We are having ongoing problems with permissions between femail and forum_access for public/private forums.

Users with femail permissions may post new forum topics or add comments by replies even if the forum_access permissions are not granted for posting! The forum_access has priority of node grants 10 (the highest) so that *should* overide femail, but does not. It does prevent others from accessing the node via directly entering the node's url.

Users without femail permission who send a post by email to the forum are treated as unpublished nodes or are in the approval queue for comments. (as expected)

This is what I would *hope* would happen if a user has femail permissions but not create comments or create forum topics for a given forum. In this way femail can distribute forum posts to the subscribed users, but users without post permission will have to have their posts approved before they are distributed to the rest of the list/forum. (this is the case with posts directly from the website)

The problem seems to be some interaction between forum_access and femail. Any help will be appreciated!

Comments

mclyde’s picture

As a request to handle the issue, would it be possible to separate femail permissions into post/subscribe by roles?

* subscribe to forum (allows user to subscribe to forums to which they have access so they will receive posts by email)

* post to forum without approval (this would allow them to post to any forum that they have access by femail)

if the post permission is not granted, then emails sent to the forum address would remain in the content/comment queue as unpublished until a moderator approves them.

For public forums, this would allows only certain roles to have unrestricted posting privileges, while allowing a larger group to subscribe to the forum. i.e. authenticated users could subscribe to a forum but would not be able to post without approval. We had 2 users with non-standard "away" messages that got into one forum and started an auto-reply ping-pong match so would like to prevent that. RIght now femail permissions seem to grant subscribe and post (and override other foum grants)

Thanks for all your efforts -- the forums have worked wonderfully for our smaller private forums!

nicolasg’s picture

We too had that issue.
Ended up re-working the femail.drush.inc and femail.pages.inc files to include calls to the forum_access functions.

For femail.drush.inc...
Essentially, call upon the forum_access_access() function to check if the user has the proper priviledge to create a post via femail.

Towards the end of femail_drush_callback()

if(!user_access('post by femail')){
    // Add a message to the logs so that we know we received a message 
    watchdog('femail', 'Message "@subject" FROM "@email" has NOT been posted', array(
      '@subject' => $msg['title'],
      '@email' => $msg['from']
    ), WATCHDOG_INFO);
    //$comment_status = 1;
    //$node_status = 0;
    $doAction = false;
    
  }else{	//Allowed to post by femail, but then need to check forum restrictions    
  	
  	$emails = variable_get('femail_emails', array());
  	$tid = array_search($msg['to'], $emails);
  
	//Check the 'create' permission
	$allowedToCreate = forum_access_access($tid,'create');  
  	
  	if(!$allowedToCreate){
  		 watchdog('femail', 'Message "@subject" FROM "@email" TO "@to" has NOT been posted. No permission to post to the given forum.', array(
	      '@subject' => $msg['title'],
	      '@email' => $msg['from'],
  		  '@to' => $msg['to']
	    ), WATCHDOG_WARNING);
	    
  		$doAction = false;
  	}
  }
  
  //Set to published. 
  $comment_status = 0;
  $node_status = 1;
  

  
  if($doAction && !$doTopic){
	  if(_femail_post_comment($msg, $user, $comment_status)){return;}
	  
	  //If we land here, the post comment failed, post the msg as a topic instead.
	  $doTopic = true;
  }
  
  if($doAction && $doTopic){
  	_femail_post_forum_topic($msg, $user, $node_status);
  }

Should probably have seperated out the create versus comment permission but for our purpose, if they can create, they can comment.
In the above, also removed the "if not allowed to post then mark as unpublished" piece; if your not allowed to post, log it but dont keep the message. You may wish to put back the code to post as unpublished.

For femail.pages.inc in femail_user_subscribe() surrounded the array item in the foreach loop with a forum_access check.

if(in_array($branch->tid, $forum_containers)){
      // Container
      $form['femail_subscribe'][$branch->tid] = array(
        '#value' => '<tr class="' . $class . '"><td style="padding-left:' . (($branch->depth * 10) + 5) . 'px;">' . check_plain($branch->name) . '</td></tr>'
      );
    }else{
      // Forum
      
    	//Check permission for given forum
    	if(forum_access_access($branch->tid,'view',$account)){    	
	      $form['femail_subscribe'][$branch->tid] = array(
	        '#type' => 'checkbox',
	        '#title' => check_plain($branch->name),
	        '#default_value' => isset($subscriptions[$branch->tid]) ? 1 : 0,
	        '#prefix' => '<tr class="' . $class . '"><td style="padding-left:' . (($branch->depth * 10) + 5) . 'px">',
	        '#suffix' => '</td></tr>'
	      );
    	}
    }

To make a proper patch would require restructuring the code to:
- check if forum_access is installed, if so then do the checks else proceed with old code
- check the create permission and "comment" permission via forum_access

Hope this helps.

mclyde’s picture

Thanks - will try it tonight! We do want posts to go into an unpublished queue so that we may moderate and change to publish. Hope it can get integrated as part of the official module !

