Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Drupal 6 removed the ability to display menu items the user doesn't have access to. However, in some cases it is desirable to show a menu item even though the user doesn't have access to the menu item. For example, if you use an authentication mechanism that tries to acquire authentication when a 403 would be displayed, you still want to display the menu item so that users get a chance to provide credentials to log in.
- Use an access control module to restrict access to a node. I used tac_lite to demo.
- Add a node and a menu link to it on the main menu. Tag it with the tag configured in tac_lite that denies anonymous users viewing the node.
- See the link to the node in the main menu.
- Log out. Now you can't see the menu link.
This issue is about letting the menu link be visible despite access to the node being restricted.
Comments
Comment #1
marcoBauli CreditAttribution: marcoBauli commented+1 for this. Often is useful to show menu items to inform anonyms about members-only sections, features, etc.
Comment #2
sunI agree, and this is a bug.
Comment #3
Jaypan CreditAttribution: Jaypan commentedI don't know that it's a bug, but it's a missing feature that should be available. I have this issue right now.
Comment #4
venkatd CreditAttribution: venkatd commentedI needed this feature. Here's a small module I wrote that allows me to accomplish this. It's somewhat of a hack, but Drupal's design takes the blame. I'm using Drupal 6.x so it's only been tested for Drupal 6.
Comment #5
codevoice CreditAttribution: codevoice commented+1 for the option to turn off this "feature" in D6... we need to let users see that additional content is available. If they can't see the buttons, they don't know it's there. The big problem with this new behavior is that, good or bad, it is unexpected and as such generates a lot of frustration.
Comment #6
jmcerda CreditAttribution: jmcerda commentedI used #4's solution and I can only get block titles but still not the menu items. I have been disabling any and all other modules that have anything to do with taxonomy access and menu access with no luck.
Comment #7
venkatd CreditAttribution: venkatd commentedHi freighthouse, can you determine whether menu_visibility_translated_menu_link_alter is fired?
Comment #8
jmcerda CreditAttribution: jmcerda commentedummm, would you mind guiding me on that?
Comment #9
xurizaemon@venkatd: For me, yes menu_visibility_translated_menu_link_alter() is fired on each display of the menu for anonymous user. The menu entry is included, but the text of the menu entry is '', so your posted code *almost* works for me, but doesn't quite.
A couple of alternative workarounds for D6 are -
1. Path Access module which provides a means of restricting access without affecting menu visibility (according to the project page).
2. Creating absolute URLs as menu entries. ie, instead of node/123, set the menu entry to http://example.com/node/123. One customer reported that Drupal automatically "corrected" this (haven't tested/reproduced myself); if so then this may be circumventable by assigning meaningless parameters to the absolute URL (http://example.com/node/123?abc=def).
Comment #10
Algae_94 CreditAttribution: Algae_94 commented#4's module code worked like a charm on my 6.x install. I added the additional check to put a different css class on the links for anon users:
Comment #11
Damien Tournoud CreditAttribution: Damien Tournoud commentedThis is very much not a bug.
Comment #12
mattyoung CreditAttribution: mattyoung commentedIt may not be a bug. But it is a very needed feature. +1 for this.
Comment #13
mthomas CreditAttribution: mthomas commentedSee also: http://drupal.org/node/724978 and http://drupal.org/node/723964
Comment #14
valderama CreditAttribution: valderama commentedfor the statistics: i am currently building a site, where I would need that feature.
Comment #15
valderama CreditAttribution: valderama commentedto make the suggestion from #4 in D7 i had to modify minor stuff (this solution is based on the stuff by mthomas in #13)
Comment #16
mrfelton CreditAttribution: mrfelton commentedThere is a D6 module that does this here: http://drupal.org/sandbox/mthomas/1119418. D7 patch is in its issue queue.
Comment #17
droplet CreditAttribution: droplet commented+1 for this.
