We are running Drupal 5.2 and have the private module installed, to allow content authors only to see their content. When checking content as private, the padlock appears but the content is still accessible by non-logged in users. Playing with settings in Access Control seems to have no affect, we actually have all access switched off, but the problem persists. Please let me know if there is a fix on this?

thanks

kfm

Comments

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Status: Active » Postponed (maintainer needs more info)

Are you using any other node access modules?

Maybe you need to rebuilt the grants table and clear the page_cache after changing the permissions?

dugh’s picture

dugh commented

I see the same problem.

I see the padlock but the public can still see the post.

I am using organic groups, which gives a 'public' checkbox on content (checked by default). I haven't tested unchecking public and checking private, but I'd prefer not to make my users have to check one box and uncheck another to do one thing.

kungfumaster’s picture

kungfumaster commented

Sorry for the slow reply. We tried to find the problem but failed. I moved to using Private Node module with Buddylist to solve this.

vpoma’s picture

vpoma commented
Status: Postponed (maintainer needs more info) » Active

Hi,
I have the same problem.
Installed Private module, create a new content, set it as "private", publicated it.
But... any user can view it!

I haven't OG installed, I have nodeaccess and taxonomy access control installed.

What happens???

mstef’s picture

mstef commented

No way to set the weight for this module? I'm using content_access and node_reference_user_access which is making this module featureless.

jshuster@drupal.org’s picture

jshuster@drupal.org commented
Status: Active » Postponed (maintainer needs more info)

To expand on greggles' point in #1 above:

In general, you shouldn't use more than one node access module at a time. The reason is that in Drupal, nodes are open to the public by default, and node access modules work by overriding that to deny access.

When more than one node access module is active, one module might deny access to a node, only to have access granted by another node access module. This is well documented; poke around this site and you'll find a number of good discussions of whether or not Drupal should work like this or not -- but in the meantime, this is how Drupal works.

So if you're running Private along with content_access, node_reference_user_access, node_access, taxonomy_node_access, organic_groups_access_control, etc., etc., you're going to get unpredictable results. Changing module weights won't help this; all that means is that access is going to be set and unset unpredictably in a different order.

The solution is to only use one node access module. There are many out there, each written to cover the needs of specific situations. Pick the simplest one that meets your needs.

Please don't let the patch at http://drupal.org/node/425904 confuse you. This patch allows the Private and Organic Groups access control modules to work together, and this is an exception to the rule. This patch works only because there's a clear boundary between the scope of the two modules: if a node is in a group, then Organic Groups sets its access permissions; if a node is outside a group, then Private sets its access permissions.

By the way, the "grants table" holds data that defines who gets access to which nodes. If node access isn't working right, try rebuilding this table. You do this under Administration>Content>Post Settings (in 6; it's similarly labeled in Drupal 5). This can take a while on large sites; if you have a lot of traffic, it's a good idea to put your site into maintenance mode first.

adamps’s picture

adamps commented
Issue summary: View changes
Status: Postponed (maintainer needs more info) » Closed (outdated)

Tidying up ancient D5 support request.