Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Is it possible to make data blocks respect node access restrictions when querying the drupal database? I need to define Forena reports on Drupal nodes, but ensure that nodes that the current user cannot access do not appear in the report. Is there a way to check node access permissions as the entity load is done, and exclude a node if the current user shouldn't be able to access it?
Comment | File | Size | Author |
---|---|---|---|
#3 | node_permmissions_2140269.patch | 3.83 KB | metzlerd |
Comments
Comment #1
vsamtani CreditAttribution: vsamtani commentedI am guessing that the place to check node access permissions is somewhere in loadEntities() in plugins/FrxDrupal.inc, but I'm now at / beyond the limit of my skills with Drupal...
Comment #2
metzlerd CreditAttribution: metzlerd commentedYes that's true... Sorry for taking so long to respond.
This is not currently easy to do with Forena, but I have been looking to see what standard mechanisms can be leveraged for entity load events. I will certainly work on this issue as I think it's important too.
The only thing that's possilbe right now is to write data blocks that filter out node_access based on the node access table, but this would require detailed knowledge of how a particular node access methodology would operate. It's not easy as I said.
Comment #3
metzlerd CreditAttribution: metzlerd commentedHere is a patch that appears to do the job. If you could test it out that would be greatly appreciated.
Comment #4
hgkris CreditAttribution: hgkris commentedHow can you apply the patch? Has someone got the FrxDrupal.inc allready patched and can place it here?
Comment #5
metzlerd CreditAttribution: metzlerd commentedIf you would like, you can download the 7.x-3.x-dev snapshot release and test it from there. Either that or browse to the commit, finding the appropraite file. This has been committed to the dev branch. Please post testing results here.
Comment #6
hgkris CreditAttribution: hgkris commentedI've tried it on Drupal 7. I'm a new user of drupal, but the last few days I was experimenting with Forena and I must say that I get what I want. The learning curve is good.
The only thing I need is a stricted access based on Drupal roles.
If i create a report and there is only one group that can view this, it shouldn't be possible to view it by another group or accessing through url.
Should it be easy to implement report access based on Drupal roles so for example student who are logged in the system can't view the reports neither view it when entering the correct url when they don't have permission?
Comment #7
hgkris CreditAttribution: hgkris commentedI've moved my question because maybe this issues is something else.
Comment #8
metzlerd CreditAttribution: metzlerd commented