By npollock on

One of the things I really like about drupal is how easy it is to add a perm function and add security for each module. Unfortunately, the focus of drupal development has been toward's public sites. As a result many of teh perm_hook's for modules I download don't contain the access xxxx setting. Good examples are gallery, forum (from core) and event.

The problem is that Intranets and Extranets need to be able to turn modules on and off one at a time and you often want just a login prompt to appear on the first screen, not showing any content until a user logs in. So I have to go into each module and add the access control. Why wouldn't setting access control be a requirement for anything that goes on the menu? I would really like to be able to turn menu items on and off by role.

I heard that there may be a block security feature added to 4.7 and while a start, it doesn't complete;y fix what I am talking about.

Any thoughts?

Thanks

Norm

Categories: Drupal 4.7.x

Comments

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

You mention that you have fixed some of the modules - can you provide patches for those fixes into the issue queue for those modules? I have been nailed by this bug before and didn't know how to fix it so it would be great to get these fixes.

Thanks!

--
Knaddison Family Blog

--
Morris Animal Foundation