Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Because the original issue has way too many replies (two pages already) and floods the testbot with re-test requests with all of it's patches, I wanted to get a clean issue for #58224: Allow anonymous users access to a members personal contact form. Latest patch attached for review.
Executive summary:
1. Adds a new permission 'access personal contact forms'
2. Makes personal contact forms act like the site-wide contact forms where you can enter your name and e-mail. This was necessary to open this up to anonymous users.
3. Brings some cleanups from the personal contact form submit handler back to the site-wide contact form as well.
4. Fixes some placeholders that were not properly replaced in e-mail messages
5. Adds tests for anonymous personal contact form access.
6. Saves name and e-mail fields to the visitor cookie if entered by anonymous users on the personal contact forms, just like the site-wide contact form and comment forms. Yay for re-use and making it easier for anonymous users!
| Comment | File | Size | Author |
|---|---|---|---|
| #24 | 601250-followup-D7.patch | 744 bytes | Dave Reid |
| #22 | 601250-followup-D7.patch | 818 bytes | Dave Reid |
| #21 | 601250-followup-D7.patch | 819 bytes | Dave Reid |
| #10 | 601250-user-contact-anonymous-D7.patch | 14.85 KB | Dave Reid |
| #7 | 58224-user-contact-anonymous-D7_2.patch | 14.76 KB | VM |
Comments
Comment #1
Dave ReidAdding tag. This is an incomplete feature, and one of the major things holding back contact.module. And it was easy.
Comment #2
Dave Reidwebchick and I agreed that this was not an API change even with a new permission and validation function, so it could wait until post-slush freeze. But I wouldn't mind if it were committed sooner.
Comment #4
Dave ReidHelps to use the correct permission name everywhere...
Comment #5
Dave ReidSince the feature for contact forms already exists and this this correcting an implementation bug, I am marking this as a task.
Comment #6
andypostGreat patch! And very useful feature!
user's not users'
Comment #7
VM CreditAttribution: VM commentedcorrected typo and reuploaded.
Comment #8
andypostThis does not work for we (WinXP ff35 , google chrome, safari 4)
Comment #9
greg.harvey@andypost, trivial point really, but I'm not sure that was a typo - if it's referring to users in the plural, i.e. all users, then
Access users' personal contact formswould be correct.user'sis correct if referring to a single user's contact form.Comment #10
Dave ReidYeah technically it was correct, but this permission should be standardized with other permissions like 'access user profiles'. Ergo, revised patch with a 'access user contact forms' permission.
Comment #11
andypostAnonymous users now send messages!
Yay for re-use! tested (WinXP ff35 , google chrome, safari 4, opera 10 and IE6) - all of them works
tested flood! - blocks if browsers from 1 ip
Comment #12
Dries CreditAttribution: Dries commentedThis looks good to me. Committed to CVS HEAD. Thanks.
Comment #13
Dave ReidThanks Dries! Seems fitting that this issue was fixed on the *exact* 3.5 year anniversary of when this issue first started in #58224: Allow anonymous users access to a members personal contact form - April 11, 2006!
Comment #14
Dave ReidPeople from #58224: Allow anonymous users access to a members personal contact form that also deserve credit for this:
Patchers: karschsp, matt@antinomia, David Lesieur, Owen Barton, pwolanin, TBarregren, coltrane, mrtoner, deviantintegral, rleigh, swaroopch, jonhinkle
Reviewers: mfer, scottrigby, greg.harvey, Michelle, binford2k, andrewfn, dalin, Rosamunda, chx, lreid, ggamba, tizzo, wanabeanon, rhimes, Chad_Dupuis, Dries, pp, drewish, killes@www.drop.org, bradlis7, agentrickard, bflora, christefano, naquah, davbusu, j0rd, renee, keith.smith, tstoeckler, borfast
Comment #15
gpk CreditAttribution: gpk commentedGreat stuff :)
I notice that this has caused a partial rollback of #229660: Use theme_username() in the personal contact form, specifically the sender's default name has reverted to being just their account username i.e. $user->name, whereas the recipient still gets shown according to the change in that issue, i.e. their themed username is shown. As well as potentially creating a link to the recipient's profile page this also allows the recipient's real name to be shown on their contact page, e.g. if profile fields are used to store the real name and if a theme override is used).
This is pretty minor though, #10 is still a really useful improvement.
Comment #16
Dave Reid@gpk: Yes, this basically works exactly like the site-wide contact form now. I was thinking about creating a follow-up issue to tighten both site-wide and personal contact forms to not allow logged-in users to enter their name or e-mail, much like comment forms change between anonymous and regular users. Let's fix this in a follow-up.
We didn't change anything about showing the recipients name so I'm not sure what you are talking about.
Comment #17
gpk CreditAttribution: gpk commentedYes, what I'm saying is that we've lost the theme_username() aspect for just the sender, not for the recipient, so this is potentially a bit confusing now.
Comment #18
andypostSuppose this task should go to #192056: User's raw login name should not be output directly
Comment #19
Dave ReidNo this is a specific problem for contact.module. That issue is not related to putting the user name in input fields, just displaying it. Follow-up in #601776: Remove the ability of registered users to change the sender name or email address in contact forms..
The only true followup concern I have is that by default any registered user could access personal contact forms in D6. Now that we have a permission for this, when sites upgrade to D6 from D7, should we add the permission for authenticated users in an update function so sites don't 'lose' functionality?
Comment #20
gpk CreditAttribution: gpk commented> should we add the permission for authenticated users in an update function so sites don't 'lose' functionality?
Yes, but perhaps only if contact.module is enabled.
Comment #21
Dave ReidFollow-up to add the 'access user contact forms' for registered users on update. Will not affect new installs of contact.module in D7.
Comment #22
Dave ReidLast patch was invalid.
Comment #23
andypostTry using RoleAPI http://api.drupal.org/api/function/user_role_grant_permissions/7
Comment #24
Dave ReidThe fact that I forget about issues that I had a hand it is funny or sad. Thanks andypost for reminding me. :)
Comment #25
andypostMuch better
Comment #26
Dries CreditAttribution: Dries commentedCommitted to CVS HEAD. Thanks.
Comment #28
Sivaji_Ganesh_Jojodae CreditAttribution: Sivaji_Ganesh_Jojodae commentedIs there any chances of backporting this features to drupal 6.x ?
Comment #29
andypost@sivaji http://drupal.org/node/58224#comment-2138596
Comment #30
Sivaji_Ganesh_Jojodae CreditAttribution: Sivaji_Ganesh_Jojodae commented@andypost thanks for the link but contact_anon [1] has no d6 port.
[1] http://drupal.org/project/contact_anon