I searched and didn't found anything similar, I might be wrong about this.

I have a node that has no permission for any role at all ( I have only the two default roles - anon and authorized ), what I am intended to do is to leave the node private to the owner and not to anybody else.

This works great at first, but when I enable the "administer node" settings on the access control, the authorized role gets access to view that node that has no "view permission" to any role.

Hope if this helps!

Comments

ankur’s picture

ankur commented

The "administer nodes" permission is intended to grant people the right to do anything to any node on the site. It overrides the permissions that are set by node_privacy_byrole.

If, with NPBR settings, all roles are barred from viewing permissions AND "administer nodes" permission is not granted to any user, only 2 people will be able to view the node: user 1 and the creator of the node (unless the creator of the node was anonymous, in which case only user 1 will have access to it).

However, I am unclear as to what you want to achieve. It sounds like you want roles with the "administer nodes" permissions to NOT be allowed to change the permissions on each node's edit page... Is that correct?

-Ankur

hanoii’s picture

hanoii
Primary language Spanish
Location 🇦🇷UTC-3
commented

More or less. I saw that behaviour almost by accident. I will try to be more clear :)

What I wanted to do exactly, and that's why I messed up with those permissions, is because I want the node to be viewed and edited only by the creator (an authenticated role user), besides user 1 of course, but also gives this user the ability to administer the node options (only available to roles with the "administer node" access , thus, allowing it to be promoted to the front page, to be published, to create new revision, etc.

I thought that your modules overrides the basic "administer node" access and now a role can administer the node if it has your module edit attribute.

I have done some more tests, and I think I unsertand my missunderstanding :)

Without the NPBR module, an "administer node" access to a role would permit, as you said, do anything with the node, edit, and set those options I specified before.

However, with the NPBR module enable, with an edit permission on a node without the "administer node" access would let the role edit the node but not edit those options, is like now a node may be editable by a node without being administered.

I think that your module should have more priority when deciding the user access, I am not sure if that can be done, or it's easy or I am still missing some points here.

As another example I did the following test:
- "administer node" access enabled
- NPBR edit setting disabled on q=node/1234 for instance

This case would be also desirable, to let a role administer nodes but not let that role not edit that specific node (1234).

Was I any clearer?

ankur’s picture

ankur commented

Implementing such a change would require a change to drupal core. Furthermore, the "administer nodes" permission is intended to allow people the right to do whatever they want with a node on a site-wide basis.

Leaving 'active' for now until I found out if more people want it... For now, if you're interested in a hack that will make the module work the way you want, I would suggest the following:

Open up the file "node.module" and find the function node_access() and change the lines that read:

  if (user_access('administer nodes')) {
    return TRUE;
  }

so that the lines are commented out and the final version reads

//  if (user_access('administer nodes')) {
//    return TRUE;
//  }

However, I must warn you in advance, that I cannot guarantee this hack and support for debugging will likely not be available here or anywhere else on drupal.org.

If you really want it, I suggest you test out the hack above before actually using it just to make sure it does what you want without any strange side-effects.

-Ankur

ankur’s picture

ankur commented