Anonymous users are able to create content (Beta=>3.x stable upgrades only)

i just updated from beta2 to beta3 in hope of having this issue fixed but sadly it's still there. it's only disabled when 'View published content' is turned off. but i want visitors to read the posts.

any suggestions?

sorry

I'm not able to reproduce this. Does it happen on a fresh install of Beta3?

No, not on a fresh install beta3. It was an "update" from beta2 - i only did a manual update because there seems like a problem in updating Commons with drush (i think Commons cannot locate the internal modules directory).

Maybe I should try doing fresh install just to see the difference. But I have done alot already to start anew. In that case, how should we fix it? Any suggestions? I already rebuilt permissions, did a lot of running cron and clearing cache but still not fixed.

Here's a screenshot:
http://screencast.com/t/B2QZUXDwHcmb

Thanks!

I had this issue in beta3 and have it now too (after upgrade). Anonymous users CAN'T access the /groups page, but can access group nodes and both create and edit ANY content.

Worse yet, anonymous user sees the "Unsubscribe from group" link in the groups pages (why is it subscribed?). If I hit the unsubscribe link then I can't create or edit content, except the wikis, and after editing a wiki then I'm again subscribed to the group it belongs to.

i just upgraded to the final release (3.0) from beta3, applied all database updates but STILL get the same problem.

like you recommended, i installed a fresh final release of Commons and investigated both sites' node access (ss below showing DNA info of one of the pre-created event/s "Ribfest Boston 2013") using Devel NA and i found this:

fresh install - http://screencast.com/t/KROw5Vrz1V
upgraded - http://screencast.com/t/fWrV11t4yZ

i still get the same even after i adjusted the permissions (og and general) of upgraded, making it the same with the fresh install.

when hovering the "YES: by og" on DNA table of upgraded site it says "YES: hook_node_access of the ff module(s) allows this: OG". I manually checked the database but found nothing wrong.

can you please help me? thanks!

PS - the final release was really COOL - lost of CSS fixes and additions! thanks!

for now used hook_node_access()

Trying to reproduce now. To be clear, this bug does not occur on fresh installs.

We've committed to having an upgrade path from stock Beta2 to 3.0, but any additional modules installed could cause issues with this upgrade path.
I'm currently looking at the Beta2 -> Beta3 -> 3.0 upgrade path and will report back.

For some reason, anonymous users can be considered members of a group, even though they aren't showing up as such in the database. I added an additional check specifically for anonymous users to make sure that unless they have 'create X content' permission enabled, they cannot make a post.

Fixed in this commit, it should force permissions on anonymous users:
http://drupalcode.org/project/commons_groups.git/commit/f3a58c1

Looks good to me! the update will run again, since we've moved which install file it is in.. but all that'll do is reset the name. It could be annoying if anyone changed the 'Organizer' role to be something else, but thats a really small edge case.