When I set the "Default Front Page" setting to "node", it displays content from all sites. It would be nice if it only displayed content for the local site.

Comments

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

Are you viewing that page as a user with the "administer nodes" permission?

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Category: feature » support
wayland76’s picture

wayland76 commented

Yes.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Active » Closed (fixed)

Node access rules do not apply to users with 'administer nodes' permissions. There is nothing that can be done about that.

Please read the documentation. Particularly, sections 3.4 and 5.5

----
3.4 Limitations

Due to the way node_access() works, the following limitations should be noted.

  - Any node that is assigned to more than one subdomain can be edited
    by any editor who belongs to one of the subdomains.

  - Users who look at the sites and have the 'administer nodes' permission 
    can always see all content on all sites, which can be confusing.  This is 
    unavoidable.  It is best to preview your site as an anonymous or 
    authenticated user who does not have special permissions.
    
  - Users who have the 'edit TYPE nodes' permission will be able to edit nodes
    that do not belong to their subdomain.
    
These limitations are due to the permissive nature of node_access().  If any 
access rule grants you permission, it cannot be taken away.

This is a core Drupal behavior. For technical reference, see http://api.drupal.org/api/function/node_access/5. Especially the lines:

  if (user_access('administer nodes')) {
    return TRUE;
  }

That overrides any other setting and grants access to users with 'administer nodes.'

wayland76’s picture

wayland76 commented
wayland76’s picture

wayland76 commented

Thanks for the detailed explanation. I was hoping to get back to further testing on this before you responded.

I've discovered that, even as an anonymous user, I still have the same problem.

I seem to recall that this worked with the multidomain module (which supposedly has some of the same functionality as yours, but unfortunately is not maintained). I have a lurking suspicion that the relevant piece of code is the function titled "multidomain_db_rewrite_sql", in particular the lines that read:

$return['join'] = 'INNER JOIN {term_node} multidomain_tn ON multidomain_tn.nid = '. $primary_table .'.nid';
$return['where'] = 'multidomain_tn.tid = '. $domain['tid'];

HTH,

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Closed (fixed) » Postponed (maintainer needs more info)

Do you still have MultiDomain turned on?

It may be that MultiDomain is granting node access, which would account for the behavior. Unless you applied the "multiple node access" patch and expecitly set Domain Access to use the "AND logic" if one node access module grants access, it cannot be removed.

wayland76’s picture

wayland76 commented

No, multidomain is turned off. And in re-reading my comment, i can see that it doesn't say at all what I wanted to say. So I'll try again, and maybe I'll write something sensible this time.

I suspect that it would be possible to overcome the limitation that you've listed as the second one there (about being able to see all content on all domains). The way I think this might be alterable is by code similar to that mentioned in my previous comment.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Postponed (maintainer needs more info) » Closed (works as designed)

Possibly. But that is not what is currently implemented, and it's too late to change before the first release.

After looking at the code, I believe -- but could be wrong -- that multidomain can do this because it uses taxonomy terms to store its data. Therefore it can add a JOIN to the {term_node} table to any node query.

But for node_access modules, the queries already get run through {node} and {node_access}, so you'd have to test if and where the JOIN syntax could be applied.

OG, for example, only uses db_rewrite_sql() in cases where external modules want to load nodes based on OG groups. The module itself relies on {node_access}.

My opinion is that this is a limitation of the current node_access system. You could try implementing hook_db_rewrite_sql(). http://api.drupal.org/api/function/hook_db_rewrite_sql/5. Perhaps something like this would work:

function domain_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  global $_domain;
  switch ($primary_field) {
    case 'nid':
      // this query deals with node objects
      $return = array();
      $return['join'] = "LEFT JOIN {domain_access} da ON $primary_table.nid = da.nid";
      $return['where'] = '((da.realm = 'domain_id' AND da.gid = '. $_domain['domain_id'] .') OR da.realm = 'domain_site)';
      return $return;
      break;
  }
}

You might try pasting that into the module and seeing what happens. Use the Devel module to show the queries that result.

wayland76’s picture

wayland76 commented

Bewdy, mate! Works a treat :).

In case you're intending to use the code (or if anyone else is), the "where" line needs changing to:

      $return['where'] = "((domain_access_da.realm = 'domain_id' AND domain_access_da.gid = ". $_domain['domain_id'] .") OR domain_access_da.realm = 'domain_site')";

You'll notice the changed quotation marks.

wayland76’s picture

wayland76 commented

I particularly like this solution, as it also means that the XML sitemap module doesn't produce duplicate content (well, once XML sitemap is patched to work with multiple domains :) ). I know that any changes won't make it into the first release, but is there anything else that needs to happen to get this patch into the CVS HEAD for the next release? I can turn it into a CVS patch if that makes a difference to you. Hmm. You'll probably want it to be optional, controlled from the admin panel, right?

Thanks a lot for this -- it solved all the final problems before I can start focussing on the content of my site instead of the setup.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

XML sitemap should not produce duplicate content. Install the 'custom_url' patch and code. Then add 'xmlsitemap' to the 'special page requests' setting.

Note that this issue no longer appears on my radar, so you'll need to open new issues.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Category: support » feature
Status: Closed (works as designed) » Postponed

Here's a proper version of the function:

function domain_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  // Only run for users with special privileges.
  if (user_access('administer nodes')) {
    global $_domain;
    switch ($primary_field) {
      case 'nid':
        // This query deals with node objects
        $return = array();
        $return['join'] = "LEFT JOIN {domain_access} da ON $primary_table.nid = da.nid";
        $return['where'] = "((da.realm = 'domain_id' AND da.gid = ". $_domain['domain_id'] .") OR da.realm = 'domain_site')";
        return $return;
        break;
    }
  }
}

Ideally, this would then have a module setting, enabling the if to include:

&& variable_get('domain_disable_admin_nodes', 0) == 1
wayland76’s picture

wayland76 commented

Ok -- as I said, it's all working just the way I want, so I'm in no hurry of any sort :). I should also point out (in case anyone else is trying to use the code that I pasted in) that I used "domain_access_da" instead of just da in the join part. This is because the Multidomain module used "tn" as an alias, and so did another one (XML Sitemap, maybe?), and there were errors all over the place. So now I'm careful about trying to get unique table alises.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

I am a little unsure about how table prefixing might affect what you wrote, and since da was still used in the [JOIN]. Here's some compromise code.

function domain_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  // Only run for users with special privileges.
  if (user_access('administer nodes')) {
    global $_domain;
    switch ($primary_field) {
      case 'nid':
        // This query deals with node objects
        $return = array();
        $return['join'] = "LEFT JOIN {domain_access} dac ON $primary_table.nid = dac.nid";
        $return['where'] = "((dac.realm = 'domain_id' AND dac.gid = ". $_domain['domain_id'] .") OR dac.realm = 'domain_site')";
        return $return;
        break;
    }
  }
}
agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Category: feature » support
Status: Postponed » Closed (works as designed)