"access callback": A function returning a boolean value that determines whether the user has access rights to this menu item. Defaults to user_access() unless a value is inherited from a parent menu item..

The part "[...] unless a value is inherited from a parent menu item.." is not really right since http://drupal.org/node/244637 or can lead to misunderstand

CommentFileSizeAuthor
#8 callbacks_arent_inherited-975754-d6-8.patch866 bytesAlbert Volkman
#3 975754.patch3.73 KBjhodgdon
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jhodgdon’s picture

jhodgdon
she/her
Primary language English
CreditAttribution: jhodgdon commented
Version: 6.x-dev » 7.x-dev

I see where that security announcement says that access callbacks are not inherited. Presumably this is true in D7 as well, and the doc should be fixed there first.

I would like to see someone verify in the menu building code that this fix is still in effect before we change the doc though.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
CreditAttribution: jhodgdon commented
Title: Documentation problem with hook_menu » hook_menu() doc says that access callbacks are inherited
Component: documentation » menu system

Updating title. Still needs to be investigated for D7 and D6, to verify whether the doc is correct or not (the doc says access callbacks are inherited).

jhodgdon’s picture

jhodgdon
she/her
Primary language English
CreditAttribution: jhodgdon commented
Title: hook_menu() doc says that access callbacks are inherited » hook_menu() doc says that access callbacks are inherited - they mostly aren't
Status: Active » Needs review
FileSize
975754.patch3.73 KB

Another note: the menu system topic/group (which is located at the top of menu.inc) also says that access callbacks are inherited. So if this is wrong, we need to fix it there too.

In Drupal 7, it looks like access callbacks are inherited, but only for MENU_DEFAULT_LOCAL_TASK items. Here's the relevant code from _menu_router_build():

        // If an access callback is not found for a default local task we use
        // the callback from the parent, since we expect them to be identical.
        // In all other cases, the access parameters must be specified.
        if (($item['type'] == MENU_DEFAULT_LOCAL_TASK) && !isset($item['access callback']) && isset($parent['access callback'])) {
          $item['access callback'] = $parent['access callback'];
          if (!isset($item['access arguments']) && isset($parent['access arguments'])) {
            $item['access arguments'] = $parent['access arguments'];
          }
        }

This is identical in Drupal 6 as well, and is explained here (the change was made in **Drupal 6.2** and this has been wrong in the documentation since then!): http://drupal.org/node/244569

So the doc does need an update... here's a patch. If accepted, it also needs to be ported to Drupal 6.x.

moshe weitzman’s picture

moshe weitzman CreditAttribution: moshe weitzman commented
Status: Needs review » Reviewed & tested by the community

Looks good. Please move to d6 after commit.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented
Status: Reviewed & tested by the community » Fixed

Committed to HEAD. Thanks!

jhodgdon’s picture

jhodgdon
she/her
Primary language English
CreditAttribution: jhodgdon commented
Version: 7.x-dev » 6.x-dev
Status: Fixed » Patch (to be ported)

Patch should be ported now to D6, which works exactly the same.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick commented

Sorry. I meant to do that, had a brain-fart.

Albert Volkman’s picture

Albert Volkman CreditAttribution: Albert Volkman commented
FileSize
callbacks_arent_inherited-975754-d6-8.patch866 bytes

Small D6 patch :)

jhodgdon’s picture

jhodgdon
she/her
Primary language English
CreditAttribution: jhodgdon commented
Status: Patch (to be ported) » Reviewed & tested by the community

Thanks! That patch looks good for Drupal 6.

We also need a patch for that fixes up the hook_menu() example (in D6, hook docs are in the Documentation project repository). If you are interested in doing that, you could attach it here -- just give it a file name that will make the test bot ignore it (see note below the Attach new file field when you attach the file).

Albert Volkman’s picture

Albert Volkman CreditAttribution: Albert Volkman commented

It looks like the hunks for system.api.php are already in developer/hooks/core.php in the documentation project. Refs-

http://drupalcode.org/project/documentation.git/blob/refs/heads/6.x-1.x:...
http://drupalcode.org/project/documentation.git/blob/refs/heads/6.x-1.x:...

Unless I'm misunderstanding the need?

jhodgdon’s picture

jhodgdon
she/her
Primary language English
CreditAttribution: jhodgdon commented

Correct, sorry I just assumed without actually checking. Thanks!

Albert Volkman’s picture

Albert Volkman CreditAttribution: Albert Volkman commented

No prob at all!

Gábor Hojtsy’s picture

Gábor Hojtsy
he/him
Primary language Hungarian
Location Hungary
CreditAttribution: Gábor Hojtsy commented
Status: Reviewed & tested by the community » Fixed

Superb, committed, pushed.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.