Closed (fixed)
Project:
Forum Access
Version:
5.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
2 Apr 2007 at 22:45 UTC
Updated:
27 Nov 2007 at 22:51 UTC
I have forum_access operating and it is stopping access to the forum (itself). However, anyone going to the node url can see the posts without problem. Have I set something up incorrectly? I seem to have all the "access control" checkboxes correct.
Thanks for your help.
Comments
Comment #1
Gman commentedI believe you have a setting misconfigured.
On the forum admin page, admin/content/forum, you can edit forums and containers. The only way I was able to recreate your issue was to NOT SET the 'container' permissions View this forum: for a role (anonymous in my test), but to leave SET the 'forum' permissions View this forum:.
This will deny viewing container from the high level forums page, but allow access to an individual nodes in a 'viewable' forum, as well as allow viewing the forum in you enter the forum url, like forum/11.
To fix this just edit the forum you want to deny access to and edit the permissions appropriately.
Comment #2
kiz_0987 commentedI found out that this was in fact due to using simple_access, which seems to stop the private forums operating.
Comment #3
lanny heidbreder commentedThere's definitely a bug here somewhere. I came to report the same issue. People with roles COMPLETELY UNRELATED to the ones granted access via forum_access were able to see restricted posts, even though the forums were hidden. But once I touched the forum settings after seeing your post above, Gman, the problem went away and won't return. I HATE bugs like this.
Comment #4
lanny heidbreder commentedAnd I'm not using any other access control modules, btw.
Comment #5
lanny heidbreder commentedheh, I didn't read the little note under the title field. Sorry for name change.
Comment #6
gypsymanz commentedI had similar issues and suspect it may have been the ALC module not being fully compatible with a shared sequences table.
See http://drupal.org/node/168750
Keith
Comment #7
salvisI'm very interested in this issue. Can you walk me through recreating the bug? If you can, I'll create a patch — I can't promise that merlin will commit it though...
But you need to upgrade to ACL 5.x-1.4 first, because the older versions are known to cause problems for Forum Access! I cannot see anything in ACL 5.x-1.4 that could cause problems with shared tables.
Comment #8
gypsymanz commentedACL module is version 5.x-1.4 and I have various tables shared to share users between 5 sites, in the sequences table the name fields entries are normally $db_prefix_bla_bla but the acl sequences entry is just acl_id no $db_prefix.
This would imply that the one entry is then shared across all sites but the acl tables them selves are created correctly with $db_prefix so individual to each site.
I suspect that in setting up another site on the data base acl_id got reset causing duplicate acl_id's in the alc table.
I hope this helps
Keith
drupal 5.2 acl 5.x-1.4 forum access 5.x-1.7
Comment #9
salvisThanks. I've posted a patch for the ACL issue in http://drupal.org/node/168750.
I haven't found anything that would point to a connection between the ACL issue and the one here. Sharing a single sequence among different $db_prefixes should not be a problem, but the standard seems to be to make it depend on the $db_prefix.
Please try out the patch (but not on a live site!). Based on your description you won't be able to tell for sure whether this has helped, but I'd still like to know at least, whether the patch had the desired effect for you.
Please note that even if the patch works correctly, if merlin won't commit it, you'll have to manually reverse its effect and ensure that the sequence proceeds with the correct value! Otherwise you'll end up with duplicate acl_ids!
P.S. Since you mention the sequences table, I'm assuming you're using MySQL, right?
Comment #10
gypsymanz commentedGreat work on the patch it works a treat.
You were right though it wasn't causing the issues with nodes not being restricted, that was my own dumb fault. I am using the node access module to control access by role and content type and had the setting wrong for forum content type, so node access was over-riding forum access. It would be interesting to know if the others who had similar issues were using multiple access control type modules.
Thanks for your help and patients,
Keith
Comment #11
gypsymanz commentedBTW
Yes I am using mysql
Also I removed all of acl and forum access as I already had duplicate acl_id's in the alc table, then reloaded both modules.
Keith
Comment #12
salvisThanks for following through.
So, everyone who has reported this bug, has backed out (#3 remains suspicious but cannot reproduce it anymore). Can we close it?
Comment #13
merlinofchaos commentedNot until the fix is committed to acl.module which I haven't had time to do yet.
Comment #14
sambtaylor commentedI'm not sure if my problem is the same as any of those previously reported. I have links to specific container pages that highlight different kinds of forums. They are filed at forum/7 and forum/8. Even though access controls are set to allow everyone to access all forum content, and even though the forums themselves can be accessed (both the individual forum and the master list of all containers and forums), these container pages can not be accessed by authorized users or anonymous (though they can by admin). It seems like these pages are not in the regular checks of the system and are being auto default set to not allow access except to administrators. Is this a new problem and is it addressed in the patch?
For the moment, I am simply not using Forum Accees to avoid this problem, though I would like to use it. Any thoughts? Thanks.
Comment #15
salvisIndeed, your isssue seems to be about forum containers rather than nodes, and about them being unwantedly restricted rather than not being restricted — quite the opposite of what this thread is about. Please open a new issue for new issues; it's generally easier to deal with duplicate issues than with chaotic threads. So, when in doubt, open a new issue.
Have you set the Access Control on admin/content/forum/edit/container/7 as desired?
Comment #16
jarea commentedI am running ACL and Forum Access and no other access modules. Containers all have appropriate access restrictions established. Forums are secured and unauthorized users cannot see prohibited posts or containers. However when I use (core) search, search results will show restricted forum nodes and they are readable by unauthorized users.
I am running ACL 5.x-1.4 and Forum Access 5.x-1.7
I have not applied the patch referenced in 168750.
Comment #17
jarea commentedI am running Drupal 5.1 in production and 5.2 in test. Just discovered that the search appears to correctly block restricted nodes in 5.2 but not in 5.1.
Comment #18
jarea commentedSorry - retract that last statement - 5.2 is showing restricted nodes.
Comment #19
jarea commentedEveryone is going to think that I am a real doofus, but I am retracting the retraction and confirming that 5.1 displays restricted nodes and 5.2 does not display restricted nodes. The reason for the original retraction was that I had a book node that looked almost identical to a restricted forum node and I mistakenly thought that a restricted node was being displayed.
Sorry for the confusion.
Comment #20
rick hood commentedI have a related but different problem. I don't want anonymous users to see the Forums page at all (/forum) but they can see it (with "No forums defined" message), and the menu item I have pointed to it (in primary links) also shows up. Any ideas would be appreciated.
Comment #21
rick hood commentedUpdate: I ended up hacking the Forum module to change hook_access and hook_perm to get rid of the Forum menu for anonymous users - though forum posts still show up in anonymous user search results (not sure how to fix that). If better ideas, would appreciate input.
Comment #22
salvisWhy does everyone think that this is the ideal thread for attaching different problems?
There exists a contrib module that lets you deny access based on the path.
Re. search issue: If you're still using Drupal 5.1 then try updating to 5.2 (or better 5.3). I seem to remember that this solved a similar problem.
Comment #23
salvisThe fix to the ACL issue http://drupal.org/node/168750, which resulted from this thread, has been committed.
Comment #24
(not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.
Comment #25
njehlen commentedOne more note on the topic, since this was where I went to find a solution to this problem.
In my case, I had installed Forum Access a while back, then turned it off, then recently turned it back on (after there have been too many changes to the site to mention). Forum containers were restricted just fine, but node/### would allow access to individual posts.
The problem turned out to be that when I looked at the restrictions I had for each forum, they were already set to what I wanted, so I just left them. I went back and resubmitted each one, and now it works like a charm.
So - if you're seeing nodes, try resubmitting the forum access restrictions.