Static "Squares Near Me" link on Home page doesn't respect Drupal permissions (issue may also affect other links)

[andrewvanbreda]

The Squares Near Me page is only accessible to users who aren't logged in, once logged in a similar page called Request A Square is used.

There is a problem with the current design of the site becuase currently the homepage has a static link to Squares Near Me that works for logged-out users, but starts giving Access Denied warnings to users who are logged in. This is because the main menu links to these pages are automatically displayed correctly to users based on their ability to see a page, however static links do not respect these permissions and are not dynamic in this way.

I will keep this issue in the back of my mind to see if I can think of best solution, although may need further discussions.

The site should also be checked for other problematic links at some point.

[sacrevert]

Wondering whether @kitenetter and @DavidRoy have any comments on this. We have actually had this issue on the NPMS site for years, but I could never reproduce the exact conditions for arriving at the Access denied page previously

[sacrevert]

Just discussed this with @NPMSSupport and @Sam-Amy and it seems that the neatest and simplest solution is just to hide the Square Near Me page to logged-in users (https://www.npms.org.uk/square-near-me-public), given that we know this generates an error for logged in users. It is redundant to those who are logged in anyway.

@andrewvanbreda can you advise whether this is somethign you can do, or whether it is @BirenRathod ?

[andrewvanbreda]

Hi @sacrevert, The page is already hidden by Drupal. The problem is the homepage has a link to the page and that link has been hard-code as html content so it is still present when users shouldn't see the link. Essentially it is a "dumb" link that has no logic behind it. I think the only solution is actually to put code on the homepage that detects if use is logged in or not, then change that link. I did try this before but I think I was struggling to get the page to work with Javascript as it is a basic Drupal page. However there is probably a way, I just don't have experience of doing that. i suspect what I need to do is create a tiny drupal module that does it.

[sacrevert]

@andrewvanbreda I'm not really bothered about the link in the text (i assume you mean the one below) I don't think many people who are logged in will notice that.

What i was requesting was the removal of the link to Squares Near Me from the main site menu (blue arrow below). Surely this is acheivable more easily?

[Sam-Amy]

It's also linked to on one of the rectangles on the home page - which seems like the most obvious way to me to find a square once logged in (before you even look in the menu).

[andrewvanbreda]

@sacrevert @Sam-Amy The link that originally resulted in this issue being created is the one that Sam is pointing out in that picture.

I believe the "Squares Near Me" link is correct, you are only seeing that because you are a site administrator.

[andrewvanbreda]

@sacrevert @NPMSSupport @Sam-Amy I have put a possible solution on a clone of live here

https://avb-btn-fix-brc-npms-d10.pantheonsite.io/

For a recap. The site uses a "Square Near Me" page for logged-out users, and "Request a Square" for logged in users. These pages look similar, but behave differently, particularly once a square is clicked on. There is just one homepage on live.

My new test site is using 2 homepages, one for logged in users, one for logged out. This mean that the previously broken "Squares Near Me" link picture can go to different pages depending on if the user is logged in or not.

The disadvantage of this is that a change to homepage text would need doing twice.

The advantage is that the pages can now be different for logged in, and logged out users. For example, the "Square Near Me" link picture could be changed to say "Request a Square" for logged in users (at the moment I just left the picture as it was, and directed it to the Request a Square page).

When checking the site, don't forget that the "Square Near Me" menu link is not shown to standard users once logged in.

[sacrevert]

@andrewvanbreda this seems like a good solution, and could be useful for other reasons too. Can i just check one thing: I logged into your test site as an admin, but it wasn't clear to me how this situation would appear to an admin user: how will the two different home pages appear to admin? Presumably admin should be able to see both of them, so that they can edit either. How will these appear on the menu/be accessed to an admin user?

[andrewvanbreda]

Hi @sacrevert ,

So when an admin navigates the site, the homepages work much the same way as a standard user. The admin will see the version depending on if logged in and out.

However the admin can access both versions by going to the content area of the site. In the list of pages you will see there are two "Welcome!" pages. The difference between them is one uses the URL "content/welcome-public" and the other "content/welcome".

I think I could probably add two "Home" options to the main menu for admin, but this would probably cause confusion unless you think the home-page will be edited a lot.

Let me know if you want me to go ahead.

Andy

[andrewvanbreda]

[sacrevert]

I see, thanks @andrewvanbreda Yes, please go ahead.

[andrewvanbreda]

@sacrevert Looking at this, I think I need to put site into maintenance mode. Is that ok for between 30 and 60 mins? If can't do now, I can do evening time if necessary

[sacrevert]

I would do it now @andrewvanbreda

[andrewvanbreda]

@sacrevert Done....although note I raised this https://github.com/BiologicalRecordsCentre/NPMS/issues/309

@BirenRathod When I saved the site settings, I initially could not save until I removed this text because it claimed I did not have rights to save "/toboggan/denied" from the "Default 403 (access denied)" field

Please re-instate this if needed.