Just discovered this and haven't yet had time to explore the code.
This may be a major and possibly critical issue for some sites.

The Visitor Info map only (not the table of visitors) does not respect the user permissions if set to only show for certain roles. The map can be seen by anyone including anonymous users by going to the path. Also clicking on any marker shows the details. This may not be desirable for some sites.

The Visitor Info menu item is also visible to all users who have access to the navigation menu even if they are not in roles granted user permissions to access visitorinfo-map. The menu visibility can be controlled with the addition of the Menu per role module, but the map can still be accessed with the path.

Comments

AvvAdeh’s picture

AvvAdeh commented
Version: 6.x-1.x-dev » 6.x-1.6

I found a way to circumvent this behavior, here is the trick, configure a path redirection (/admin/build/path) :
True existing path : a node linking to your true visitors info list and map page, the one using the blocks to display infos (blocks' access rights are working) in case you're planning on using the original menu entry the module is proposing, or an error page if you don't.
Alias : visitorinfo-map

This way, if someone tries to access "/yoursite/visitorinfo-map", he will be redirected to the node you put up there.

As far as I've tested this, it seems to work.