[development] Question about Drupal ACLs

Rob Barreca rob at electronicinsight.com
Wed Jul 12 16:57:10 UTC 2006 

I was using the taxonomy_access.module when I came across this.  There 
is an outstanding issue with Drupal core menu not respecting node access 
permissions in the db_rewrite_query.

This might shed some light:

http://drupal.org/node/16542

Rob Roy Barreca
Electronic Insight Corporation
12526 High Bluff Drive, Suite 300
San Diego, CA 92130
http://www.electronicinsight.com
rob at electronicinsight.com



Dave Cohen wrote:
> Nick,
>
> Here's my understanding hopefully someone will correct me if I'm wrong.  You 
> asked about hiding node and the menu items that link to them based on user 
> roles.
>
> Unfortunately, the menu items and the nodes are completely seperate things, 
> each with their own mechanism to hide or make visible.  Nodes can be 
> effectively hidden thanks to the node_access database table.  There are a 
> number of contrib packages that make use of this.  These packages hide nodes 
> based on taxonomy or user role or what have you.
>
> Menu items come from two places.  Either a) the database, or b) a hook_menu 
> callback.
>
> When generating a menu item via hook_menu, the programmer can associate an 
> access value with the item, effectively hiding it from some users.
>
> When the menu item comes from the database, there is no way to do this.  
> (someone correct me if I'm wrong.)  The item will always be visible to all 
> users.  These type of menu items are generated when you fill in the menu 
> settings fieldset on a node edit form, or when you add items from admin/menu.  
> Bottom line: there is no way to hide these items at present.
>
> To do what you want, you'll have to generate those menu items from hook_menu.
>
> -Dave
>
>
> On Wednesday 12 July 2006 07:43, Nick Whalen wrote:
>   
>> On Mon, 2006-07-10 at 21:31 -0400, Khalid B wrote:
>>     
>>> Did you try simple_access?
>>>
>>> It allows access by role on the node level, via one level of indirection.
>>>       
>> Yes I did, however it didn't meet my primary criteria of being able to
>> hide/show certain items on the primary nav menu based on what role of
>> user was logged in.  Any other suggestions?
>>
>> (Sorry it took so long to reply, been busy ;))
>>     
>
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20060712/e333268e/attachment.htm

More information about the development mailing list