-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Moshe Weitzman schrieb:
as more an more people use Drupal to provide non-traditional Webpages (e.g. providing services using Ajax, Flex, ...) our traditional access permission checks in hook_menu are less than ideal.
I don't see a problem here. It is up to the service that exposes the functionality to control access. It feels like this is a solution in search of a problem.
I've encountered the same problem for a second time today. The problem can be summarized as "submit a form in a way that does not involve rendering a html page".
Can we identify some more concrete use cases or an SA that would have been avoided had we implemented this?
- From the fact that I needed this functionality, I infer that there are others who need it too. I've found 111 invocations of drupal_execute in CVS for D5 alone. I guess that there are 2-10 SAs in there.
For example, you can use drupal_execute to conveniently create content or anything else. However, no check for access permissions is done since this only happens in the menu hook for node/add/whatever.
thats a feature. use reponsibly, just like the rest of our php code.
It is annoying if you want to do exactly that. To get around the problem of #access-less forms, I need to hook_form_alter #access to false for all of them and then one-by-one set permissions for the ones I need. Cheers, Gerhard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkCFfcACgkQfg6TFvELooQp7gCgnb7K7KEcV7wbgZmEUeXkBKTw R4AAni9wGxk5iuEj2GF9bfHaoOFT2W5Q =I9p8 -----END PGP SIGNATURE-----