We have a site where you must login to view any content. We want to allow users to login / register using OAuth. However, the callback menu items have an access callback which uses the "access content" argument which directly conflicts with our rule to only allow authenticated users to see content.

Instead, the menu items should either just be set to TRUE for their callback (i.e. allow all) or create a specific permission to allow access to the connector callback URL.

oauth/authorized2

I would opt for a specific permission myself and thus will provide a patch with that solution.

CommentFileSizeAuthor
#4 oauthconnector-2176907-4-authorized_access.patch1.14 KBarithmetric
#1 authorized-access-2176907.patch1.09 KBminorOffense
Screen Shot 2014-01-19 at 4.22.25 PM.png74.03 KBminorOffense
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

minorOffense’s picture

minorOffense CreditAttribution: minorOffense commented
FileSize
authorized-access-2176907.patch1.09 KB

Added hook permission and set callback.

minorOffense’s picture

minorOffense CreditAttribution: minorOffense commented
Status: Active » Needs review
matt2000’s picture

matt2000 CreditAttribution: matt2000 commented
Status: Needs review » Reviewed & tested by the community

Indeed. I've seen this misuse of 'access content' elsewhere in the Oauth suite of modules.

arithmetric’s picture

arithmetric CreditAttribution: arithmetric commented
Status: Reviewed & tested by the community » Needs review
FileSize
oauthconnector-2176907-4-authorized_access.patch1.14 KB

Attached is a patch that takes a different approach to resolve this issue. It uses the existing "connect with oauthconnector_..." permission that is used by the oauthconnector module.