To reproduce, create a user and a client, and assign the user to the client. Make note of the client nid (i.e., "node/88") Assign the user the "Aegir client" role. Login as said user and navigate to the URL of the client node. You'll get an "access denied" message. Oddly enough, going to the client edit form (i.e., "node/88/edit") works (nothing wrong with the "Edit own client" permission!)

CommentFileSizeAuthor
#1 view_client_perm_1236490_1.patch891 bytesergonlogic

Comments

ergonlogic’s picture

ergonlogic
he/him
Primary language English
Location Montréal, Québec 🇨🇦
commented
Status: Active » Needs review
StatusFileSize
new view_client_perm_1236490_1.patch891 bytes

This should be fixed by checking $account->uid rather than $user->uid in hosting_client_access(), on line 91 of hosting_client.module, as per the attached patch.

ergonlogic’s picture

ergonlogic
he/him
Primary language English
Location Montréal, Québec 🇨🇦
commented
Assigned: Unassigned » ergonlogic

Also, committed to my dev repo: http://drupalcode.org/sandbox/ergonlogic/1226310.git/commit/86747789494f...

steven jones’s picture

steven jones commented
Status: Needs review » Fixed

Good catch, pulled the fix into the main repo.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit 2f3447a on 7.x-2.x, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-588728-views-integration, dev-1403208-new_roles, dev-helmo-3.x authored by ergonlogic, committed by Steven Jones: 
    Issue #1236490 by ergonlogic: Fixed 'view client' access check.

  • Commit 2f3447a on 7.x-2.x, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-588728-views-integration, dev-1403208-new_roles, dev-helmo-3.x authored by ergonlogic, committed by Steven Jones: 
    Issue #1236490 by ergonlogic: Fixed 'view client' access check.