When a user on my system has a role assigned a query is rewritten (after a call to db_rewrite_sql) to be like this:
SELECT node_data_field_phonenum.field_phonenum_value AS value FROM {node} node
LEFT JOIN {content_field_phonenum} node_data_field_phonenum ON node.vid = node_data_field_phonenum.vid
INNER JOIN {node_access} na ON na.nid = node.nid
WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 2 AND na.realm = 'term_access') OR (na.gid = 4 AND na.realm = 'term_access'))) AND ( node.nid = 329 )
ORDER BY node_data_field_phonenum.delta
There are multiple rows in node_access that satisfy the query and therefore it returns twice the number of rows that exist in content_field_phonenum. For example, if content_field_phonenum has 1 row that satisfies the node.nid = 329 then 2 rows are returned from the query. That is because node_access has 2 rows that satisfy the query.
If I remove all roles for the user then the query becomes:
SELECT node_data_field_phonenum.field_phonenum_value AS value FROM {node} node
LEFT JOIN {content_field_phonenum} node_data_field_phonenum ON node.vid = node_data_field_phonenum.vid
INNER JOIN {node_access} na ON na.nid = node.nid
WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 2 AND na.realm = 'term_access'))) AND ( node.nid = 329 )
ORDER BY node_data_field_phonenum.delta
and only 1 row in node_access satisfies that query.
Is something configured wrong, or is this a bug in nodeaccess or some other module.
Comments
Comment #1
Anonymous (not verified) commentedThe query you are referring to is generated by drupal's node module, not the nodeaccess module. However, I don't think this is really an issue. Drupal's access control system works on a grant only basis, that is, you can only grant access and not deny it. Because of this, all drupal cares about is whether any access control module grants at least 1 access. If it does, access is granted. It does not matter if one module, or multiple modules, grant access multiple times and it's quite common for that to happen. If drupal had a system where modules could deny access as well this might be an issue, but as it is this is just kind of the way things work.
Comment #2
mantyla commented