Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Even with the various forum access modules out there, there's no simple way to just disable forums completely for anonymous users. They still at least see the presence of forums, or see that there are no forums they have access to.
This patch addresses that by introducing a new permission, "access forums", that applies to the /forums path instead of the generic "access content". It has no other changes.
Comment | File | Size | Author |
---|---|---|---|
#27 | 8-132211--form-listing-permission.diff | 1.33 KB | thehong |
#9 | forum_listing_perm_update.patch | 2.89 KB | catch |
#8 | forum_listing_perm_0.patch | 2.2 KB | catch |
#7 | forum_listing_perm.patch | 2.24 KB | catch |
#3 | forum_permission_0.patch | 935 bytes | Crell |
Comments
Comment #1
Dries CreditAttribution: Dries commentedI'm worried that this patch might cause confusion, and that it is somewhat misleading. People will expect their forum topics to be protected too. At the same time, I recognize that we need a permission like this. Maybe we should call it 'access forum listing' instead? It might be slightly better, yet far from optimal.
Comment #2
webchickI personally would be more in favour of getting a full-fledged CRUD access system for forums ala forum access module, or else a consistent set of 'access FOO node type' permissions in core, since we already have CUD for those. :)
Comment #3
Crell CreditAttribution: Crell commentedFull CRUD for all node types would be great, but I'm just thinking small here at the moment. :-) Also, this isn't CRUD on forum nodes but on the forum listing page itself, which is specific to forum module. It's orthogonal to node CRUD permissions. Right now there is simply no good way to have forums that exist only for authenticated users. This gives us a way. I very much do not have time to give forum module a full overhaul, so I'm just tossing in an incremental improvement.
Here's a reroll with the permission name Dries said he prefers. No other changes.
Comment #4
majortom CreditAttribution: majortom commentedI posted this in WebChix critical features section, however, it seems relevant here as well.
I think that much finer grain permissions are very important.
Viewing:
Allow a user to see a list of forum groups.
Allow a user to see a list of forums within a group.
Allow a user to see the topic headings in a forum.
Allow a user to see a particular thread (this is optional but would be nice).
Allow access to specific items within a post or thread (e.g. poster user name, poster IP address, poster IP address country,
poster's online/offline status).
Posting/Reporting:
Allow a user to post a new topic.
Allow a user to post a reply to an existing topic.
Allow a user to include a picture in a post.
Allow a user to append a file to a post (may be the same as above).
Allow a user to include a link in post.
Allow a user to edit the topic in a post of his own.
Allow a user to edit his own post.
Allow a user to report a post.
Moderated posting:
All of the above options, but require that they be moderated before finally appearing.
Moderator/Administrator:
Allow a moderator to create a new forum group.
Allow a moderator to create a new forum.
Allow a moderator to create a new sub-forum.
Allow a moderator to merge threads.
Allow a moderator to move or delete threads.
Allow a moderator to edit/delete specific posts.
Allow a moderator to edit thread topics.
Allow a moderator to approve a submitted post.
Allow a moderator to approve an edited post.
Allow a moderator to approve a topic change.
Here is an example.
Forums:
Administration:
Hardware:
Network:
Software:
Security:
Home Theatre:
News:
Expert Help:
HD Projectors:
LCD:
DLP:
Topic: My new DLP projector rocks!
Member Deals:
Adult:
Reviews:
Discussions:
So for example:
Only system administrators can see a list of the Administration forum group.
All system administrators can view posts in Hardware, Software and Network Forums.
Hardware administrators can post in their own forum.
Only security administrators can view posts in their forum.
Only users over 18 can even see that the Adult forum group exists.
Only registered users that have specifically requested it, may be able to see posts in either the Adult: Reviews or Discussion forums.
Only moderators may post in Home Theatre: News:
Any one may create a topic in Home Theatre: Expert support: but only those in the expert group can post replies.
Anonymous users may read posts in the all Home Theatre forums except Home Theatre: Member Deals: where they can see topics only (none of the actual posts).
The others are, I hope self explanatory. :-)
/carmi
Comment #5
catchThis still applies (with fuzz). However since this permission is empty by default, so when upgrading existing sites it could leave to some unexpected behaviour. Could do with an upgrade path to enable the permission by default.
Also I noticed if you remove "access content" from anonymous users, but leave "access forum listing" enabled- they can see the forum listing anyway - almost the reverse of what this patch was designed to prevent. Currently removing "access content" blocks the forum listing - so I think any upgrade path should ideally enable the forum listing only for roles which already have "access content", or there should be some kind of dependency between the two permissions.
