I have Content Access (with ACL) installed as well as the Node Access Node Reference module.

In my project, I have parent "Manuscript" content types with child "Citation" content types. The Citation has a CCK userReference field to the Manuscript.

Using Content Access, I can specify what roles have access to individual manuscripts. I can also specify whether individual users have read, update & delete access via Content Access's ACL feature.

If a user updates the access permissions for a Manuscript, I want all of those permissions to populate down to the Citations that have a reference to that manuscript. So rather the descending into php template hell, I installed the Node Access Node Reference module, and updated the Manuscript content type specifying that all child citations should have their permissions updated.

It works...sort of. For me, the author, permissions appear to be populated fine. But for other users, both role-based and individual ACL user-based permissions are not populating.

I think the source of this is when the child citation node is being created--in nodeaccess_nodereference.module, in the nodeaccess_nodereference_node_access_records hook. I only see it writing two records--one for the author, and another that appears to reference the child node being created.

here are the node_access records for the parent Manuscript:

nid gid realm grant_view grant_update grant_delete
20 1 acl 1 1 1 user with ID 1 has view, edit, delete permission
20 1 content_access_author 1 1 1 author has view, update, delete permissions
20 2 acl 0 1 0 user 2 has edit permissions
20 2 content_access_rid 1 1 0 Authenticated users have view permissions

And here are the records for the child citation node:

nid gid realm grant_view grant_update grant_delete
53 1 content_access_author 1 1 1 citation author has view, edit, delete permissions
53 1 nodeaccess_nodereference_author 1 1 1 Author of the referenced Manuscript has view, edit, delete permissions (?)
53 3 content_access_rid 1 0 0 Users with role administrator have view permissions (shouldn't this be rid= 2--authenticated users?)
53 53 nodeaccess_nodereference 1 1 1 ?

I don't see any of the acl permissions transferred over...or the authenticated user role, either. Is this a bug, or is the functionality to copy content access role and acl permissions simply not in node_reference node_access?

I'm using node reference version 6.x-2.8, node reference node access version 6.x-1.x-dev, content access 6.x-1.x-dev and acl 6.x-1.3

Comments

danielb’s picture

and another that appears to reference the child node being created.

I think the problem was that it was using the parent node instead of the child node as the 'gid' ?
I've changed that for beta10, but I don't know if that completely addresses your problem.

danielb’s picture

Status: Active » Fixed

Let me know if this is still a problem with the latest releases? I've fixed a few more bugs.
Soon I will add that function to make it easier to debug with devel.

drealeed’s picture

Daniel,

I downloaded your latest version. And thanks by the way for fixing the value/tid issue and also the gid getting set to the child node nid rather than the parent nid.

I still experienced the same problem with acl permissions not being populated. After poking around, I discovered that if I changed

if ($reference_node=node_load($reference) && node_access($op, $reference_node, $account)) {

to

$reference_node=node_load($reference);
if (node_access($op, $reference_node, $account)) {

in function nodeaccess_nodereference_node_grants, the parent node permissions were checked correctly.

Once the permissions were being retrieved, I then discovered a bug in retrieving the cached version of the data. When you set the cache, you hand it the ID; but when you retrieve the cache, the object you get back is a wrapper that holds your original value in the data field. I had to change

$grants[$account->uid][$op]['nodeaccess_nodereference']= $cached_grants;

to

$grants[$account->uid][$op]['nodeaccess_nodereference'] = $cached_grants->data;

to avoid a huge sql join error popping up.

Which allowed another bug became visible, and I had to change
$grants[$account->uid][$op]['nodeaccess_nodereference']= $cached_grants->data;
to
$grants[$account->uid][$op]['nodeaccess_nodereference'][]= $cached_grants->data;

to fix an "Invalid argument supplied for foreach()" error.

and now everything's working swimmingly.

I made these change in my local nodeaccess_nodereference.module. I'll be continuing to work and unit test node reference permissions today and will let you know if my change causes any problems elsewhere.

danielb’s picture

OK Thanks, I'll fix those up

danielb’s picture

Which allowed another bug became visible, and I had to change
$grants[$account->uid][$op]['nodeaccess_nodereference']= $cached_grants->data;
to
$grants[$account->uid][$op]['nodeaccess_nodereference'][]= $cached_grants->data;

I have reverted this part, I suspect the 'bug' here just needed cache to be cleared

more at #1024846: "Unknown column 'Array'" error

true-pal’s picture

PEREFECT :-)
with beta 14 all is working as expected.
Thank you.

drealeed’s picture

Thanks! I'll get the latest.

Status: Fixed » Closed (fixed)
Issue tags: -ACL, -Content access

Automatically closed -- issue fixed for 2 weeks with no activity.