Posted by kps on October 22, 2004 at 8:32pm
Jump to:
| Project: | Drupal core |
| Version: | 6.9 |
| Component: | node.module |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (cannot reproduce) |
Issue Summary
Scenario: Non-administrative users are allowed to create forum topics, but these topics are created unpublished pending administrative approval.
This is what a user who creates a forum topic sees:
Access denied
Your forum topic was created.
You are not authorized to access this page.
Um, yeah.
Comments
#1
The attached patch sends the user to the front page instead of the newly created node, if they don't have permission to view it.
#2
Lovely. Drupal.org doesn't have an upload directory right now, so it lets me attach a file, then... throws it away. Oh well, that's for another bug report.
--- node.module Sat Oct 23 12:47:20 2004
+++ node.module Thu Nov 11 18:43:20 2004
@@ -1377,7 +1377,12 @@ function node_submit($node) {
// Node was submitted successfully. Redirect to the viewing page.
drupal_set_message($msg);
- drupal_goto('node/'. $node->nid);
+ if (node_access('view', $node)) {
+ drupal_goto('node/'. $node->nid);
+ }
+ else {
+ drupal_goto('');
+ }
}
/**
#3
Hmm, on second thought I like this better:
--- node.module Sat Oct 23 12:47:20 2004
+++ node.module Thu Nov 11 18:56:54 2004
@@ -1376,8 +1376,13 @@ function node_submit($node) {
}
// Node was submitted successfully. Redirect to the viewing page.
- drupal_set_message($msg);
- drupal_goto('node/'. $node->nid);
+ if (node_access('view', $node)) {
+ drupal_set_message($msg);
+ drupal_goto('node/'. $node->nid);
+ }
+ else {
+ return $msg;
+ }
}
/**
#4
Committed to HEAD and DRUPAL-4-5. I used the first patch because that makes for the most consistent approach: status messages are reported using drupal_set_message(). Thanks kps.
#5
#6
This bug is back again in Drupal 6.
#7
Please open a new issue and explain steps to reproduce if this problem exists. It's not really relevant to a conversation from 2004.