Currently, xmlsitemap creates an anonymous user session when generating the sitemap. I think it would make more sense to use the user session of whoever is currently viewing the sitemap, as with most Drupal pages and modules.

Our use case is an intranet site with no content visible to anonymous users, but we do have an internal search engine that needs to consume the sitemap (using an authenticated service account). We also have node access / node grant controls that restrict who can view what content, and the sitemap would need to respect these permissions so that restricted content doesn't show up in search results.

On top of that, it just seems really unintuitive and unexpected for the module to not respect basic node access controls, compared to other similar modules that aggregate and list site content (i.e. Views).

Comments

Dane Powell created an issue. See original summary.

Dave Reid’s picture

Dave Reid
he/him
Primary language English
Location Nebraska USA
CreditAttribution: Dave Reid as a volunteer and at Lullabot commented
Status: Active » Closed (won't fix)

I would recommend using the alter hooks to do what you need to do to make the links visible. I don't think this covers the majority use case for this module so I will decline to implement it. The intended consumer is anonymous users aka search engines for the sitemap.