I am running a blog and photo-sharing site where I want users to be able to choose whether or not a post they make is available to anonymous users by choosing a category, "Public", or leaving it blank "". It is working great for the blogs, but some funny things are happening for acidfree albums.

When no access has been given (and "access node content" turned off in Admin>>User Management>>Access control) anonymous users get access denied messages except for albums where I have entered a GMap location (I am using the GMap module). If a location is entered, anonymous users can see the address and access the Google maps link and a note that says "This album is empty" (there are actually contents).

The same thing happens if the album, images in the album, or both together has the category set to "Public". Anonymous users cannot access images. They can access blogs when the blog category is set to "Public".

If I set the Acidfree album category to be visible to anonymous users, for albums with a GMap location anonymous users see the address and note of "This album is empty" as above. However, if I click on the "List" tab that Acidfree provides, I see all items in the album, whether they are set to public or not. For albums with no GMap location, anonymous users get a simple "Access Denied" message and see no content. If I turn off the GMap module, even if categories have been selected to be available to anonymous users, they get "Access denied" (there is no "List" tab to click).

I realize that the GMap problem may be an issue for that module, but still, I am wondering if it is possible to give anonymous users access to acidfree images when "access node content" permissions are not granted.

Thank you very much, and thank you for this wonderful module.

Comments

Dave Cohen’s picture

Dave Cohen commented

I think you should submit concise, easy to reproduce descriptions to the gmap and acidfree module. I don't think there's anything tac_lite can do to help. I also recommend you install the devel_node_access module (in the devel module).

Drupal access control is tricky. In general, access is denied to any node unless something explicitly grants the permission. It sounds like these modules are implementing hook_access, and either returning true when they shouldn't, or returning false when they should return null.

And the acidfree list tab may be doing a query without wrapping it in db_rewrite_sql. tac_lite has no effect when that happens.

Dave Cohen’s picture

Dave Cohen commented
Status: Active » Closed (won't fix)

I'm cleaning out old issues today.