开发者

Drupal: Taxonomy & Security

开发者 https://www.devze.com 2022-12-22 03:04 出处:网络
I have an intranet on the Drupal platform. I am using permission to restrict access to certain node types that have sensitive informatio开发者_运维问答n in them. This is all working nicely.

I have an intranet on the Drupal platform. I am using permission to restrict access to certain node types that have sensitive informatio开发者_运维问答n in them. This is all working nicely.

However, some of theses sensitive nodes use taxonomy as a method of categorization. The problem is, I have found certain paths, apparently created by the taxonomy module itself, that show teasers of these sensitive nodes, even to unauthenticated users.

for example: mysite.com/category/traintype/site

Shows the companies training appointments where the training type is onsite. These nodes are set so that they should not be accessible to users of a certain roles, and certainly not to unauthenticated users.

I have looked through Views on the site, and I don't see any taxonomy views. So, how can I make these paths inaccessible?


Another method is to alter node.tpl.php to strip the teaser if the user does not have access.


You can use hook_menu() or hook_menu_alter() in a custom module to overwrite the default menu item that is created by the taxonomy module. Here you can add your own extra permission check or remove it altogether.

0

精彩评论

暂无评论...
验证码 换一张
取 消