URL Operations

This module aims to provide entity-level, secure URLs for manipulating entities.

What does this mean?!

This module will, currently, produce one-time-use URLs for the following:

• Nodes:
  • Publish
  • Unpublish
• Comments:
  • Publish
  • Unpublish
• Users:
  • Block

These URLs are secured against the private salt on the site, the generated timestamp, the user ID that generate the link and more. The node actions, for example, are also secured against the node changed timestamp so any modification to a node makes a URL invalid (as the hash will change based on the node last changed timestamp). It also means that if an editor alters a node after a link is made, the link becomes invalid.

Administrators can configure how long a link should "live for". If an expiry of 1 hour is set then the timestamp in the URL is used to check that the link is still valid when it is visited. This helps improve security by not leaving dead links lying around.

The module has been written in (or at least attempted to be written in) a very extendible way. Althouh it currently only supports two actions on nodes, adding other entity types (like users, terms, vocabs) and other operations (which are basically action macros) are VERY easy. For more information on what hooks are available to extend this module, see the API documentation. Most of the exposed hooks are used by the module itself.