I have just upgraded from 6.x to 7.12 (and now to 7.14). I have a navigation block displaying the 'create content' links which are visible to anonymous users who do not have permissions to create content. Furthermore, it seems that the links can be used to actually create content. Only when the content is submitted, the access denied message is shown. So there is no real threat, but I do not think this is built as designed.

I have already rebuild the OG permissions to no avail. Is there something I am overlooking?

Comments

edvanleeuwen’s picture

edvanleeuwen
Primary language Dutch
Location Waalwijk
commented

I have removed all permissions, but for displaying the site's content. Then, it is still possible to go to /node/add/story as an un-authorized user and add a story.

Only when I remove the option to display content, the user gets an access denied.

edvanleeuwen’s picture

edvanleeuwen
Primary language Dutch
Location Waalwijk
commented
Status: Active » Closed (works as designed)

It seems that this is caused by OG (http://drupal.org/node/1516234). Closing this.