Contrib.social

Permissions for anonymous users to view Domain Access

Open on Drupal.org β†’
Created on 29 May 2023, about 1 year ago
Updated 14 June 2023, about 1 year ago

Drupal Version

Drupal 10.0.9

Domain module version

2.0.x-dev

Expected Behavior

[What did you try to do? What URL did you use to do it?]
I would like add a View Conditional β†’ field in view using Domain Access field as the conditional field.

Actual Behavior

[What actually happened?]
To do this, I added a Content Domain Access field in the view, it works well for the administrator, but it does not work with anonymous users because the Content Domain Access field does not show. I have tried to give different permissions to anonymous users.

I tried to show the Content Domain Access field on the content page, but it did not appear.

Is Domain Access designed unavailable to anonymous users or are there some special permission requirements? Thanks.

Steps to reproduce

[A bullet list of steps to reproduce the error. Note if the error always happens or sometimes happens.]

πŸ’¬ Support request
Status

Active

Version

2.0

Component

- Domain Content

Created by

πŸ‡¨πŸ‡³China hongqing

Live updates comments and jobs are added and updated live.
  • Needs documentation

    A documentation change is requested elsewhere. For Drupal core (and possibly other projects), once the change has been committed, this status should be recorded in a change record node.

Sign in to follow issues

Comments & Activities

  • Issue created by @hongqing
  • Comment about 1 year ago β†’
    πŸ‡¨πŸ‡³China hongqing
  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States agentrickard Georgia (US)

    Are these domains active or inactive?

    Inactive domains require special permissions ("Access inactive domains").

      public function access(AccountInterface $account) {
    $domain = $this->domainNegotiator->getActiveDomain();
    // No domain, let it pass.
    if (is_null($domain)) {
      return AccessResult::allowed()->addCacheTags(['url.site']);
    }
    // Active domain, let it pass.
    if ($domain->status()) {
      return AccessResult::allowed()->addCacheTags(['url.site']);
    }
    // Inactive domain, require permissions.
    else {
      $permissions = ['administer domains', 'access inactive domains'];
      $operator = 'OR';
      return AccessResult::allowedIfHasPermissions($account, $permissions, $operator)->addCacheTags(['url.site']);
    }
  }

    In general, I would *not* should this information to anonymous users, as it could be considered an information disclosure security leak, depending on your site's needs.

  • Comment about 1 year ago β†’
    πŸ‡¨πŸ‡³China hongqing

    @agentrickard Thanks for your prompt reply. These domains are active. It will not show the domain access directly to anonymous users, it will show a View Conditional field, where Domain Access is the condition.

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States agentrickard Georgia (US)

    I suspect this may be due to the fact that Domains are not stored in the database -- they are config objects -- and the View Conditional doesn't know how to load them.

    I would be interested to know what query is being run to try to generate that output.

  • Comment about 1 year ago β†’
    πŸ‡¨πŸ‡³China hongqing

    @agentrickard Thanks for your help. Finally, I find it is a permission issue. I have to grant anonymous users the permission "View all registered domains in the administration list", while the permission "View assigned domains in the administration list" is not enough for anonymous users to view the domains that the content is assigned to. I am not sure if there is a security issue to give anonymous users such permission.

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States agentrickard Georgia (US)

    It is not a security issue _per se_ since you have explicitly granted it. There are lots of bad permissions one can give anon users in Drupal.

    What are you printing here?

  • Comment about 1 year ago β†’
    πŸ‡¨πŸ‡³China hongqing

    I did not print Domain Access to the anonymous users directly. It is hidden and used as the condition of View Conditional field, Therefore, the web can show different page title for each domain.

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States agentrickard Georgia (US)

    Interesting....

    Everything working as expected? If so, please close this issue.

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bsnodgrass

    Reviewing for πŸ“Œ Documentation for 2.0.x Active . Relating this issue.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024