CiviCRM Community Forums (archive)

I've come across a problem I don't think i've come across before. I have several profiles on a site that are mostly for anonymous users but I have one membership directory that should only be for the drupal role of member. But I don't know how to limit and block anonymous users from seeing this specific profile.

Has anyone come across this before? Am I missing something totally obvious?

thanks for the help
tony

Thanks Dave. I honestly need something very simple like Drupal's Path Access module that allows you to limit access to a path based on role.  But I just tried that module and what I'm finding is that it doesn't honor the URL of a profile, probably because of the ?'s in the URL. This is similar to the bug you may remember with using CiviCRM paths in a Drupal block's path settings (which I think is solved in Drupal 6).

Anyway, so let me sit on this.  I may ultimately have to use ACls and if I do, I'll take a stab at the documentation.

thanks
tony

Hey Tony,

What were the Drupal user permissions you had enabled for this scenario?

Do you have to give access to all anonymous users to be able to view all profiles and to view custom data? Then limit the proprietary ones with this work around?

We have a member directory and profiles used to register for events and memberships. So the directory profile is proprietary, and the other profiles need to be public. I attempted your work around, and followed your steps, but it didn't work... I had to give the anonymous user access to profiles and custom content, which then gave them access to the member directory, which wouldn't work. Would another content access module be getting in the way?

Thanks in advance,
Bmodesign

Hi bmodesign,

For the scenario i describe, i gave the following permissions to anonymous users: access profiles listings and forms, access all custom data. This is because the client had other profiles that needed to be accessed by anonymous users. It was only the directory that was limited to members.

As far as the workaround, what exactly doesn't work? Did you create the URL redirect from something like http://myorganization/membershipdirectory to http://myorganization/civicrm/profile?reset=1&gid=XX? That's an important part of it because Drupal doesn't play nice with "dirty" URL's like CiviCRM profiles have. For that matter, are clean urls enabled?
Did you put into the correct profile ID, access denied & redirect path into the snippet?
I doubt another Drupal access/content control module would interfere since the profile isn't Drupal content.

Here's what it looks like in the real world (you wont be able to login of course):
http://nativephilanthropy.org/membershipdirectory
It knows you're trying to reach a profile so it takes you to the access denied page (step 1). When you get to the access denied page, notice the "destination=membershipdirectory" appended to the URL. Once someone logins, the redirect kicks in taking them to the CiviCRM profile URL.

Hopefully it's something small like profile ID.

@peter:
"Limit listings to a specific Group" is to control the search results of a directory. We used that setting to make the directory list CiviCRM members only (via a smart group of current members). The issue and workaround I posted allowed us to limit access to who can see the profile in the first place. Since the drupal permissions are all or nothing (either anonymous users have access to all profiles or they don't) we needed to use this simple workaround.

Hope this helps
tony

Tony, thank you for the reply.

I'm able to type in my redirect page, then get to the error message, and have the login block displayed. When I log in there, it just loops me back to the same url like domainname.com/access-denied?destination=membershipdirectory   but the login block doesn't display, because I'm logged in...

Also, (while logged in) when I type in the direct civicrm path to the profile, it loops me back to the 'access denied' error message. Even though, my user has full permissions to view everything.

Am I right to paste the code under function phptemplate_preprocess_page(&$vars){ ?  In template.php?

Clean urls are enabled. The redirect works with pointing to the correct profile, when the code isn't pasted in template.php. And anonymous users have 'profile listings and forms' and 'access all custom data' permissions.

Any advice is appreciated. I guess it's just the redirect that's not working...

Bmodesign

Tony,

The simple login redirect works on my site, after I cleared everything out. When I visit my access denied page, with the login, and add a ?destination= page, it works.

The redirect works to go to the civicrm page.

When I upload the template.php file with the code, the redirect to the access denied page works, the address bar includes the redirect to the member directory, but after logging in it goes right back to the access denied page. (looping)

Also while logged in, when trying to access the civicrm member directory profile directly, it takes me to the access denied page with the ?= redirect in the address bar. (I'm logged in, so my login block doesn't show up).

My template.php file is really the same as garland, other than the code I'm putting in for this...

I'm afraid the if statement isn't working right, but I don't know php code enough... it's like, once logged in, it gets stuck going to that page, and ignores the if statement. It just does it no-matter if you're logged in.

Thanks for any advice. I'll keep you posted on any progress.

bmodesign

That's it. I am using 6.12

So, I'll let you know if I get anywhere with any other work around.

Thanks,

bmodesign

Hi,

The code below works at my site. I am using Drupal 6. I added it as a separate function at the end of template.php.

function phptemplate_preprocess()
{

// Anonymous users trying to access the membership directory, need to be redirected
        // to the login page with the proper destination set.  Since there can be different
        // parameters in the URL, we're only checking for civicrm profile and gid=7.

  if (arg(0) == "civicrm" && arg(1) == "profile")
    {
    if (strstr(drupal_get_destination(),'gid%3D7'))
{
global $user;
if ( $user->uid )
{
// This should only be true if $user->uid is set and non zero
// Do something for people logged in (in this case - do nothing)  
}
else
{
                 // Handle the case where the person is not logged in (prevent access)
            header('Location: /403_error');
    exit;
}
}

    }
 
}



Hope it will work at your site
Best regards,
vjeko