Comment #18
nandotinoco CreditAttribution: nandotinoco commentedJust used #15 on D7 and it worked like a charm. Thanks valderama. I agree this should be addressed. Bug or not a bug, it is unexpected
Comment #20
klonoshttps://drupal.org/project/always_visible
Comment #21
nevosa CreditAttribution: nevosa commentedcode from #15 works on D7 cut and paste.
Thanks you.
Comment #22
dawehnerI really think this is a normal feature request ... so 9.x is kinda of a good place to go
Comment #23
fischeme CreditAttribution: fischeme commentedSolution in #15 worked for me but 4 instances of "always_visible" should be replaced by your custom module name if you embed the code in a custom module, of course. Also, I modified the form alter function to alter just the menu item edit form, eliminating the need to test the form_id. The function becomes:
Comment #24
catchDuplicate of issues like #2463753: [regression] Do not bypass route access with 'link to any page' permissions for menu links
Comment #25
RunePhilosof CreditAttribution: RunePhilosof commentedReopening this since I can't see how #2463753 would fix this issue.
#2463753 is about being able to hide menu items from UID1 and users with role 'Link to any page'.
This issue is about showing menu items to users who lack the appropriate permission.
Comment #26
catchafaict this was fixed by #460408: Cannot administer menu item/link if it points to an unpublished node, #2047633: Move definition of menu links to hook_menu_link_defaults(), decouple key name from path, and make 'parent' explicit or similar. If it's not fixed (in 8.x) it needs new steps to reproduce in the issue summary.
Comment #27
cilefen CreditAttribution: cilefen commentedIn Drupal 8 as in Drupal 7:
#460408: Cannot administer menu item/link if it points to an unpublished node ensures that roles with appropriate permissions can see all links, but, that isn't the subject of this issue. This is about letting roles that definitely do not have access to the content, see a link to the content on a menu.
Comment #28
jmuzz CreditAttribution: jmuzz commented+1 I am dealing with the same issue using the module content_access in Drupal 8.
Thanks to @DuaelFr I was able to accomplish this using hooks in a custom module.
https://www.drupal.org/project/always_visible/issues/2535162
Comment #29
dkre CreditAttribution: dkre commentedThis isn't a duplicate of the above mentioned issues.
Here's a simple use case which will reproduce the problem.
I have a site which has an events calendar. The events are primarily created public submission which requires users to create an account to allow users to edit, amend and maintain their event listings.
To encourage usage and ease of use I would like to have a menu link 'List your event' which links to /node/add/event.
I use a 403 redirect to login because users who already have an account will expect to be asked to login if they aren't and new users will be directed immediately to where they need to be (login or sign-up) and this again is an expected behaviour.
This also centralises our messaging to encourage sign-up to the login page.
-
To get around this on our previous Drupal site we created hard coded links within menu template files. This is a pretty ugly solution.
You could add authenticated/unauthenticated link sets but this is bugged: #2267603: "Login" link shows up for logged-in users as well and it's also a little difficult to maintain because the you will end up with two links of the same name in the same menu which I discovered while find the above mentioned bug.
Comment #30
bkosborneDrupal 8 point releases can introduce new features, so no need to push such a feature to D9.
This would also be useful to sites I managed.
Comment #33
malcolm_p CreditAttribution: malcolm_p commentedI also had this need and solved it by using a custom menu link manipulator when rendering my menu. I did this by adding a field to the menu_link_content entity and altering the form with a checkbox to ignore access on that specific link.
Unfortunately core doesn't expose an alter / event for this so it's kind of a custom process. I'm linking this to #2854013 as a result because I think that would help this issue a lot.
Comment #38
michal.k CreditAttribution: michal.k commentedHi Drupal Team,
It's easy. Just use `Menu Item Role Access` contributed module and check `Anonymous user` and `Authenticated user` roles for a particular menu item to make it visible for ALL! IMPORTANT: to make it working enable `Overwrite internal link target access check` in module config page (admin/config/menu-item-role-access).
Hope that this helps a lot of people!
Good luck!
Michal.