Permissions

I'll check this tonight. I'm really busy today, but it's seems like a critical bug. I'll try to fix it as fast as I can, and maybe pull a beta3.

I've just tested quickly. Are you sure you are using 6.x-2.1-beta2, I can't reproduce the bug. The toolbar is ok for anonymous users (Login link), and the toolbar is not visible if there is no toolbar set for anonymous user role.

Please give me more info, thank you.

Also, when you enable the toolbar module in a fresh site, the admin won't see the toolbar at all until he/she enables a shortcut set for the anonymous users, but that's probably another issue.

I installed a fresh Drupal 6.17 installed 6.x-2.1-beta2, the default toolbar ( "Admin", "Administer toolbar", "Toolbar settings") is displayed and the system links ("Hello admin", "Logout", "?"). Are you sure you did a fresh install ?

Because there are no permissions now to 'see' the toolbar, anonymous users see the toolbar and the static links, if they have no shortcut set enabled for their role, they will not see any shortcuts, but they still see the toolbar with the static links.

If there is no toolbar enabled for anonymous users, they see nothing (as expected). If there is a toolbar for anonymous users but they can't access (don't have the permissions to access) any of the shortcuts (try to set the Default toolbar to anonymous users) no shortcuts will be displayed, but the static links are still available, because the toolbar is enabled for the role.

The toolbar module only displays links, this module doesn't manage permissions. If the site administrator creates shortcuts for paths that are not accessible by the toolbar's users, it's site's administrator's problem, not Toolbar module. Example: create shortcut for path "admin" in a toolbar, and then enable this toolbar for anonymous users. They'll not see the "admin" shortcut because they can't administrate the site (or they if they have the permission).

That's why there has to be a 'use the toolbar' permission, because there might be cases when an admin wants the anonymous users to see the toolbar, with shortcuts and with static links for them, and there might be other cases when visitors shouldn't be allowed to see the toolbar at all.

There is such permission it's the "toolbar per role" settings. Every user in Drupal has at least one role (even user 1 (admin) has the role "authenticated user"). If admin wants only to display static/system links then create a toolbar, add no shortcuts in it and set it to anonymous users.

I'm not sure if this is a bug. I think with toolbar per role the module is much more flexible.

Ok, great, I'm happy it works. I'll leave this open for a moment if there are other questions related on anonymous user visibility.

Thanks,

Hi,

uid 0 is the anonymous user. The only way you can have this result in database is :

- give anonymous user the permission to select toolbar
- anonymous user have accessed to user/0/toolbar and has selected toolbar.

You can change this by going to user/0/toolbar select "Role default toolbar" (which actually will delete the database record). But if you really don't want anonymous user to change toolbar remove the permission.