[development] Change URL on ajax call, but enforce access checks?

Yuval Hager yuval at avramzon.net
Mon Jun 2 04:14:28 UTC 2008

On Sunday 01 June 2008, Moshe Weitzman wrote:
> arg() checking is discouraged in modern drupal for this very reason.
> each drupal release we have been able to get rid of more of them in
> core and with the D6 menu system, I really doubt we need any of these
> calls to arg(). contrib modules that use arg() for access control
> should refactor and let the menu system handle access control.
> your workaround looks fine if it works and has no side effects. needs
> testing.

It looked like it was working in most cases, but there is a certain case where 
it fails.
If user with uid==1 (admin) is browsing the site, running:
  if (!_menu_item_is_accessible(menu_get_active_item())) {
gets me access denied every time. I tried to follow the code using a debugger, 
but can't get my head around the structure of $menu. Any idea how to get the 
access checking results correctly here?

(btw, this is Drupal 5.x)

Yuval Hager
[T] +972-77-341-4155
[@] yuval at avramzon.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.drupal.org/pipermail/development/attachments/20080602/11de9fef/attachment.pgp 

More information about the development mailing list