I made my tattlerapp a public site (i.e. granted "access content" to anonymous user) and have had to change a few other settings. I feel like these should be defaults in general:

  • tattler_quickhelp block is now only visible to admins/analysts
  • sources-block_2 is now visible to authenticated and anonymous
  • buzz_photos view now has no access control - we can do that at the block level instead
  • sources view now has no access control - likewise, we can do that at the block level instead
  • The Feedback tab only seems appropriate for higher level users - I added a check for(user_access('administer site configuration')) around it, but it feels inappropriate to show it to anonymous users without giving a way for admins to turn it off in the admin interface

If you feel that the defaults should be to hide the content from the world then I could also just see this as a useful addition to the documentation.

Comments

irakli’s picture

irakli commented
Category: bug » feature

Thank you for your thoughtful feedback.

Most installations I've seen still want Tattler to run behind authentication and anonymous users not be able to see _any_ blocks. That's what current configs achieve (in a very dirty way, I am sure). I think ideally there should be a switch in Tattler settings that allows you to move all configurations to "public" or "private" and your list is very helpful in that.

So I am going to change this issue type as: "feature request" if that's ok.

Thank you

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Category: feature » bug

Another quick change in page.header.inc:

   <?php if (user_access('access content')) : ?>
      <b><?php print t('Monitoring:') . '</b> ' . $tattler_topics_monitored; ?>
    <?php endif; ?>
    <?php if (user_access('create topic content')) : ?>
      <a href="<?php print url('topics'); ?>"><img src="<?php  print base_path() . path_to_theme(); ?>/images/buttons/btn-add.gif" /></a>
    <?php endif; ?>

We want to show what we're monitoring to anyone who can access content and we want to show the "add" button only to people who can actually add a topic.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Category: bug » feature

And a feature request is fine - I didn't mean to switch it back.

The part that makes me think this is a bug is that the presentation is inconsistent - some things are kept to authenticated only and some things are allowed for anonymous - the decisions on those feel inconsistent.

I guess there are really two classes of elements:

  1. things about tattler that are helpful to a new site setup and which might be useful for anonymous when a site is first getting online (the help block, the feedback tab)
  2. things that are "content" and should be visible or not to people with "access content" permissions (the sources block, the images block, etc.)

If we could have a simplified set of permissions/controls for those in one place that seems great to me.

neural’s picture

neural commented

I'd also like to see an improvement in anonymous access features such as setting topics stored in cookies.

As an intermediate step, you can either :

- Show what's monitored while hiding the add/edit options

OR

- Completely hide the "monitoring" balloon next to the site's logo for non authenticated users.

Regards.

summit’s picture

summit commented

Subscribing
+1 for better access control and anonymous user support!
greetings, Martijn

sdbad’s picture

sdbad commented

Go to permissions and grant access permission to content