Exercise 22 Make a Block Visible to Only Administrators

Suppose you would like to know who is currently visiting your site, but this is not information that you want your visitors themselves to be able to see. The solution is to activate the Who's Online block and use a path fragment to limit the visibility of the block to an area that only you (or other administrators) can access. One such area is the User Administration section on the admin/user page. The Administer Users permission is required to access this path, and since you will probably not want to extend this permission to normal site visitors, it is a perfect candidate for showing information that only you or other administrators are supposed to see.

1. Navigate to administer> blocks and find the Who's Online block. Click its Configure link. In the Page Specific Visibility Settings section, set the "Show block on specific pages" option to "Show on only the listed pages." Now you can specify a path, and the block will appear only on pages that match the path you specify.

2. The path to the user administration section of the site is admin/user. Since you want the block to appear on that and all related pages, use the wildcard character to match the entire section: admin/ user/*. Enter this value in the Pages field and click Save Block.

3. You are returned to the block listing page. Now that you have specified the access to the block, you can turn it on. Click Enabled, decide whether the block should appear on the left or right, optionally set a weight to control where it appears in relation to the other blocks in the same sidebar, and then click Save Blocks. The block is now enabled and should appear only on the desired pages.

4. To test whether the block appears where you expect it to, and nowhere else, select administer> users. The block should appear there, as well as on the pages for adding users and configuration. The block should not appear on any other pages.

5. To test that users who are not administrators cannot view the block, you need to create a test account with a different username, log in as that user, and attempt to access the admin/user path. Not only should you not be able to access the page where the block is visible, it should not appear on any other pages and should not be presented as an option to be enabled on the user page for this user.

Most cases for determining block visibility can be handled using Drupal paths. For the rest of the cases, the administrator has complete flexibility and control in the form of the third option for the Show Block on Specific Pages field, "Show if the following PHP code returns TRUE." This option takes a segment of PHP code, runs it, and uses the result (a value of TRUE or FALSE) to decide whether or not to display the block. See Exercise 2-3 for an example.

0 0

Post a comment