This seems like a sensible usability fix, so maybe could be snuck into D6 if the upgrade path isn't too hard (although it's beyond me).
Comment #6
Wim LeersI think most people expect this kind of functionality to be available automatically when they install a forum. This would increase the "Drupal core satisfaction rate".
+1
Comment #7
catchOK this patch re-rolls against head, and adds "view forum listing" as a default permission in system.install to keep current behaviour for anonymous and authenticated users without any extra configuration.
Leaving as CNW for an upgrade path, I'm hoping to have this a bit later on today.
Comment #8
catchack here's one with unix line endings.
Comment #9
catchOK got to this quicker than I thought. Untested as yet, but could do with reviews on the system update which is the only bit likely to be controversial I think.
What this should mean is that for both new and upgraded drupal installs, there's absolutely no change from current behaviour, but admins can then change the permission if they want to. This will save lots of "where's my forum gone" support requests I think.
Comment #10
JirkaRybka CreditAttribution: JirkaRybka commentedThe cloned code for system_update_6035() still uses $renamed_permission variable name, which is not the case, and should be changed to something more fitting IMO. Perhaps $updated_permission or the like?
Comment #11
moshe weitzman CreditAttribution: moshe weitzman commentedI have to agree with Dries that this will cause confusion. What most people want (i think) is private forums, and this doesn't do that. Anons will get these nodes in search results and so on.
In Drupal6, it is trivially easy to use hook_menu_alter() to change the access callback for these pages. I suggest that a Contrib module do that, and leave this out of core.
Comment #12
catchJirkaRybka, good point. Given Moshe's comments I'll leave this for discussion rather than re-roll though. If consensus is to not have this in, then we should put "forum access in core" as the title and set to active for D7 imo.
Comment #13
PanchoTwo months later what catch proposed is all we can do: bump it to D7...
Comment #14
catchunassigning myself - we should see how node_access runs in D7 and work on forum_access (either the module itself or at least the concept) in core instead.
Comment #15
lordzik CreditAttribution: lordzik commentedHello,
i see that i've duplicated this here ( http://drupal.org/node/298510 ). Please consider this:
--- modules/node/node.module.old 2008-08-22 13:35:47.000000000 +0200
+++ modules/node/node.module 2008-08-22 13:36:51.000000000 +0200
@@ -2754,6 +2754,10 @@ function node_access($op, $node = NULL)
return FALSE;
}
+ if ($op == 'view' && $node->type == 'forum' && !user_access('access forum listing')) {
+ return FALSE;
+ }
+
if (user_access('administer nodes')) {
return TRUE;
}
Without this, anyone can view forum topics simply by guessing node/xxx number.
Comment #16
lilou CreditAttribution: lilou commented@ lordzik : your patch in #298510: Forum access privilege no longer applies.
Comment #17
Wim LeersCleaning up the issue queue.
Comment #18
Crell CreditAttribution: Crell commentedThis is still an open issue as it has not been resolved but needs to be.
Comment #19
webchickI agree with Moshe and Dries, et al. This new permission only makes sense if bundled with actual forum access controls, and that won't happen in D7.
Bumping to 8.x.
Comment #20
majortom CreditAttribution: majortom commentedJust curious if there are any further plans for forum access controls in Drupal 8?
Comment #21
Jeff Burnz CreditAttribution: Jeff Burnz commentedI am building an R&D site for the Snowman initiative and my site needs forums to be private, but I can't do this in core, so subscribing :)
Comment #22
yoroy CreditAttribution: yoroy commentedtagging
Comment #23
alexweber CreditAttribution: alexweber commentedThis looks like it duplicates #878530: Permission for Forum access, assign access based on role.
I've submitted a patch for the latter issue.
Comment #24
alexweber CreditAttribution: alexweber commentedComment #26
sunComment #27
thehong CreditAttribution: thehong commentedComment #29
thehong CreditAttribution: thehong commented#27: 8-132211--form-listing-permission.diff queued for re-testing.
Comment #44
quietone CreditAttribution: quietone at PreviousNext commentedForum is approved for removal. See #1898812: [policy] Deprecate forum module for removal in Drupal 11
This is now Postponed. The status is set according to two policies. The Remove a core extension and move it to a contributed project and the Extensions approved for removal policies.
It will be moved to the contributed extension once the Drupal 11 branch is open.
Comment #46
quietone CreditAttribution: quietone at PreviousNext commented