By tryitonce on

We are working on a website where a number of different roles have access to certain pages, while other roles have access to other pages.

For this project it would be useful to see which roles have access to the page at the top of the page - just under the menu and just above the headline area.

I have been browsing for this, but have so far not been successful - all I keep finding is access rules and how to set viewing permissions.

The same would be useful to have with the Organic Group module - to see which groups can see the page.

It would be great to get the hint including the option to show this print out just to certain (admin / supervisor) roles.

Thanks for all help

Categories: Drupal 7.x

Comments

tryitonce’s picture

tryitonce commented

I found a few solutions / links now, but they don't work for me. I guess they are pre-D7.

https://www.drupal.org/forum/support/theme-development/2008-04-10/print-... - pre-D7

https://www.drupal.org/forum/support/post-installation/2013-05-07/how-to... - this is just in the profile

in a View this can be added as a field, but we would like to see it on top of each page in order to know who can read it by role, not by user name.

Well, still digging

wombatbuddy’s picture

wombatbuddy commented

 1. Create the view with Block display

 2. Configure the following fields as:

    FIELDS 
    User: Roles (Roles)

    FILTER CRITERIA
    User: Current (Yes)

    BLOCK SETTINGS 
    Access: None

 3. Place this Block in the Header region and you're done.

The screenshot with settings: https://i.imgur.com/uKonH22.jpg

tryitonce’s picture

tryitonce commented

thanks for you response.

I have just been experimenting with this after updating my Drupal 7 site to 7.58.

Unfortunately I am getting a lot of errors now when saving Views, to the point of getting locked out and having to remove the Views via MySQL database access. I reported this error to on Drupal.

When I created the User View you described I am getting in the block just "Array" returned.

Maybe I missed something I have to set in the View like a Relationship or Contextual Filter??

Also, what I am after is the display of the roles that can see the Content Type that I am looking at as the administrator. I need to see which roles can see this particular Content Type as it is set under "Add Content Type" => "admin/structure/types/add". I don't need to see what roles the current user has or what roles the author has.

The information I need has to come from the Content Type.

I will experiment with the idea of using a block and to stick it to the top somewhere more in due course.

Thanks

tryitonce’s picture

tryitonce commented

I tried various options, but could not create a block or a page with Views that would return the list of the roles with permission to access a node / page.

All help welcome.

I guess the solution is in a php code that returns the array of roles according to the Content Type of the page / node open.

I just do not have the coding skills to string this together.

It's a nice to have thing, not essential. It would allow admin staff to double check if the content on a specific page is appropriate.

So, the code needed could go as php into a block or be added to the tpl file.

Thanks

wombatbuddy’s picture

wombatbuddy commented

In this case we must to know the permission name. Do you use 'Content Access' module (or similar)? What is the name of your viewing permission?

 And you can also try this code (paste it into the Block body):

(Updated)

<?php
$roles_with_view_access = array();
$node = menu_get_object();
if ($node) {
  foreach (user_roles() as $rid => $role) {
    if ($role == 'anonymous user') {
      $roles = array($rid => $role);        
    }
    else {
      $roles = array(
        2 => 'authenticated user', 
        $rid => $role,
      );
    }    
    $fake_user = array(
      'uid' => 'fake' . $rid,          
      'roles' => $roles,
    );
    if (node_access("view", $node, (object)$fake_user)) {
      $roles_with_view_access[] = $role;
    } 
  }
  print (implode(" | ", $roles_with_view_access));
  if (module_exists('content_access')) {
    $path = base_path() . 'admin/structure/types/manage/' . $node->type . '/access';
    print ' | <a target="_blank" href="' . $path . '">' . t('Edit access') . '</a>';
  }  
}
tryitonce’s picture

tryitonce commented

Hi wombatbuddy,

thanks so much for your time.

This returns the roles of the current user, I believe.

What I need to get is the roles with viewing access granted through, indeed, the 'Content Access' module.

The principal would be to get the Content Type of the current Node / Page displayed and from there to extract the Roles that have the Permission to view.

These roles printed out in a block would then show the admin people who can view the content.

If the content is sensitive and destined for certain roles, the admin person would quickly see that this was posted with the incorrect Content Type and can make the required amendments.

