Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I am using contemplate with cck_field_perms...it seems like a dangerous combination.
When I don't adjust the template, the cck_field_permissions work properly. The user only sees and can edit the proper items.
But when I enable the "Affect body output" checkbox in the template, and don't change a thing in the code, the fields that are supposed to be blocked from view are now viewable! As I said, I didn't even change the code.
So is there extra PHP code that I need to surround the fields that I want it to listen to the CCK field permissions?
Comment | File | Size | Author |
---|---|---|---|
#3 | body_var.txt | 1.86 KB | mdowsett |
Comments
Comment #1
jrglasgow CreditAttribution: jrglasgow commentedCan you post a copy of the 'Body variables' that you have in the template?
Comment #2
mdowsett CreditAttribution: mdowsett commentedGladly - thanks for the offer:
First Name
print $node->field_fname[0]['view']
Last Name
print $node->field_lname[0]['view']
Address
print $node->field_address[0]['view']
Preferred Phone Number
print $node->field_pref_phone[0]['view']
Alternate Phone Number
print $node->field_alt_phone[0]['view']
Last Membership Year
print $node->field_year_last_member[0]['view']
Received Handbook
print $node->field_received_handbook[0]['view']
Whitewater List
print $node->field_ww_list[0]['view']
Comment #3
mdowsett CreditAttribution: mdowsett commentedthat didn't post too well, did it?!
Attached is a txt file.
Comment #4
jrglasgow CreditAttribution: jrglasgow commentedI was looking for something a little more like this
I just copied and pasted the vars and put them in
<code>
tags.Comment #5
mdowsett CreditAttribution: mdowsett commentedComment #6
jrglasgow CreditAttribution: jrglasgow commentedthis node whose variables you just pasted, are all permissions set to TRUE or permitted? I see some variables that seem to have permission settings
If this is not the case could you please paste in a set of variables where some CCK fields are not permitted by the current user.
Comment #7
mdowsett CreditAttribution: mdowsett commentedNo, some are restricted (and it works if contemplate is not enabled).
The restricted ones are:
ww_list
mem_amt_pd
received_handbook
And the variables above haven't changed, but here they are again
Thanks so much for your help
Comment #8
jrglasgow CreditAttribution: jrglasgow commentedI set up cck_field_perms on my test site with a birth date field, I get this in my variables box.
The default contemplate for this test content type I set up:
Contemplate by default sees a CCK field and assumes everyone will view it, so it show it to everyone, it also doesn't show the node body. The following will check the field permissions, and show the body.
Remember that you must be logged in as a user without permission to not be able to view the field. If you are logged on as the root user (uid == 1) you have all permissions, regardless of the acces control settings.
This code tested out properly on my test site.
Comment #9
mdowsett CreditAttribution: mdowsett commentedFor testing, I do log in as a plain-old authenticated user and the cck_field_perms are set as per the attached pic.
I'm probably not understanding contemplate....I haven't used it before.
Here is the variables related to one field I'd like to hide:
All the lines that start with $node are clickable links that add code to the tempate....am I to pick one of them to properly show/restrict access as desired?????
My guess is that I am to click on the correct clickable links to add the code....so I tried it by clicking on all four to add them all - and this is what it added:
The result...to the admin user (UID=0) it showed:
1
Membership Amount Paid:
$4444
21
(I have no idea where the '1' and '21' came from"
And for the "authenticated user" it shows:
Membership Amount Paid:
$4444
2
And it shouldn't show the membership amount paid (due to the cck_field_perms set for that field and user) and it also shows the '2' but neither of the 1's....
I'm lost here....thanks for sticking with me....I hope you can make things click for me here.
Comment #10
jrglasgow CreditAttribution: jrglasgow commented"am I to pick one of them to properly show/restrict access as desired?????"
Yes
notice the line
$node->content['field_mem_amt_pd']['#access']
. When this is set to TRUE or 1 (as it printed out in your example) the user is allowed to view the field. If you put this in your contemplate:it will only print the
'#value'
of the field if the user has'#access'
-------------------------------------------------------------------------------------------------------------
Now I will explain things to you:
admin (root) user:
when you are logged in as the root user you see these results
authenticated user:
Contemplate was not written with cck_field_perms in mind, in the future it may have awareness built in. If you plan to use Contemplate you will want to gain an understanding of how the node object is constructed, or at least how you can use the many variables provided. I had to actually read your variable list a couple of times before I started to understand what was going on. If you need any more help don't be afraid to ask.
