projects.

If you absolutely want to hack the menu module, then here goes...

The three hacks for 5.3 should be as follows:

line 168:
change
return array('administer menu');
to
return array('administer menu', 'administer navigation menu');
line 629
change:
$output .= theme('box', check_plain($title), $table);
to:
$output .= (($mid != 1) || (($mid == 1) && (user_access('administer navigation menu')))) ? theme('box', check_plain($title), $table) : '';
add this code to line 751:
if (($pid == 1) && !(user_access('administer navigation menu'))) { return $options; }

it should work ;)

- Corey

- Corey
http://www.thefreecollege.com

Many thanks for your quick

Posted by stenson on July 31, 2008 at 1:33pm

Many thanks for your quick reply.
I understand about not changing the core . . . can you briefly outline the module you would write to do this?? . . . I can probably write the module . . .

Quick overview of the

Posted by coreyp_1 on July 31, 2008 at 1:53pm

Quick overview of the module:

Just as there are 3 changes to the core code, there are 3 things that the module must do:

Define the new permission.
You can't override the default menu_overview_tree() function (the one that we hacked in the previous example), but you can override the page itself. Just use hook_menu() to define your own callback for "admin/build/menus", and then you can make it show whatever you want.
Use hook_form_alter() to change the options available. You will need to change the form element in both the node creation form, and the menu item administration form.

The concepts are simple, especially when I type them out. The heavy lifting was when I figured out how to do all of this two years ago... that's when I really learned how the menu system worked!

I could whip this out in an hour, but that would take me away from other projects that keep the lights on. :(

- Corey

- Corey
http://www.thefreecollege.com

Thanks. It will take me

Posted by stenson on July 31, 2008 at 1:57pm

Thanks. It will take me >1hr, lol, but I will give it a shot sometime in the near future . . .

A possible solution if you're now running 4.7

Posted by Walt Esquivel on November 20, 2006 at 2:18am

I didn't check 4.6 but if you're now running 4.7, have you taken a look at the RoleAssign and User Protect modules? My understanding is that they can help protect users or roles from being edited. I just looked at them briefly so you'll have to figure out how they work and whether you would only use one or both modules.

If my suggestion is helpful, I would appreciate it if you could post a brief reply here. It could be helpful to others.

Thank you.

Walt Esquivel, MBA; MA; President, Wellness Corps; Captain, USMC (Veteran)
$50 Hosting Discount Helps Projects Needing Financing

Template based solution

Posted by CopaceticOpus on November 29, 2006 at 10:58pm

I achieved a similar behavior by adding the following code to the top of my page.tpl.php. Note that this is an ugly hack! It's dependent on the structure of Drupal's generated HTML, so it's likely to break with future updates. But, on the positive side this got the job done for me on 4.7.4.

This code displays a limited set of admin/menu options to all users other than the root user. If desired, you could modify this to also test for the user's role. The code cuts out all sections of this page other than the section for the menu named "AmLegion". (Obviously, substitute your own menu's name for this.) It also removes the options to edit the menu AmLegion itself, so that the user can only edit its children.

Perhaps once I learn more about Drupal I can do this the "right" way, but for now this is working. Note that a devious user could manually edit the URLs to edit other menus, so it's not really secure. My goal was not security, I just wanted to simplify the page for the user.

<?php
    global $user;
    if(($user->uid != 1) && (arg(0)=="admin") && (arg(1)=="menu") && !arg(2)) {
        $content_pieces = explode('<div class="box">', $content);
        $content = "<!-- begin content -->";
        foreach($content_pieces as $piece) {
            if(stripos($piece, "AmLegion</h2>") !== false) {
                $piece1 = substr($piece, 0, stripos($piece, '<div class="content"><div class="item-list">'));
                $piece2 = substr($piece, stripos($piece, '<table'));
                $content .= '<div class="box">' . $piece1 . $piece2;
            }
        }
    }
?>