So maybe I'm just not understanding how this module works.
What I'm trying to do is provide a content type for jobs and a content type for applications. Then a user can create a job node and other users can create application nodes that reference the job node. I want the author of the job node to have permissions to view all of the application nodes that reference the job node. But I only want the authors of the applications to have permissions to view their own application nodes but none of the other applications.
So I created a node reference field on the application content type that references the job content type.
I then set Grant view access within the (if the user has update access to a referenced node) settings.
I then checked all three boxes under the (Grants for author) settings.
At least by my logic this should allow the author of the job node to view the application node and the author of the application node to view their own node but no other application nodes. Unfortunately it is not working. The author of the job node can not view the application nodes.
Any assistance here would be greatly appreciated. I have tried this with the dev version also.
| Comment | File | Size | Author |
|---|---|---|---|
| #10 | nodeaccess_nodereference-cross_access_calculation_bug-1302380.patch | 909 bytes | Matthew Davidson |
| #2 | Application-permissions.jpg | 92.91 KB | xanderol |
| #2 | Settings.jpg | 121.81 KB | xanderol |
Comments
Comment #1
danielb commentedGet the Devel module and activate the Devel Node Access blocks, see if what they say is consistent with what you expect?
Comment #2
xanderol commentedI activated the Devel Node Access module. With user1 I created a Job node called Job. Then with user2 I created an application node and called it application.
In my reference settings I checked all three boxes in the (if the user has update access to a referenced node) setting. I also checked the view box in the (Grants for author) settings.
When I view the application node the Node Access module shows that Users that may update referenced node Job may view/update/delete this node. But then in the Access permissions by user it shows that user1 only has the permission to update the node. So it seems to be Passing the update permission but not Granting the view and delete permission. I'm not quite sure what the difference is in the Pass and Grant. The Node Access module seems to think that user1 should be allowed all three permissions but user1 is not receiving them.
If I uncheck the boxes from the (if the user has update access to a referenced node) settings then check all three boxes in the (if user has delete access to a referenced node) settings, then the permission given to user1 changes to delete but provides no other permission.
If I check all three boxes in both settings then it provides no permissions at all to user1.
Comment #3
danielb commentedI'll try to figure out what might cause that, not easy though.
Comment #4
jestith commentedI'm certainly not an expert with this module, but I think I have a similar use-case problem that xanerdol has, but my site is using the Drupal 6 version: 6.x-1.14.
In my case, user jjones is the owner of a node (Article 4) referenced by the referring node. I see on the referring node:
node_access entries for nodes shown on this page
2183 0 ok nodeaccess_nodereference_update 2184 1 0 0 Users that may update referenced node Article 4 may view this node
By this I assume the user JJones who created the Article 4 node should also have update permission to that node, and hence should for the referring node receive view permission.
Access permissions by user
jjones NO: by the module NO: node access NO: node access NO: node access
But here it indicates jjones does not have view permission, and the user cannot view the node.
Comment #5
k1 commentedI am having same problem. I think part of Xanderol issue is that the application node type is set to NOT publish.
I am unable to get this module to restrict access to my node reference. If I grant view access to my un-published node to the author of parent node, I get access denied message. When I publish the node, I don't get access denied message anymore but the node is accessible by everyone. I am using version 6x1.14
I have rebuilt permissions and cleared cache. what am I doing wrong? Thanks
Comment #6
Jman-1 commentedI am having this same problem. I have a series of Project Documents which are related to Projects. The Project Documents should only be visible to the Users who are listed in the Project's Team Members Node Reference List. The Projects page is also editable by Users in the Team Member's list. In order to keep the Project Documents inaccessible to Anonymous Users I do not pass on View Rights, but I Grant View Rights if the User can Edit the Project Page. This is where things break down and the Rights don't get granted. The Author of the post and Admins are able to see the Project Documents, but other Team Members on the Project can not.
Any ideas?
Comment #7
mariusz.slonina commentedThe offending line is (nodeaccess_nodereference.module 421-425):
I had to comment it to have my intranet site working.
Comment #8
mostou commentedI experience the same issue not being able to grant view permission, if the referenced user has update access. I don't know if it is a conflict between content access module and Node access node reference module. I have tried different weight options without seeing this issue disappear.
Reproduction of the error.
