Posted by reinvented on January 6, 2011 at 4:00pm
2 followers
| Project: | UC Upsell |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
| Issue tags: | Node access, workflow |
Issue Summary
The module currently uses the uc_upsell_filter_types function to filter out unpublished nodes from eligibility for display as upsell items.
We use the Workflow module to manage the state of our Ubercart products, and we only want to display upsell products that are in a given workflow state (in our case "Published," but this could be anything).
While my understanding of Drupal's node access control is not deep, I think that the filtering currently done by uc_upsell_filter_types could be abstracted out to use the node_access function, which would not only check the "published" status as it does now, but also would incorporate any other restrictions imposed by other node access control-involved modules.
Comments
#1
I've rolled a patch that replaces the query to test for the current node status of each product with node that uses node_access to test to see whether the current user has permission to see the product in question.
If I've done this correctly, then this should allow any Drupal module that uses standard node access practices to work properly with UC Upsell, including Workflow.
I've tested this patch in our installation and it does properly filter out products that either are not "Published" (node status is FALSE) or don't have a Workflow state that would allow the current user to view them.
#2
I think there's a patch floating around (from agentrickard) that changes the SQL queries to use db_rewrite_sql, which would handle the node access rules without having to load the entire $node, as you've done in your patch. I'll see if I can get this in asap. I've been meaning to update the module for a while now, perhaps I'll start with this issue.