[development] deny user #1

Alan Dixon alan.g.dixon at gmail.com
Wed Sep 13 16:30:45 UTC 2006 

i'm looking at the node_access function, and I see that it'll return
true regardless of your hook_access if your user has the 'administer
nodes' permission, so your form alter will need to be user id
independent (i.e., lose that uid = 1).

another approach might be to intercept it earlier. Since the list of
nodes that you can't edit are fixed after the import, in your
hook_menu of the module you could add something like:

foreach($imported_node_ids as $nid) {
  $items[] = array('path' => 'node/'. $nid .'/edit', 'title' => t('edit'),
          'callback' => 'node_page_edit',
          'callback arguments' => array($node),
          'access' => FALSE,
          'weight' => 1,
          'type' => MENU_LOCAL_TASK);
 }
}

But i'm not sure if that would work, or if it should be in the cached
or non-cached section (how does drupal negotiate conflicting menu
definitions? yes, i should rtfm or at least the code...).

 - Alan


On 9/13/06, Augustin (Beginner) <drupal.beginner at wechange.org> wrote:
> On Wednesday 13 September 2006 10:44 pm, Johan Forngren wrote:
> > I've learned that one should never call die/exit, since some functions will
> > not be executed then (e.g. footer functions etc).
>
> you're right, but this was a quick test, and die() never got executed anyway.
>
> Anyway, the code below still does not work, because it also prevent user #1 to
> run cron.php which is needed to import the nodes. I'll add another check to
> see the requested URI to allow cron to do its job.
>
>
> function demexp_form_alter($form_id, &$form) {
>   global $user;
>   if ($form_id == 'demexp_question_node_form' AND $user->uid == 1) {
>     echo $user->uid;
>     drupal_set_message( t('You may not create or modify a demexp_question
> node'), 'error');
>     drupal_goto('<front>');
>   }
>
> It's not that urgent, so I still have time to look for the best solution.
>
> thanks,
>
> Augustin.
>
>
>
> --
> http://www.wechange.org/
> Because we and the world need to change.
>
> http://www.reuniting.info/
> Intimate Relationships, peace and harmony in the couple.
>


-- 
Alan Dixon, Web Developer
http://alan.g.dixon.googlepages.com/

More information about the development mailing list