Posted by Hugo Wetterberg on November 4, 2009 at 8:29am
Jump to:
| Project: | Secure Site |
| Version: | 6.x-2.4 |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
I'm currently developing a site that uses services & needs to be protected by securesite. The problem is that services often defines it's own authentication scheme. So I need to bypass securesite for the menu-items that are managed by services.
The following addition to _securesite_forced() should allow any module to get a chance to override securesite.
<?php
// Load the menu-item and check if there are modules that
// want to bypass securesite.
$menu_item = menu_get_item($_GET['q']);
$modules = module_implements('bypass_secure_site');
foreach ($modules as $module) {
if (call_user_func($module . '_bypass_secure_site', $_GET['q'], $menu_item)) {
return FALSE;
}
}
?>This would allow bypass implementations like the following:
<?php
function services_bypass_secure_site($path, $menu_item=NULL) {
$bypass = FALSE;
if ($menu_item && $menu_item['page_callback'] == 'services_server') {
$context = services_get_context($menu_item['page_arguments'][2]);
// Only bypass securesite if a authentication module is enabled.
$bypass = $context && !empty($context['authentication']);
}
return $bypass;
}
?>| Attachment | Size |
|---|---|
| hook_bypass_securesite_1.patch | 685 bytes |
Comments
#1
Hi Hugo,
What branch of services has implemented services_bypass_secure_site()?
#2
Well, none of them. I removed the hook implementation again as I thought it was too much of a edge case to merit inclusion in services. But it remains a sensible feature.