I don't understand the following code:

if (!isset($machine_name)) {
  $query->leftJoin('private_vocabularies', 'pv', 'base.vid = pv.vid');
  $query->condition('pv.private', 1);
  return;
}

should it not rather be the following ?:

if (!isset($machine_name)) {
  $query->leftJoin('private_vocabularies', 'pv', 'base.vid = pv.vid');
  $query->condition('pv.private', 0);
  return;
}

In any case, concervant the original code, I have problems with particular advanced_forum: can not get used to the vocabulary forum.

By replacing

  $query->condition('pv.private', 1);

everything works!

Comments

trobey’s picture

trobey commented

This appears to be code from the private_taxonomy_query_taxonomy_vocabulary_load_multiple_alter($query). First, the code you are showing appears twice in this function so I am not sure which one it is. This function starts with:

if (!user_access('administer taxonomy')) {

So this only does anything if a user does not have the 'administer taxonomy' permission. The private column of the private_vocabularies table is set to 0 if the vocabulary is not private and set to 1 if it is private. It is also possible that a vocabulary that is not private is not in this table. So the condition:

$query->leftJoin('private_vocabularies', 'pv', 'base.vid = pv.vid');
$query->condition('pv.private', 1);

says to grant access to loading a private vocabulary for a user that does not have the 'administer taxonomy' permission. For example, a user with the 'administer own taxonomy' would need to load a private vocabulary but should not need to load non-private vocabularies. If you change it to 0 then it grants access to loading non-private vocabularies if they happen to appear in the private_vocabularies table.

The query alter functions are useful for restricting access and implementing new permissions but the drawback is that any module can issue a query and altering them all may not be appropriate or the query may not be well designed. So perhaps it would be useful to understand your particular problem, which modules you are using and where the problem occurs.

trobey’s picture

trobey commented
Category: support » bug

There is not enough of a description of the actual problem for me to reproduce it but I took a stab in the dark to try to fix it. The user that does not have 'administer vocabularies and terms' permission had the vocabularies at administer/structur/taxonomy restricted by using private_taxonomy_query_taxonomy_vocabulary_load_multiple_alter(). I switched to restricting the access in a form_alter instead in case there is code somewhere that calls the function above for a user without the 'administer vocabularies and terms' permission. Please test and see if that fixes your problem since I cannot reproduce it.

trobey’s picture

trobey commented
Status: Active » Needs review
trobey’s picture

trobey commented
Status: Needs review » Closed (fixed)