I've started using this module a little more lately and noticed one thing that shouldn't be overlooked:
Just because the user can't view a node, doesn't mean they cant delete or update it (if the perms are set in admin/user/permissions.
Open atrium has the Book feature. I was removing access to some users outside of a group to books with og_privacy but then realized that they can still go to the url (node/#here/edit) and still edit or delete it.
Also, if they try to edit the node without view perms, they break the node. I haven't dug into this any deeper but even user1 gets an error in firefox:
The page isn't redirecting properly
I know there isn't anything this module can do about this since you cant override node.modules hook_access. This is just a heads up to those using this module.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | 0001-added-a-warning-about-user-permissions.patch | 1.42 KB | that0n3guy |
Comments
Comment #1
Grayside commentedHi guy, OpenAtrium is bugged in how it handles wiki content. I have brought it to the attention of the developers but they haven't yet taken action. The book module is set up with "shared editing" behavior via permissions as you describe, instead of in OG Access by configuring the content type as a Wiki Group Post. (This is because OA predates the existence of that functionality.)
I had thought Beta8 would resolve this issue, hopefully the next release will take care of it.
Trumping user permissions is not within scope for any node access module, but adding a bit of documentation somewhere is probably a good idea. Patches welcome to add a section to the README.
Comment #2
that0n3guy commentedGrayside, I thought it was odd that they did that. Good to know they may be fixing it soon.
I've started to use OA more and more for my own business and have been needing the ability to give users view perms to nodes in groups they aren't a part of (we talked about this a little here: http://drupal.org/node/1001548 also I posted a module I made their).
Anyways, hopefully OA fixes the wiki stuff in the next release. Attached is a simple doc patch. I realized after I made it that it should probably refer to this issue, but I'm lazy at the moment :).