So I'm trying to figure out whether Page Manager and the Page Manager Redirect module can provide the functionality of this module:

Redirect 403 to Login

I thought it would be as simple as

1. Adding a selection rule for "Node: accessible" and Operation: "View" being NOT. (ie. If node view page not accessible)
2. Adding a selection rule for "User: role" being anonymous, or conversely NOT authenticated. (ie. If user isn't logged in)
3. Set it so all criteria must pass.
4. Set redirect to path "user" with a query string of "destination=node/%node:nid" (so that it redirects to the original node after login)

However, this doesn't seem to be working. I've even tried setting up contexts and using the selection rule for "Context exists" or "Context doesn't exist" (with contexts that seemed interchangeable with the above steps), but no dice.

So does page manager work for anonymous users? I keep seeing references to "Logged in user", so I'm having doubts. Or is that just the equivalent of "Current user"?

Anyhow, any point in the right direction would be greatly appreciated! Thanks!

Comments

merlinofchaos’s picture

merlinofchaos commented

Logged in user has role Anonymous should work. In my previous tests it has worked. Can I get some confirmation?

patcon’s picture

patcon commented

Thanks Earl. I've got pathauto, content_access and a few other things going on right now, and while I didn't think they'd be causing issues, I'll do a fresh install just to be sure I'm not wasting your time. I'll post config as soon as I have that.

patcon’s picture

patcon commented

Just working my way through now...

$handler = new stdClass;
$handler->disabled = FALSE; /* Edit this to true to make a default handler disabled initially */
$handler->api_version = 1;
$handler->name = 'node_view_redirect_context';
$handler->task = 'node_view';
$handler->subtask = '';
$handler->handler = 'redirect_context';
$handler->weight = 0;
$handler->conf = array(
  'title' => 'Redirect anonymous to login',
  'contexts' => array(),
  'relationships' => array(),
  'access' => array(
    'plugins' => array(
      0 => array(
        'name' => 'role',
        'settings' => array(
          'rids' => array(
            0 => 1,
          ),
        ),
        'context' => 'logged-in-user',
        'not' => FALSE,
      ),
      1 => array(
        'name' => 'node_access',
        'settings' => array(
          'type' => 'view',
        ),
        'context' => array(
          0 => 'logged-in-user',
          1 => 'argument_nid_1',
        ),
        'not' => TRUE,
      ),
    ),
    'logic' => 'and',
  ),
  'path' => 'user',
  'query' => 'destination=node/%node:nid',
  'fragment' => '',
);

Initial install: ctools, page_manager, page_manager_redirect, admin_menu
Works fine. Played with roles and negating the 2 selection rules above, and it works like you said.
However, turning off "access content" permission for anonymous users results in an "Access denied" screen, but maybe that's intentional. Same results with an unpublished node, which might not be intuitive.

Additional install: content_access
Went to Content types > Edit Page > Access control and removed check from "View any content: anonymous user". Rebuilt permissions. I now get an "Access denied" message when trying to view as anonymous, instead of being redirected.

Perhaps it's just this access control module. It's way too late to do it now, but I can give it a shot with another if you'd like. Lemme know.

merlinofchaos’s picture

merlinofchaos commented

Right, the node_view template uses Drupal's default access control on viewing itself, so it calls node_access(...). that means if the user does not have access to the node (which means not having 'access content' or if it is unpublished) then Drupal itself will kick in a 403 before Panels gets it.

The only workaround at this time is to change this behavior by using hook_menu_alter() to change the 'access callback' on the menu item.

it is possible that there should be a way to explicitly have Page Manager override the access control for this page and use access rules instead of the default. This is something we have to be careful with because it could open inadvertant security holes if our defaults are too permissive and we do not explicitly inform the user that it could allow access to inaccessible content.

patcon’s picture

patcon commented

Oh hey, thanks so much Earl! I'll give the workaround a shot and see if it's worth it. (In the interest of making the site more transparent for someone else later down the line, I might just suck it up and use the other module...)

patcon’s picture

patcon commented
Status: Active » Closed (works as designed)
merlinofchaos’s picture

merlinofchaos commented

Note that if you're using Page Manager's node_view template and all lists of content are handled through Views, you often don't *need* content_access or similar. These things can actually be a benefit because the queries that all node_access modules use can harm performance and when they actually get in the way, it's a good option to control access yourself using Views and Page Manager.

patcon’s picture

patcon commented

Hm. That's so clever. I like it! Thanks Earl -- just turned me on to a new way of doing things

jludwig’s picture

jludwig commented

I use CTools as my access control on a few sites, and the performance has improved greatly. The node_access can really become a bottleneck when there are a lot of nodes. I will write a blog post about it sometime soon (probably post-holidays) with some benchmark results. Good stuff for sure!

Just a note: make sure to override the taxonomy listing pages and not allow search/feeds etc. of content that you want restricted. It would be pretty horrible to, say, have a 'Help Desk' content type with a taxonomy term like 'Billing questions' for people read on that taxonomy listing page.