I do not use the option of different role permission on a page by page basis. This, I believe, would make the whole thing too complex. At least in our case, we use different Content Types to separate out who => which role can see this content.

Your help is greatly appreciated, thanks

wombatbuddy’s picture

wombatbuddy commented

No you are wrong, this code returns the roles of all users.

(the method I described in the my first post displays only the roles of the current user. But this code shows the roles of all users). 

Create a new block and try this code.

tryitonce’s picture

tryitonce commented

Yes, when I created the block and justed tested quickly one page => Content Type I only saw "administrator" and thus an incomplete list of the roles with the Content Access granted plus the not approved "authenticated user".

So, I jumped to the conclusion that the code just returned the users roles - including the base role of anyone logged in.

Big apology - but it's not there yet. And my coding skills are too limited, sorry.

I run more tests now and it seems that not all roles are displayed, even though, these roles have been granted access through Content Access.

I have the following roles:

anonymous user
authenticated user
administrator
Editor
D_Manager
D_Team
G_Team
For some reason the "D_Manger" and the "D-Team" do not show up when viewing access has been granted. That's on all the Content Types.
This is surprising as the "D_Manager" has almost the same viewing rights as the administrator who has 100% and also has the " Bypass content access control" (Permissions) active => greyed under Content Access.
The D_Team has less rights in is similar to the G_Team which does show up.
And the "authenticated user" is in the list of the block even though this role has no viewing access. This is on some of the CTs.
One one CT the "anonymous user" shows up but has no viewing access. Could it be that the role just before the first one with viewing rights gets included?
I have rebuild permissions and cleared caches.
Now, I reversed the granted Viewing rights and removed the G_Team and Editor. After just saving, without rebuilding permissions & without cache clearing, the change shows up in the block. Both ways - adding and removing the Viewing permission shows up. The "authenticated user", though, stays on the list but should not be there.
As I am testing more I find that I cannot change the Permissions on my D7 Website - /admin/people/permissions.
I wanted to see what happens when I remove the viewing rights for all content here and then rebuild.
So, I need to figure this one out now and stop my testing here for now. It might already add some insight.
Your help is greatly appreciated!!!!!!
wombatbuddy’s picture

wombatbuddy commented

Yes I understood that the code was incorrect and I have updated it.

tryitonce’s picture

tryitonce commented

Thanks so much for the update. Really nice of you to help.

So, result is the roles are now correctly listed and the missing ones are included.

  administrator | Editor | Dev | Dev_Team | Geo_Team

But there is no output in the block any more, on the left in my case. The output goes into the message box above the body together with the regular award of points for inviting someone for "fake".

So, there seems to be some crossing over into the user points module.

   fake just earned 80 points and now has 80 points in the Invitations category.
   fake just earned 80 points and now has 80 points in the Invitations category.
   fake just earned 80 points and now has 80 points in the Invitations category.
   fake just earned 80 points and now has 80 points in the Invitations category.
   fake just earned 80 points and now has 80 points in the Invitations category.
   fake just earned 80 points and now has 80 points in the Invitations category.
   fake just earned 80 points and now has 80 points in the Invitations category.
   administrator | Editor | Dev | Dev_Team | Geo_Team

This is what shows up in the green message box above the body text on each page.

tryitonce’s picture

tryitonce commented

..... just try and error I got this:

<?php
$roles = array();
$node = menu_get_object();
if ($node) {
foreach (user_roles() as $role) {
   $rid = user_role_load_by_name($role)->rid;
   $temporary_user_settings = array(
   'name' => 'fake',
   'pass' => 'fake',
   'mail' => 'fake',
   'status' => 1,
   'init' => 'fake',
   'roles' => array($rid => $role),
   );
   $temporary_user = user_save('', $temporary_user_settings);
   if (node_access("view", $node, $temporary_user)) {
     $roles[] = $role;
   }
   user_delete($temporary_user->uid);
}
echo (implode(" | ", $roles));
}

I changed the last line of code from - drupal_set_message(implode(" | ", $roles));

to - echo (implode(" | ", $roles));

Now the correct roles are showing up in the block. The idea to put it into the message region is also not bad.

However, in the message region I still get the "user points awarded to 'fake'..." in 7 lines - and that needs to go.

