I have a Drupal 6 site (6.13) with both public and private forums using the forum access module to grant permissions by roles. After installing the Conference module, I am finding that anonymous users can access private forum nodes by directly entering the node url. While they are not likely to guess the node number, private content is being found by google) The permissions are set correctly for conference papers, as entering the URL for a paper node while not logged in does lead to the Access Denied message as one would expect.

Rebuilding node permissions does not seem to resolve the problem for forum nodes (although disabling the conference module and rebuilding permissions does)

Any suggestions on how to have the node permissions be limited to conference papers/reviews and not granted to other nodes?

(dev node access indicates that the realm is conference_all with a gid of 0 and view 1')

Comments

eboyd16’s picture

eboyd16 commented

conference_all realm is attached to every node in the code_access table with grant view. Delete that realm from the node and the access will go away.