[development] Checking Menu Access for Anonymous User
E.J. Zufelt
lists at zufelt.ca
Mon Sep 20 17:16:45 UTC 2010
Good afternoon Adam,
I had a similar question, a while back, here is the answer I received.
In short, no, there is no good approach to this :)
If you do go down the path of changing the global $user object, then
you will want to use session_save_session to make your code look
something like this:
// Don't save the session if the next block of code fails:
session_save_session(FALSE);
// Save the old user account someplace.
$user = user_load(0);
// Some computation....
// Something like this:
$user = $the_old_user
// Its now safe to start saving the session again:
session_save_session(TRUE);
</code>
If your 'Computation' in the middle there fails, then the users
session will be saved with the $user object you loaded up, i.e.
they'll get logged out. Annoying at the moment, but if you ever change
it to assign other users to the $user object then you might end up
with people being logged in as other people if the 'computation' fails
for some reason.
Everett Zufelt
http://zufelt.ca
Follow me on Twitter
http://twitter.com/ezufelt
View my LinkedIn Profile
http://www.linkedin.com/in/ezufelt
On 2010-09-20, at 1:07 PM, Adam B. Ross wrote:
> Hello all,
>
> I am trying to determine a good approach to identifying whether a
> specified menu path could be accessed by anonymous users, in an effort
> to implement some kind of baseline cacheable security for an Input
> Filter.
>
> However, I cannot specify a user with such functions as
> menu_get_item() to ask for the access right of an anonymous user. Is
> there a good approach to this?
>
> - abr/Grayside
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100920/eac42f0c/attachment-0001.html
More information about the development
mailing list