Thanks for all the help!!!!!!!!!

wombatbuddy’s picture

wombatbuddy commented

Don't worry. We'll figure something out.

wombatbuddy’s picture

wombatbuddy commented

The code have been updated.
Additionally I added the link to the 'Access control' page for current 'Content type'.
Maybe it will be convenient.

tryitonce’s picture

tryitonce commented

Hi wombatbuddy - thanks a million.

That's perfect and working spot on.

For those who want to fiddle a bit more - here is what I did adding some formatting.

<?php

$roles_with_view_access = array();
$node = menu_get_object();
if ($node) {
foreach (user_roles() as $rid => $role) {
if ($role == 'anonymous user') {
  $roles = array($rid => $role);  
}
else {
  $roles = array(
    2 => 'authenticated user',
    $rid => $role,
  );
}
$fake_user = array(
  'uid' => 'fake' . $rid,    
  'roles' => $roles,
);
if (node_access("view", $node, (object)$fake_user)) {
  $roles_with_view_access[] = $role;
}
}
print '<strong>' . t('Who has access: '). '</strong>' . nl2br("\n");
print (implode(" | ", $roles_with_view_access));
if (module_exists('content_access')) {
$path = base_path() . 'admin/structure/types/manage/' . $node->type . '/access';
echo nl2br("\n-------------------------\n");
print '<p align="right">'.'<a target="_blank" href="' . $path . '">'.'<strong>'. t('>> Edit access') . '</a>'. '</strong>'.'</p>';
}
}

 

With this I added a note " Who has access:" because I don't like the big size and space wasting from the heading of the block title.

I added some line breaks and aligned the " >> Edit access" under a broken line to the right.

I also added some bold text formatting.

Now it looks perfect for my use and I like to thank wombatbuddy and hoe this may help others as well.

If it does, just add your thumbs up here with a note - thanks to wombatbuddy.

tryitonce’s picture

tryitonce commented

this might help someone ....

The block is now in a single line, just below the menu and only visible to the admin & developers.

We also print now the human readable name of the Content Type used ....

<?php
$roles_with_view_access = array();
$node = menu_get_object();
if ($node) {
  foreach (user_roles() as $rid => $role) {
    if ($role == 'anonymous user') {
      $roles = array($rid => $role); 
 foreach (user_roles() as $rid => $role);       
    }
    else {
      $roles = array(
        2 => 'authenticated user', 
        $rid => $role,
      );
    }    
    $fake_user = array(
      'uid' => 'fake' . $rid,          
      'roles' => $roles,
    );
    if (node_access("view", $node, (object)$fake_user)) {
      $roles_with_view_access[] = $role;
    } 
  }
   print  '<strong>' .  t('Who has access: '). '</strong>' . (implode(" | ", $roles_with_view_access));
 echo t('    ----->> Content Type:  ');
echo '<strong>' . node_type_get_name($node) . '</strong>';
 if (module_exists('content_access')) {
    $path = base_path() . 'admin/structure/types/manage/' . $node->type . '/access';
    echo '<a target="_blank" href="' . $path . '">'.'<strong>'. t('    -------->> Edit access') . '</a>'. '</strong>'.'</div>';
  } 
}
marksmith’s picture

marksmith commented

if ($node) {
  foreach (user_roles() as $rid => $role) {
    if ($role == 'anonymous user') {
      $roles = array($rid => $role); 
 foreach (user_roles() as $rid => $role);       // this seems to be superfluous
    }
    else { ...

tryitonce’s picture

tryitonce commented

Might be superfluous - will test next time I am getting round to it, but, as all works well, it might be a while.

Did you test it with and without the line?

marksmith’s picture

marksmith commented

Yes, I tested the script. It is not working for me with the line that I consider superfluous in case user can also be anonymous. In such configuration, instead of anonymous, the last user role is listed in place of anonymous as well, thus the last role appears twice.

E.g. instead of: anonymous, student, teacher, staff you will get: staff, student, teacher, staff.

tryitonce’s picture

tryitonce commented

... thanks for the update.

Yes in our case we do not give anonymous/guests the option to post. All contributers must be registered.
Interesting to see what happens if users leave and their role reverts to anonymous.
.....