Posted by altavis on November 12, 2009 at 7:20pm
3 followers
Jump to:
| Project: | Menu Access |
| Version: | 6.x-1.8 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | postponed (maintainer needs more info) |
Issue Summary
If "Default access control settings" are enabled cannot only be overridden. Only disabled by default can be enabled in specific menu or item. Isn't it a bug?
Comments
#1
Please describe this in more detail I don't understand.
#2
I understand this. If you set the default settings in admin/build/menu/menu_access and/or admin/build/menu/menu_item_access, then you cannot overset this defaults on per menu, or per menu item.
Another issue is that thiese module(s) completely to go wrong. I tested with clean Drupal 6.15 install and i can't manage with this module(s) the permissions of menu items (eg i tested with 'admin/content/node-settings' administration menu item - with admin_access module installed, but if i uncheck all permissions from this menu item on 'admin/build/menu/item/18/edit' page, then the user with 'access administration pages' permission have can access the menu item and page...).
#3
I'm sorry, I don't understand this either ;) - must be really bored and upset when was trying this module.
ibis has right - "Default access control settings" aren't default but obligatory (if checked). If I need to block access to only one menu item I prefer to set defaults to enable access and only that one specific item to disabled. I need to set everything disabled by default, set every single-one item to enabled just for keep one menu disabled. Now I see this produce another problem - if user will create some menu elements they will keep default settings, so he wouldn't be able to access and manage his own items.
* - I'm not sure I remember things right, but I hope problem is clear for you now.
This module has really great potential, needs only some minor tweaks. I would be very happy to get this bug fixed. Now it looks like only maintainer is happy with his own code - which is great, it's yours but since it's also available in drupals repository I have the audacity to ask for fix.
#4
I get the use case from the description, the module reinforces security policies from the top down, not from the bottom up.
Define global security policies and all menus/menu items will follow the rules until an exception is made.
Go to an individual menu or menu item and define an exception then the global rules do not apply.
Having conditional states for a menu or menu item based on business rules are too complex and numerous for the module to support. This would be accomplished by creating a custom module that reinforced the business rules.
The important limitation for menus and menu items is that Drupal does not have any notion of ownership. Unlike nodes that have creator users, updater users, and revisions, menus and menu items are edited on the fly with no history or ownership
I have been thinking of writing a new 2.0 branch of the menu access module that uses menu_alter instead of custom functions.
I have also been thinking of creating a sub-module called menu_access_rules that allows for rules integration so users could define rules that trigger changes to permissions for a menu/menu item.