In this video, we're going to take a look at the permissions for the Twitter module. If you're not careful, it's possible that you could allow unwanted users to publish posts to your Twitter account. So, let's take a look at how to avoid that.
- Go to "People => Permissions" (admin/people/permissions)
There are two sections that we'll look at "Twitter" and "Twitter Post"
- Twitter
- Add Twitter accounts (This permission allows users to add twitter accounts on their profile page. Accounts that are added by users with this permission will show up on the main "/tweets" page, and other places tweets are showing up on your site. It is not possible to publish tweets to the twitter streams of these users. This permission might be one you give to the site maintainer of the organization you're building the site for. With this permission they could add the twitter accounts of their organization members to have them aggregated on their site.)
- Add authenticated Twitter accounts (This permissions allows users to add authenticated twitter accounts. What that means is that they will be asked for their Twitter username and password. Accounts added this way will have their tweets aggregated on the "/tweets" page etc. and will also be authenticated so that tweets can be published to their streams from the site. Content creators are the most common recipients of this permission. Most users should not have this permission.)
- Administer Twitter accounts (This permission allows a user to add and remove any Twitter account to and from the site. They will still need to enter the Twitter username and password in order to add an authenticated Twitter account.)
- Twitter Post
- Post a message to Twitter (This permission enables the vertical tab "Post to twitter.com" that we saw in the last video. With it, the user will be able to select any authenticated account to post the message to. Since they can select ANY authenticated account, only grant this to trusted users.)
I'll quickly demonstrate each of these permissions.
Note: I'll create a new user "Chelsea" and grant each permission to the "Authenticated User" role. I don't recommend you give all of these permissions to all authenticated users, but it will work for demonstration purposes."
Add Twitter accounts
- At "People => Permissions" (admin/people/permissions) grant the "Add Twitter accounts" permission to authenticated users
- I'll login as Chelsea and go to "My account" (/user)
- Click "Edit"
- Click "Twitter accounts"
Here, I can enter any twitter account I'd like. I'll add a couple.
- Twitter account name: bjlewis2
- (Add a non-authenticated account)
- Check the "Tweets" box
- (Save changes)
Now, we can run cron and view the tweets of these new accounts at "/tweets".
If we switch back to the admin account and go to "Configuration => Web services => Twitter" (admin/config/services/twitter), we'll see the twitter accounts have been added. We can delete accounts here if we don't want them on our site, and you'll also notice that only authenticated accounts can include mentions. Let's add an authenticated account.
Add authenticated Twitter accounts
- At "People => Permissions" (admin/people/permissions) grant the "Add authenticated Twitter accounts" permission to authenticated users
- I'll login as Chelsea and go to "My account" (/user)
- Click "Edit"
- Click "Twitter accounts"
Now we have an additional button to "Go to Twitter to add an authenticated account". I'll add one now.
- Click "Go to Twitter to add an authenticated account"
- (Login with the account you'd like to authenticate)
Once that's done, you'll notice that the "Auth" column says "Yes" for that account. You can now choose to include tweets by and/or mentions of this user on the site. This has also added the account to the list of accounts that can be utilized when posting about new content on the site. We'll see that in just a minute when we enable the "Post a message to Twitter" permission.
Administer Twitter accounts
- At "People => Permissions" (admin/people/permissions) grant the "Administer Twitter accounts" permission to authenticated users
This doesn't make much of a visible difference when we refresh the page. The only thing it has done is add an "Added by" column to the table. Which, because this table is only showing accounts this user has added, isn't very helpful. It did also give us access to the Twitter settings page at "/admin/config/services/twitter". If this user had access to the toolbar, or there was a link to the page somewhere else, that would also be visible. Let's take a look at that.
- Go to "/admin/config/services/twitter"
On this page, we can add and remove as many twitter accounts as we would like. Even those added by other site users. And on this page, the "Added by" column makes more sense because we can see who added each of the accounts.
Post a message to Twitter
Before, I enable this permission, I'll start to create a new article so that you see the difference that the permission makes.
- Click "Add content" (node/add/article)
As we scroll down this page, you'll notice that I don't have the option to tweet about this post when it is created. Now, let's grant permission to do that.
- At "People => Permissions" (admin/people/permissions) grant the "Post a message to Twitter" permission to authenticated users
Now, when I refresh the create article page, you'll see the vertical tab "Post to twitter.com". You'll also notice that there is a field to select which account to post to. This option wasn't there in earlier videos because we only had one authenticated account. When I click the select list, you'll also notice that I can select to post to any authenticated account. Not only the accounts that I've added. So, keep this in mind when granting this permission to your site users.
Alright, now that you have an understanding of the Twitter permissions, let's take a look at the tweets that are posted on our site, and the Views that come with the Twitter module.