permissions for items pointing to external links in menu system [#36393]

Not sure if this is a bug or just a missing feature, but there is presently no way to create a new menu item and have it accessible to admins only. If you create an item as a submenu of administer, when you log out, the administer menu is hidden as exspected, but the custom link rises out of it to the top level and is still visible to all users. There are two ways I can se to resolve this. Either change the current behavior of the menu system to cause children of hidden items to become hidden themselves, or add some kind of permissioning capability to the menu system, allowing the user to choose which roles will be able to access the item on the edit menu item page.

Comments

Comment #1

JonBob CreditAttribution: JonBob commented 4 November 2005 at 22:07

Category:	bug	» feature
Priority:	Critical	» Normal

Missing feature.

The menu system does support permissioning, but this is not exposed in the menu administration UI in any way. The hold-up with this, pretty much, is coming up with a flexible yet usable UI.

Comment #2

seanr

he/him

CreditAttribution: seanr commented 7 November 2005 at 15:54

That shouldn't be that difficult. Just output a list of checkboxes on the edit menu item page for each role. They'd all be checked by default, but the user could uncheck any that he desired. Thus you could have an item apear for unregistered users only, or for admins, or whatever. I think that should be pretty easy to use and we really badly need this feature.

Comment #3

JonBob CreditAttribution: JonBob commented 7 November 2005 at 18:08

The "or whatever" covers a lot there. Do we limit this by role? Add an arbitrary set of permissions? Ultimately people will find any system lacking unless it is as extensible as the node access system.

Comment #4

seanr

he/him

CreditAttribution: seanr commented 7 November 2005 at 18:58

Haven't messed with the node access system, I was just thinking of by role. I think that's pretty straight forward and well understood by everyone even if it might be limiting.

If this functionality is already in the source code in some way, is there any way I can hack it? Some setting in the database or something?

Comment #5

magico CreditAttribution: magico commented 19 August 2006 at 16:33

Version:

4.6.3

» x.y.z

Comment #6

LAsan CreditAttribution: LAsan commented 2 April 2008 at 09:10

Version:

x.y.z

» 7.x-dev

Moving to cvs.

Comment #7

Xano

he/they

English

Southampton

CreditAttribution: Xano commented 2 August 2008 at 20:24

Kick.

It would be great to have something like this. I have been thinking about this for some time now and I think it's best if administrators can limit menu items to certain roles, but that they can also set users need permission X to use a menu item.

Comment #8

alexanderpas CreditAttribution: alexanderpas commented 2 August 2008 at 20:46

but that they can also set users need permission X to use a menu item.

which you would give to them by assigning a certain role.

I think this is not needed, since menu-items always link to certain content, and should only be displayed if that content is accessible.

if the content is accessible, the menu item should be visible!

Comment #9

seanr

he/him

CreditAttribution: seanr commented 8 August 2008 at 18:41

Glad to see there's still some life in this issue two and a half years after I posted it. :-D The only way I've been able to deal with it is writing a module that defines the menu items along with their permissions.

alexanderpas - that doesn't work if the menu item in question is pointing to an external site (say a central help site that we want site admins to know about but not everyone else - currently this must be done with a custom module).

Comment #10

alexanderpas CreditAttribution: alexanderpas commented 19 August 2008 at 21:10

Title:

Can't create menu items for admin only

» permissions for items pointing to external links in menu system

okay, updated the node title, now i see what you mean.

any permission should be given by assigning roles to that menu item.

Comment #11

metzlerd CreditAttribution: metzlerd commented 4 December 2008 at 17:51

I'm running up against this limitation. What I would recommend is the same permissions structure that's in place for blocks (and therefore menus) be implemented for "added" menu items. THat way people could add custom php code, etc. Which would be extremely helpful in my situation. I'm trying to figure out a "contrib module" way to do this. Anyone who has ideas I'd love to hear them.

Comment #12

seanr

he/him

CreditAttribution: seanr commented 19 December 2008 at 20:51

I agree with metzlerd - there's already a very good system for doing this with blocks; seems we should use that as our starting point. As for specific solutions to this problem without modifying core, see my module here:

http://drupal.org/project/ngplinks

That module defines four menu items - contribute, volunteer, and subscribe which can be pointed to any external URL you want via the module's admin settings page, and admin/logs/urchin which we set up to point to our Urchin server. The Urchin item has a permission that can be assigned to specific roles. I imagine it'd be possible to write a module that creates menu items on the fly with customizable permissions if you needed it in a hurry, but I'd rather see it in core.