I think the latter code is incorporated in the module now, but coded differently as only the forums that the user does have access to are available on the subscription page.

mclyde’s picture

so far no luck - all topics and comments are being posted even though user does not have permission to create topics in the forum. Will take a closer look in the morning. Thanks!

sdrycroft’s picture

Apologies for not replying sooner, I'll try and get a fix out for this issue soon. It looks like the Femail module will have to work specifically with the forum_access module for this to work properly.

mclyde’s picture

Knew I should quite sooner last night -- forum permission was allowed :-)

This is working now !!!! (with check to see if forum_access is loaded)
All new topics where user does not have access (either femail or forum permission denied) are set as unpublished nodes.

Remaining issues:
I have found that changing the node to publish make the node appear in the forum, but does not to trigger femail to distribute the node. Editing it, and clicking publish box and saving does trigger the email.
author is original user in the forum, but is sent by femail with sender as the admin who published the node. (would be nice to keep the original senders email as in the forum)

Comments are going into the forum even though user doe not have post without approval AND the approval queue, but not out by email at least)

Thanks to all!!!
Merlise

 if(!user_access('post by femail')){
    // Add a message to the logs so that we know we received a message and that
    // it hasn't been published
    watchdog('femail', 'Message "@subject" FROM "@email" has been posted, but unpublished', array(
      '@subject' => $msg['title'],
      '@email' => $msg['from']
    ), WATCHDOG_INFO);
    $comment_status = 1;
    $node_status = 0;
  }
  else{ 
   // user allowed to post by femail

   // if forum_access loaded  verify forum permissions
    if (module_exists('forum_access')) {
	$emails = variable_get('femail_emails', array());
   	$tid = array_search($msg['to'],$emails);
       // check the 'create' permission
    	$allowedToCreate = forum_access_access($tid, 'create', $user);

	if (!$allowedToCreate) {
	  $comment_status = 1;
   	  $node_status = 0;
    // Add a message to the logs so that we know we received a message and that
    // it hasn't been published
    watchdog('femail', 'Message "@subject" FROM "@email" has been posted, but  unpublished', array(
      '@subject' => $msg['title'],
      '@email' => $msg['from']
    ), WATCHDOG_INFO);
   }}
   else {
    	$comment_status = 0;
    	$node_status = 1;
	}
  }
  
  // If the in-reply-to is set, then we need to create a comment else we need to
  // create a node, or creating a comment has failed as the msgid could not be
  // found.
  if(isset($msg['in-reply-to']) || strtolower(substr($msg['title'], 0, 3)) == 're:'){
     if(_femail_post_comment($msg, $user, $comment_status)){return;}
  }
  // else we need to create a node, or creating a comment has failed as the 
  // msgid could not be found.
  _femail_post_forum_topic($msg, $user, $node_status);
}
mclyde’s picture

If I update the status of a node to published in the Administer-> Content Management -> content
I observe the following

in femail_nodeapi (in femail.module)

$op is 'update' (correct), but $forum_tid is null so no message, but node does appear in the forum

If I edit the node (as admin) and save it, the $op is 'alter' and forum_tid is set, and thus the email goes out.

nicolasg’s picture

The "remaining issue" problem may due to the fix in 1.9 which is related to this http://drupal.org/node/1220300. Are you testing on 1.8 or 1.9 ?

mclyde’s picture

using 1.9 (actually same site :-)

1.9 fixes the problem in http://drupal.org/node/1220300 so if forum permissions and femail permissions are granted email does go out as expected now. (Thanks!)

If the user has femail permission but not forum permissions, the topic is unpublished with the fixes above. (that works now!)

Issue 1) node seems to be missing the taxonomoy terms after updating the status to publish so the forum_tid is null. Editing and updating the status to publish and saving does update the taxonomy ?? so forum_tid is set, and femail does distribute the topic.

Issue 2) comments are ignoring the forum permission (probably the same checks need to be made?), so appear in the forum when they should be in the comment approval queue. (but are not sent by email (half right).)

Updating their status in the comment approval queue does trigger femail to distribute them, so the behaviour for "publishing" a comment is not the same as publishing a node.

Issue 2 is more critical as we do not want posts to appear without approval, while Issue 1 requires more work on the moderators part.

Thanks!
Merlise

nicolasg’s picture

For issue #2, I thought the following code would make the comment not published

else {
    $comment_status = 0; <-- This line
    $node_status = 1;  
}

The status of 0 should make the comment not published, as per http://api.drupal.org/api/drupal/modules--comment--comment.module/consta...

Its possible that the code

// check the 'create' permission
$allowedToCreate = forum_access_access ( $tid, 'create', $user );

Is not working for the comment thats coming in.
One way to check is to write the value of allowedToCreate to the watchdog.

// check the 'create' permission
$allowedToCreate = forum_access_access ( $tid, 'create', $user );
watchdog ( 'femail', 'Forum access module exists. allowedToCreat = ' . $allowedToCreate . ', tid=' . $tid . ', uid=' . $user->uid . ', to=' . $msg['to'], WATCHDOG_INFO);
mclyde’s picture

comment_status = 1 is unpublished, so comment needs approval before publishing.

I've verified that the allowedtoCreate is false, so comment_status should be 1 and node_status = 0, which results in the following actions

* comment "appears" in forum (wrong)
* comment is in comment approval queue as unpublished (correct)
* watchdog indicates that comment needs approval
* femail does not distribute the comment (correct)

m

nicolasg’s picture

Weird.

Do a comment, check the DB, then go in and edit the comment and re-save (should now not show up), check DB. See what field is not being set properly.