I have set the permissions of the back reference view to a certain role.
Anonymous users and other roles are not allowed to see the back references.
If I use the tab referrer type, the tab itself is always shown. If I click on the tab, I get a warning because I changed the permissions of the view.
The same happens when I use the fieldset referrer type.
Only when I choose for the content field option I am able to hide the back references without an error message.

I prefer to use the tab method. How can I hide the tab for users that do not have permission to access the view?

Files: 
CommentFileSizeAuthor
#7 noderelationships_permissions.tar_.gz618 bytesemptyvoid

Comments

Version:6.x-1.1» 6.x-1.x-dev
Category:support» feature
Status:Active» Postponed

There's a @todo note in the code (noderelationships.module) about this.

<?php
/**
* Access callback for the node relationships tab.
*
* @see noderelationships_menu()
*/
function noderelationships_backref_access($referred_node) {
 
// Deny access if the user does not have access to view the referred node.
 
if (!node_access('view', $referred_node)) {
    return
FALSE;
  }
 
// Include common module functions.
 
module_load_include('inc', 'noderelationships');
 
// Obtain back reference settings for this type.
 
$backref_settings = noderelationships_settings_load($referred_node->type, 'backref');
 
// Deny access (meaning the tab is not visible) when the node type
  // does not have back references enabled for this region.
 
if (empty($backref_settings['regions'][NODERELATIONSHIPS_BACKREF_REGION_TAB])) {
    return
FALSE;
  }
 
// Ok, the user is allowed to view the node and this type has potential
  // back references, so we can grant access to the relationships tab.
  // @todo: Find out a way to hide the relationships tab if THIS node does
  // not have real back references. The problem here is that a series of
  // SELECT COUNT(*) queries would affect performance, so we would have to
  // use a summary field or something similar. But this information would
  // have to be updated when a nodereference is added, changed or removed
  // from the database.
 
return TRUE;
}
?>

Ok, so we also need to deal with views where the user does not have access to prevent access denied errors. But still, we need to find a way to cache this information because this function could impact performace.

I'm turning this issue into a feature request, but postponed until there's a patch for review. I'm not sure I'll have the time for this in the short term though.

Title:hide back references tab for certain rolesAllow external modules deny access (and hide) to the Relationships tab
Status:Postponed» Fixed

Ok, I have committed to CVS a small change that allows external modules deny access (and hide) the Relationships tab. All you need to do is implement hook_noderelationships_backref_access() in a custom module as in this example:

<?php
function mymodule_noderelationships_backref_access($node) {
  if (
/* Condition to check if the current user has access to the Relationships tab for this node. */ ) {
    return
FALSE;
  }
}
?>

This fix is not included in noderelationships 6.x-1.2. It should be available in the next development snapshot.

Thanks a lot. I will wait for the next dev because I do not know how to create a custom module.

Ah, that's pretty easy:

Let's say your module name is "mymodule".

1) Create a folder for your module in the same modules directory where you install modules. ie. sites/all/modules/mymodule, sites/domain/modules/mymodule

2) Create a file mymodule.info similar to this:

// $Id$
name = My module
description = This is my custom module.
package = Custom modules
core = 6.x

3) Create a file mymodule.module similar to this:

<?php
// $Id$
/**
* @file
* This is my custom module.
*/
/**
* Implementation of hook_perm().
*/
function mymodule_perm() {
  return array('view relationships tabs');
}
/**
* Implementation of hook_noderelationships_backref_access().
*/
function mymodule_noderelationships_backref_access($node) {
  //
  // You need to write the proper condition here !!!
  //
  if (!user_access('view relationships tabs')) {
    return FALSE;
  }
}

4) Goto modules administration and install your custom module. It should be found in "Custom modules" category.

5) Assign the new permission implemented by your custom module to the roles of your choice. Or you may want to change this to suit your needs.

For further information, please look at the handbooks, or ask in the development forums.

This works great! Thank you, markus.

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

StatusFileSize
new618 bytes

For those that "stumble upon" this closed notice I have attached a small module to enable a global permission for seeing the tab.