Jump to:
| Project: | Taxonomy Access Control |
| Version: | 5.x-1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
| Issue tags: | term_node_ |
Issue Summary
TAC seems to filter out vocabularies from taxonomy_get_vocabularies that the user has no permission for, by adding a WHERE clause in taxonomy_access_db_rewrite_sql. Though this seems ok, it is not so nice in the following situation:
Say, i have a view with an exposed filter I can use to filter the nodes by a taxonomy term (a1, a2, ...) from vocabulary A. Now, the view itself is accessible by all roles, even if the taxonomy terms (a1, a2, ...) are not viewable/listable/...
If the view is accessed by a role that doesn't have any permissions to see/list/whatever of the taxonomy terms, then taxonomy_get_vocabularies will fail to the vocabulary in question.
This, in turn, causes the view to freak out, since it needs information about the vocabulary to build its page (that exposed filter, ...) But it is not available. So it does the next best thing, and that's to use default values/functions. But that only causes an SQL error like this:
* user warning: You have an error in your SQL syntax near 'IN ('63')) ) ' at line 1 query: SELECT count( DISTINCT(node.nid)) FROM node node INNER JOIN node_access na ON na.nid = node.nid WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 1 AND na.realm = 'term_access'))) AND ( (node.status = '1') AND (node.type IN ('image')) AND (.tid IN ('63')) ) in drupal/includes/database.mysql.inc on line 172.
* user warning: You have an error in your SQL syntax near 'IN ('63')) ) ORDER BY node.nid ASC LIMIT 0, 1' at line 1 query: SELECT DISTINCT(node.nid) FROM node node INNER JOIN node_access na ON na.nid = node.nid WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 1 AND na.realm = 'term_access'))) AND ( (node.status = '1') AND (node.type IN ('image')) AND (.tid IN ('63')) ) ORDER BY node.nid ASC LIMIT 0, 1 in drupal/includes/database.mysql.inc on line 172.
* warning: Invalid argument supplied for foreach() in drupal/includes/form.inc on line 948.
As you can see, that's not so nice.
So, my question is. What can be done about this? What happens if taxonomy_get_vocabularies would not get filtered?
Cheers,
Bramz
Comments
#1
also interested in this....
#2
Also got caught by this in the following way:
I had all terms in a taxonomy set to Deny, Deny, Deny, No-create, No-list for anonymous users, to hide the nodes from them. Other user roles had different settings.
All was fine until the occurrence of the CRON expiring the cache_views entries. The very next user who accesses the login page caused the views_table cache to be built missing one or more vocabularies. Any query run after this by any user that needs that vocabulary as a field will trigger an SQL error.
This is a direct result of taxonomy_access_db_rewrite_sql, putting a where clause into a query which builds the taxonomy tables cache.
I managed to fix it by setting the permissions to Deny, Ignore, Ignore, Create, List. This has the same effect as before in preventing anonymous users from seeing these nodes.
I am wondering if there should be a condition on this function to make sure that the SQL being rewritten is not one that will end up in the cache.
#3
Need to test whether this issue exists in the 5.x-2.x and 6.x branches.
#4
Closing 5.x issues. Please open a new issue if you encounter this problem in a current (6.x) release of TAC.