Drupal core's contact module currently has a very strange all-or-nothing concept.
EITHER you allow people to contact your users, and allow them to use the side-wide form, OR you allow nothing.
It is not possible to allow people to only use the side-wide, or only to contact users.

This simple patch adds a lot of flexibility and power to the contact module.

It adds 'use site-wide contact' and 'use personal contact' permissions. You can imagine that by playing with these settings one can achieve very interesting concepts. E.G. allow only premium users, or administrators, to contact other users. Or swithc off the personal contact by not giving anyone access to that.

This patch also fixes something that smells like a security bug, but might be just a small bug. In the menu, we did not check wether or not someone has access to user profiles for the user/xyz/contact tab.

I fixed this by adding an additional user_access('access user profiles') to that menu-item.

Bèr

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Bèr Kessels’s picture

Version: 4.7.0 » x.y.z
Bèr Kessels’s picture

Bèr Kessels’s picture

Dries’s picture

Status: Needs review » Needs work

I'm cool with this patch, however, we need to work on the wording.

+function contact_perm() {
+  return array('use site-wide contact', 'use personal contact');
+}

1. Does it match the terminology used elsewhere in the module? I'd postfix both permissions with 'form'.

2. What does 'use' mean? Does it mean that I can enable my own contact form, or that I can contact other people using their contact form? This needs to be clarified, IMO.

Zen’s picture

Should probably be "access" instead of "use" ?

I don't think the access user profiles check was required *before* this patch. By leaving out 'access', it would have defaulted to the access permissions of 'user/1'. AFAIK anyways.

Thanks,
-K

bermin’s picture

Nice patch.
I have seen this node referenced as a solution to allowing 'anonymous' access (without the need to register) to the 'contact' tab.

This patch allows anonymous to see the 'contact' tab in a users profile, but it fails to allow anonymous to send without registering.

Bèr Kessels’s picture

Status: Needs work » Needs review
FileSize
1.38 KB

* Changed "use" into "access", it makes more sense.
* Postfixed each perm with "form". Perms are now
'access site-wide contact form', 'access personal contact form'
* Added a check for $user->uid, wich fixes yet another bug.

One new feature, two bugs fixed with a patch as tiny as this one! please review :)

Dries’s picture

Status: Needs review » Needs work

Still sloppy IMO.

"access personal contact form" implies that people can access their own contact form. If you write "forms" (plural), it implies other people's contact forms. Which one does it need to be?

Now we have a new permission, we can get rid of the old one (IMO):
+ 'access' => (user_access('access content') && user_access('access site-wide contact form')),
Do we still need the check for user_access('access content')? I don't think so.

+ 'access' => ($user->uid && user_access('access user profiles') && user_access('access personal contact form')),
IMO, a contact form and a user profile are separate things. I'd remove the user_access('access user profiles') bit.

Bèr Kessels’s picture

Status: Needs work » Needs review
FileSize
1.32 KB
  1. changed into personal contact forms
  2. removed the access content part
  3. removed te access profiles part

the patch is only getting smaller ;)

Dries’s picture

Status: Needs review » Fixed

Committed.

pwolanin’s picture

Will this patch also get applied to the 4.7 branch? Thanks for adding this feature!

Bèr Kessels’s picture

Dries: thank you for the persistance! Wonderfull to see your persistance and th eresult of it in such small issues. Again: thanks.

@pwolanin: most probably not. 4.7 is closed for features. If you really want small features like this to make it towards your website, the best thing is to get closely involved in the 4.8 release. Because the sooner that releases, the sooner you can benefit from small patches like these! Please review other patches and bugs.

ryanrain’s picture

Title: Contact module, permissions for side wide and personal contact » testing 123

i uploaded contact.module rev 1.53, checked the new 'access personal contact forms' for all roles including anonymous, but still can't seem to access personal contact forms as an anonymous user.

instead of the old "Please login or register to send %name a message.", the new version returns an access denied.

i know there's been discussion of preventing spam by restricting access to registered users, but now that we're providing the option in the access control panel, it seems like it should work, perhaps with a warning. i couldn't see any code that would generate a 'from' field for anonymous users.

learning this stuff bit by bit,
-ryan

ryanrain’s picture

Title: testing 123 » Contact module, permissions for side wide and personal contact

oops

Bèr Kessels’s picture

@ryanrain we now use the standard access methods. And not some inconsistent message. There are ways to generate a nice, context sensitive access denied page.

ryanrain’s picture

so, am i to understand that there are no plans to let admins allow anonymous users access to personal contact forms?

webchick’s picture

> so, am i to understand that there are no plans to let admins allow anonymous users access to personal contact forms?

There are no plans, period. :) If you want something like this, file a new feature request, preferably with a patch! :) This issue is solely about separating permissions to enable the site-wide contact form and user-specific forms.

Anonymous’s picture

Status: Fixed » Closed (fixed)
rapsli’s picture

Version: x.y.z » 5.7

tried to apply the patch. Does it not work anymore for 5.7? I get an acces denied for the guest

fluffy998’s picture

I've tried applying the patch and receive an error - 1 out of 2 hunks failed. Is the patch not meant for 5.7?, or am I doing something wrong?

Any help would be much appreciated.

glass.dimly’s picture

This module may do what people want: http://drupal.org/project/contact_anon

jmjohn

dwees’s picture

This doesn't seem to have actually made it into Drupal 5.7, or at least it's no longer in Drupal 5.10. Any ideas what happened to this issue?

amariotti’s picture

It was never committed to core. Not sure why this functionality can't be added to Drupal CORE.

oldrobb’s picture

This patch doesn't seem to be applicable for later versions of Drupal 5 (5.12, for example...)

This issue seems to be very similar to

Disable profile contact forms checkbox and tab
http://drupal.org/node/35374

[x] Let users be contactable on their profile pages

something like that in the settings would be good if you only want to use the "contact us" feature.

and

Hide contact tab for users who have option disabled
http://drupal.org/node/60483

An admin should be able to disable users even seeing this option in their user profile to begin with.

However, neither of these seem to be applicable to later versions of Drupal 5 either.

Any chance of an applicable version?

I've commented on this one, rather than on either of the others, as this one specifically says it's for Drupal 5 (i.e. 5.7) whereas the others aren't specific. (This one has also been commented on most recently.)

Andrew Gorokhovets’s picture

FileSize
955 bytes

It's for D6

Andrew Gorokhovets’s picture

Version: 5.7 » 6.9
FileSize
943 bytes

Sory,This correct

Liliplanet’s picture

Thank you andrew_jw, works wonderfully and should really be incorporated in the core contact.module.

CarbonPig’s picture

Hi Andrey,

I applied the patch and I see the new permissions show up - "user contact form".

It seems to work for authenticated users, but it still shows "access denied" for anonymous users.

I tried refreshing the cache, but I can't get it to work.

Please correct me if I'm wrong, but I thought the patch would allow anonymous users to be able to access and use the contact form for authenticated users.

Please help,

CarbonPig

ianchan’s picture

subscribe

Gabriel R.’s picture

Title: Contact module, permissions for side wide and personal contact » Contact module, permissions for site-wide and personal contact
rootwork’s picture

This was marked closed awhile ago, but since people are still posting to it (and it turned up in my own search results), for the latest on this see #601250: Allow anonymous users to use personal contact forms and #58224: Allow anonymous users access to a members personal contact form

For backports of the functionality in question from D7, see http://drupal.org/project/contact/