Modules:
Content Access 6.x-1.2
Node access node reference 6.x-1.4
Node access user reference 6.x-3.3
Users/roles:
User1 -> Role1
User2 -> Role1
Contenttypes:
Contenttype1 + user reference field
Contenttype2 + node reference field
Content:
Node1 of contenttype1 + user1 referenced
Node2 of contenttype2 + node1 referenced
Contenttype1 access rules
-------------------------
Content access: View any and own content enabled for Role1. Weight 0
User reference field: Grant update. Weight 0
Contenttype2 access rules
-------------------------
Content access: nothing. Weight 1
Node reference field: If the user has Update access, Pass on update and grant view. Weight 1
Everything works as aspected with node1 for user1 and user2. However the problem appears with node2 for user1. View access is not granted eventhough user1 has update access on node1. With the Devel module installed it seems user1 has update permission but no view permission on node2.
Should this be raised as a new issue?
Comment #9
Matthew Davidson commentedA foreach loop over all ops in nodeaccess_nodereference_calculate_grants() was breaking on the first grant found for an op, which meant that if you had multiple possible grants for a single op, only the first one found was returned.
Comment #10
Matthew Davidson commentedWhoops. Here you go:
Comment #11
danielb commentedVery good Matthew, we'll see what the others say. But it looks like a winner, and I'm sorry you had to read that code.
Comment #12
xanderol commentedI just gave Matthew's patch a try and it does indeed seem to do the trick.
Thank you for squishing the bug Matthew and thank you for an excellent module danielb :)
Comment #13
drupalmeister commentedBy the way, interesting that no one mentioned it, but the issue in this thread seems to be the same one brought up in this post: http://drupal.org/node/1116920
(Pay attention to new code by module author at this comment http://drupal.org/node/1116920#comment-4506586)
Comment #14
drupalmeister commentedIf it's breaking on the first round of the loop, why is it breaking if you just have the module grant 'view' access [If the user has update access to a referenced node]?
Thanks so so much for taking the time to look at the code and fix it. It would certainly help a lot of people who are experiencing issues, including myself...
Comment #15
mostou commentedThanks alot Matthew - it works for me too on 6.x-1.14
Drupalmeister I did notice the other issue, I just assumed this was another case since http://drupal.org/node/1116920 was closed as fixed and was a issue related to 6.x-1.10 - so I assumed that fix was already included in 6.x-1.14. I haven't checked though.
Comment #16
drupalmeister commentedHi mostou,
I'm actually running the 6.x version which includes the added code that was suggested by danielb in order to fix that issue, but I still have the same problem.
I would love to hear from others if they had success in fixing this issue.
You can take a look at my comment here http://drupal.org/node/1116920#comment-5223442 where I describe the problem I have. Seems to me like the issue in both threads is the same.
Do you think I should use the patch in this thread to try to solve it? The patch refers to line 667 which has a function called nodeaccess_nodereference_field_delete_instance, but the 6.x version does not contain this function nor does it even have line 667 (the file ends on line 637).
I could try to patch only the first part (the if statement) and see if it helps.
Comment #17
drupalmeister commentedAlright, I'm glad to report that applying part of Matthew Davidson's patch did the trick.
I just implemented this part of the patch:
Basically, all this does is add
if (!$cross_access[$op])around thebreak;statement.and that was it.
Thanks so much Mathew. I really appreciate it.
I wish if you could please explain what was going wrong, and possibly if the module author can also look at this, would be real great.
Thanks again.
Comment #18
danielb commentedBasically there is some code that 'quits' the access checking when it predicts nothing more can be done. I added that just to squeeze a little more performance out of the function, but I didn't consider all the possible scenarios I guess, so that's what Matthew's if-statement improves.
I have committed this to 6.x-1.x and 7.x-1.x
Comment #19
drupalmeister commentedHi danielb,
First, thanks so so much for this great module. It's super cool.
I was wondering if after installing this patch by Matthew it's still necessary to run the
function nodeaccess_nodereference_init()code you added in this post http://drupal.org/node/1116920#comment-4506586I was wondering if both fixes are necessary or not.
Thanks a million
Comment #20
danielb commentedThanks for pointing that out. I don't know at this stage if that is unnecessary, I hope so, because using hook_init() to do anything kinda sucks.
Comment #21
mostou commentedUpdating to 6.x-1.15 solved my issue. Thanks Matthew and danielb!
Comment #22
danielb commentedI've removed the hook_init() in the git code, so this issue is now resolved.