background image
HomeRecent PostsDrupalSearchTagsRSSContactAboutAccount

Restrict sections of a form to certain users and roles
Eric.London's picture
Submitted by Eric.London on 3/27/2009
Tags:
  • 3 comments
  • Share this

At some point, you might want to restrict sections of a form to certain users and roles. That can be accomplished relatively easy by creating a module that implements 2 Drupal hooks: hook_form_alter and hook_perm.

First, I start by adding the hook_perm():

<?php
function MYMODULE_perm() {
  // return an array of permissions,
  // they can be named whatever you'd like.
  // NOTE: avoid redeclaring permissions that are already set
  return array('access secret section of my form');
}
?>

Next, add a form_alter hook:

<?php
function MYMODULE_form_alter(&$form, $form_state, $form_id) {

  // test for the form id you'd like to alter.
  // if you are unsure of the it's exact name,
  // you could add this: echo $form_id . "<BR>";
  if ($form_id =='SOME_FORM_ID') {
    // check if the user has access to the permission you defined
    if (!user_access('access secret section of my form')) {
      // deny access to the form element
      // if you don't what what it's called,
      // output the $form object:
      // echo "<pre>" . print_r($form, true) . "</pre>";
      $form['SOME_FORM_ELEMENT']['#access'] = false;
    }
  }
}
?>

Now, if you enable you module you can restrict permissions by going here: /admin/user/permissions

Modifying Organic Group&#039;s access control and permissions
Eric.London's picture
Submitted by Eric.London on 1/30/2009
Tags:

In a recent Drupal implementation, we used the Organic Groups module to allow users in a certain role to add content to group nodes. On the content type edit screens, for "Organic groups usage", we chose "Standard group post (typically only author may edit)". Unfortunately, this text is a little deceiving. The OG module grants group administrators the ability to edit any node in the group, which was undesired for our situation.

In the og.module module file, the function og_menu_alter() overrides the normal access control of a user's ability to edit nodes:

<?php
function og_menu_alter(&$menu) {
  // If og_access is disabled, we at least add back the edit tab for group admins to edit their posts.
  $menu['node/%node/edit']['access callback'] = 'og_menu_access_node_edit';
  $menu['node/%node/edit']['access arguments'] = array(1);
}
?>

Prior to og_menu_alter() being executed, the menu structure was:

[access callback] => node_access
[access arguments] => Array
    (
        [0] => update
        [1] => 1
    )

The above array structure relies on the node_access() function to determine if a user has permission to edit a node. One solution to this problem is to define code in a module to reset this menu structure:

<?php
function MYMODULE_menu_alter(&$menu) {
  $menu['node/%node/edit']['access callback'] = 'node_access';
  $menu['node/%node/edit']['access arguments'] = array('update',1);
}
?>

Now, group administrators no longer have permission to edit every content item in a group.

Password protecting a directory using .htaccess and htpasswd
Eric.London's picture
Submitted by Eric.London on 5/27/2008
Tags:

Here is how you can password protect a directory using htpasswd and .htaccess files:

mkdir /path/to/new/directory/YOURNEWDIRECTORY
cd /path/to/new/directory/YOURNEWDIRECTORY
htpasswd -c .htpasswd YOURUSER

Next, edit/create an .htaccess file in the same directory containing:
AuthUserFile /path/to/new/directory/YOURNEWDIRECTORY/.htpasswd
AuthType Basic
AuthName "YOURDESCRIPTION"
Require valid-user

NOTE: A absolute path is required for the AuthUserFile directive.

Syndicate content