Comment #11
mdowsett CreditAttribution: mdowsett commentedMANY MANY thanks for your explanation.
I guess that answers my ultimate question....contemplate can't be used with cck_field_perms....how disappointing
I've moved this to a feature request
Comment #12
jrglasgow CreditAttribution: jrglasgow commentedYou are not understanding what I am saying. Contemplate can be used with cck_field_perms. All you have to do is a simple bit of code in your template
This is how Contemplate is designed, to allow the site administrator to decide how things were laid out, you just have to do a little work.
Comment #13
jrglasgow CreditAttribution: jrglasgow commenteddo you still need help with this?
Comment #14
mdowsett CreditAttribution: mdowsett commentedI don't have the ability/need now for this...I can't test it. I must have missed or forgotten your last reply so I thank you for your reminder. I'll try to get this working on another site.
Comment #15
YesCT CreditAttribution: YesCT commentedthank you for working through this issue here so everyone can see. This has been very helpful!
Comment #16
SocialNicheGuru CreditAttribution: SocialNicheGuru commenteddoes cck permissions remove the field from the node edit form?
if so, how?
Comment #17
mdowsett CreditAttribution: mdowsett commentedthere are separate permissions to disallow node owners from seeing the field in the original node creation AND the editing.
As to HOW it does it, I have no idea.
Comment #18
pizangdesain CreditAttribution: pizangdesain commentedhow to prnt picture in contemplate?
i just use $node->picture but its not appear...
Comment #19
ramones79 CreditAttribution: ramones79 commentedIn my case the code for a value is for example :
I find the code you provided to check if a user has access permissions for a very useful one and I intend to use it. This one:
But I'm in doubt how to implement it. Should I call for the value this way :
or this way :
??
In the first case I call for the field X from the content of the node Y
In the second case I directly call for the field X from node Y without to involve the 'content' statement.
What is the best approach or are they both correct?
Btw I'm using actively the Views module, is it involved somehow in the way I should use to print the value of a given field ?
Thank you very much in advance :)
Comment #20
ramones79 CreditAttribution: ramones79 commentedLooks like I found the working code for my case (and perhaps your case) :
Hope this helps for those of you, who have the same as mine output code from the Contemplates (in this case this code is part of my node-content_type-body.tpl.php file)
Comment #21
pizangdesain CreditAttribution: pizangdesain commentedHmmm... i've try it, but it didnt appear.
I use image attached to insert image in node.
I try like this in contemplate.
and
please correct me if thats wrong coding...
Comment #22
ramones79 CreditAttribution: ramones79 commentedThe coding itself is not wrong, but the way you try to access the fields maybe not appropriate /and non-working/
You are trying to retrieve type of content from NODE - FILES or from CONTENT - FILES.
My approach is different, because I directly call for the field (and in my case it is a custom field, called field_camera_image
It is important to check what code do you see in Contemplates for the particular content type ? You should use this code and this way to get the fields. Because I'm using some modules and they produce one kind of code, but probably you use another bunch of modules and they produce another code.
I assume that you're trying to create a custom body for a given content type (as it is my case)
Then go to Administer -> Content Management -> Content Types - and then click on the tab "Content Templates".
Find the desired content type to be changed and click on Edit Template
Click on the Body to expand and then click on Affect body ...
The code you see and the way fields are called - its the way you should call the fields too.
(If you see "This template is being read from.." you need to temporarily rename the .tpl file from the server - just add .old at the end, and refresh the page to access the code, after you see it - rename back your tpl to the original name and refresh again.)
Do you use file /disc/ based templates?
I have installed these modules on my Drupal: Views, CCK, Content Permissions, Image, ImageCache and ImageAPI
Comment #23
ramones79 CreditAttribution: ramones79 commentedIf you use content permissions check if the anonymous user role has the permissions to view your image field. It is very possible that you don't see anything just because the code IS working, but the Anonymous user account doesn't have access rights.