Drupal: Taxonomy & Security

views:

answers:

+2 Q:

Drupal: Taxonomy & Security

I have an intranet on the Drupal platform. I am using permission to restrict access to certain node types that have sensitive information in them. This is all working nicely.

However, some of theses sensitive nodes use taxonomy as a method of categorization. The problem is, I have found certain paths, apparently created by the taxonomy module itself, that show teasers of these sensitive nodes, even to unauthenticated users.

for example: mysite.com/category/traintype/site

Shows the companies training appointments where the training type is onsite. These nodes are set so that they should not be accessible to users of a certain roles, and certainly not to unauthenticated users.

I have looked through Views on the site, and I don't see any taxonomy views. So, how can I make these paths inaccessible?

You can use hook_menu() or hook_menu_alter() in a custom module to overwrite the default menu item that is created by the taxonomy module. Here you can add your own extra permission check or remove it altogether.

googletorp 2010-03-04 20:53:49

+1 A:

Another method is to alter node.tpl.php to strip the teaser if the user does not have access.

Chris Ridenour 2010-03-04 21:39:05

What do you mean by this? I don't see any particular variable that would produce only a teaser.

cinqoTimo 2010-03-05 00:37:17

I believe the syntax is if ($teaser) when outputting information. However, a better method (upon further thoughts) is in the template_preprocess in template.php. There you can set $node->teaser to '' if user_access() for the access needed returns false.

Chris Ridenour 2010-03-05 20:33:18

ansaurus

tags:

views:

answers:

Drupal: Taxonomy & Security

related questions