I am working on a site that is using forum_access to control user access to forums on a per-role basis. It appears as though apachesolr and apachesolr_access are not picking up on these settings, the result being that users are seeing links in their search results that they do not have permission to access.

I have looked into how forum_access works and it appears that it should be compatible with how apachesolr_access works, however that doesn't seem to be the case.

I would appreciate any pointers on how to troubleshoot this issue

Comments

beanjammin’s picture

As a follow-up, this is what the devel node access module had to say re user permissions for a particular forum post. This forum post appears in the apachesolr search results when logged in as user testauth, but the user does not have permission to access the forum post:

username    create	view	update	delete
testauth	NO: by forum_access	NO: by forum_access	NO: by forum_access	NO: by forum_access

Sorry about the nasty formatting.

pwolanin’s picture

Perhaps there is something funny about the way forum_access interacts with the anonymous user account?

Generally I would add some debug code to verify which node access grants are found at index time, and double check what's in the index.

beanjammin’s picture

Just to close up this issue, we had been using a combination of taxonomy_access and forum_access and it was working well for us in all aspects except solr search results, where users were seeing results that included content that they didn't have access to.

After much time inspecting the contents of the solr index (Luke is your friend) and learning lots about how drupal does access control, we grudging decided to work around the issue. Our work around was to remove the forum_access module and use taxonomy_access for all aspects of the site access control. I realise that having more than one access control module can cause issues, as it did in this case. That said, the results from apachesolr_access do not match those given by the devel module's access information or the actual results experienced by a user viewing site content. This points to an ongoing problem in how apachesolr_access determines whether a user has access to site content.

nick_vh’s picture

Status: Active » Needs work

I'd be happy to learn more about this.

Could you describe us in a short way a set of modules (including their versions) + a limited set of data how to replicate this issue so people can duplicate the environment and see if the bug also appears in their systems? This way we don't leave a bug open.

nick_vh’s picture

Version: 7.x-1.0-beta8 » 7.x-1.x-dev
nick_vh’s picture

Status: Needs work » Closed (cannot reproduce)