I have Content Access (with ACL) installed as well as the Node Access Node Reference module.
In my project, I have parent "Manuscript" content types with child "Citation" content types. The Citation has a CCK userReference field to the Manuscript.
Using Content Access, I can specify what roles have access to individual manuscripts. I can also specify whether individual users have read, update & delete access via Content Access's ACL feature.
If a user updates the access permissions for a Manuscript, I want all of those permissions to populate down to the Citations that have a reference to that manuscript. So rather the descending into php template hell, I installed the Node Access Node Reference module, and updated the Manuscript content type specifying that all child citations should have their permissions updated.
It works...sort of. For me, the author, permissions appear to be populated fine. But for other users, both role-based and individual ACL user-based permissions are not populating.
I think the source of this is when the child citation node is being created--in nodeaccess_nodereference.module, in the nodeaccess_nodereference_node_access_records hook. I only see it writing two records--one for the author, and another that appears to reference the child node being created.
here are the node_access records for the parent Manuscript:
| nid | gid | realm | grant_view | grant_update | grant_delete | |
| 20 | 1 | acl | 1 | 1 | 1 | user with ID 1 has view, edit, delete permission |
| 20 | 1 | content_access_author | 1 | 1 | 1 | author has view, update, delete permissions |
| 20 | 2 | acl | 0 | 1 | 0 | user 2 has edit permissions |
| 20 | 2 | content_access_rid | 1 | 1 | 0 | Authenticated users have view permissions |
And here are the records for the child citation node:
| nid | gid | realm | grant_view | grant_update | grant_delete | |
| 53 | 1 | content_access_author | 1 | 1 | 1 | citation author has view, edit, delete permissions |
| 53 | 1 | nodeaccess_nodereference_author | 1 | 1 | 1 | Author of the referenced Manuscript has view, edit, delete permissions (?) |
| 53 | 3 | content_access_rid | 1 | 0 | 0 | Users with role administrator have view permissions (shouldn't this be rid= 2--authenticated users?) |
| 53 | 53 | nodeaccess_nodereference | 1 | 1 | 1 | ? |
I don't see any of the acl permissions transferred over...or the authenticated user role, either. Is this a bug, or is the functionality to copy content access role and acl permissions simply not in node_reference node_access?
I'm using node reference version 6.x-2.8, node reference node access version 6.x-1.x-dev, content access 6.x-1.x-dev and acl 6.x-1.3
Comments
Comment #1
danielb commentedI think the problem was that it was using the parent node instead of the child node as the 'gid' ?
I've changed that for beta10, but I don't know if that completely addresses your problem.
Comment #2
danielb commentedLet me know if this is still a problem with the latest releases? I've fixed a few more bugs.
Soon I will add that function to make it easier to debug with devel.
Comment #3
drealeed commentedDaniel,
I downloaded your latest version. And thanks by the way for fixing the value/tid issue and also the gid getting set to the child node nid rather than the parent nid.
I still experienced the same problem with acl permissions not being populated. After poking around, I discovered that if I changed
if ($reference_node=node_load($reference) && node_access($op, $reference_node, $account)) {
to
$reference_node=node_load($reference);
if (node_access($op, $reference_node, $account)) {
in function nodeaccess_nodereference_node_grants, the parent node permissions were checked correctly.
Once the permissions were being retrieved, I then discovered a bug in retrieving the cached version of the data. When you set the cache, you hand it the ID; but when you retrieve the cache, the object you get back is a wrapper that holds your original value in the data field. I had to change
$grants[$account->uid][$op]['nodeaccess_nodereference']= $cached_grants;
to
$grants[$account->uid][$op]['nodeaccess_nodereference'] = $cached_grants->data;
to avoid a huge sql join error popping up.
Which allowed another bug became visible, and I had to change
$grants[$account->uid][$op]['nodeaccess_nodereference']= $cached_grants->data;
to
$grants[$account->uid][$op]['nodeaccess_nodereference'][]= $cached_grants->data;
to fix an "Invalid argument supplied for foreach()" error.
and now everything's working swimmingly.
I made these change in my local nodeaccess_nodereference.module. I'll be continuing to work and unit test node reference permissions today and will let you know if my change causes any problems elsewhere.
Comment #4
danielb commentedOK Thanks, I'll fix those up
Comment #5
danielb commentedI have reverted this part, I suspect the 'bug' here just needed cache to be cleared
more at #1024846: "Unknown column 'Array'" error
Comment #6
true-pal commentedPEREFECT :-)
with beta 14 all is working as expected.
Thank you.
Comment #7
drealeed commentedThanks! I'll get the latest.