By mdrlmg on

I've been trying to configure Drupal for a few weeks now. Its a great tool and accomplishes everything I could hope for. However, there's one issue I just can't get past (and believe it is user-error on my part).

All users besides admins are getting 'Access Denied' messages on all nodes. I have tried using 'access control' to modify/create roles and the problem persists. The problem is incredibly frustrating. I've read the forums over and over and I'm just no seeing an answer which results in a successful fix.

http://www.redlabelmusic.com
You'll likely access the home page content once, and then get 'Access Denied' messages thereafter.

Other things have I tried:

  • Going into the user_roles table and modifying the 'rid' of the '0' user to '1'.
  • Implementing the node_privacy_byrole module
  • create roles

What I am running:

  • Drupal 4.6
  • MySQL 3.23.49
  • PHP Version 4.3.6

Any help would be much appreciated!

Comments

alliax’s picture

alliax commented

What about access control ? in "administer".
There are things/rights like "access nodes" that need to be activated for anonymous users and registered users.

Are you using taxonomy-access-control module ? because I had some issues with that the first time I used it and then concluded I didn't need it that much, so I disabled it and the issues were gone.

Bye

mdrlmg’s picture

mdrlmg commented

Thanks for the tips.
Actually, I'm not using taxonomy-access-control. I'm using the default access control methods.

From 'Administer > Access Control > Access > Permissions Tabs ' I get a list of roles I have set up. They are:
"Administrator, Anonymous user, Member"

When I click on the 'roles' tab I see a list of roles I've defined myself. In addition though, I noticed Drupal makes the following statement (on that same page).

"By default, Drupal comes with two user roles:
Anonymous user: this role is used for users that don't have a user account or that are not authenticated.
Authenticated user: this role is assigned automatically to authenticated users. Most registered users will belong to this user role unless specified otherwise."

So does this mean the Anonymous user should be able to see all content but not edit?
Is there some setting I'm supposed to change to allow the Anonymous user to access content but not edit?

The issue really seems to have something to do with the my db but I can't quite figure it out.

sepeck’s picture

sepeck commented

If the allow access box in the anonymous user column for the content type you want people to view is not checked, then anonymous users will not be able to see any content.

-sp
---------
Test site...always start with a test site.
Drupal Best Practices Guide

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide

mdrlmg’s picture

mdrlmg commented

Good suggestion.

Administer > Access Control > Permissions > Anonymous User > Node Module > Access Content is Enabled.

One note: I set up a role called 'Anonymous user' as there was not one already present (even though the Drupal documentation says by default it installs Anonymous user and Authenticated user.

Do you think I missed something during my installation or have I still overlooked a admin setting?

mdrlmg’s picture

mdrlmg commented

Well I seemed to have fixed it.

  • I went back through the tables in my db to be sure all uid/rid were proper set.
  • I checked to be sure all my tables were present (who knows maybe I deleted one
  • I had preciously named my role 'Anonymous user' in access control whereas the db uid name was 'anonymous user' [lower case 'a']. I normalized the name which appeared in the Drupal access control.
  • I went back to access control and started adding basic permissions to the now correctly named anonymous user.(although the renaming of the user role could be coincidental with respect to impact on troubleshooting)

For anyone else having this problem, the change that seems to have made an affect was:
updating the Administer > Access Control > Permissions tab > Node Module >
I checked permission to both 'access content' and 'administer nodes' from the nomenclature it sounds like what I've done is given more security to the anonymous user than I'd like, but again, it seems to have fixed it?

is the 'administer nodes' permission defined somewhere? I'd like to know whether I'm only allowing Guests basic read access and not write /publish access to my site

mariagwyn’s picture

mariagwyn commented

I re-entered this as an actual issue since I am having the same problem, and am way less casual about the security issue that you seem to be. :)

See node: http://drupal.org/node/26564.

Maria

mdrlmg’s picture

mdrlmg commented

I've since learned you also need to the role "authenticated user"is case sensative. If you want to customize permissions of the default role the role name must be in lower case otherwise it won't work.

I was able to resolve all the issues I've had with user permissions including preventing spam.

I'm definitely concerned about sercurity issues since I accept payment. I think the only reason I create user issues was by not being casual about user rights.

please let me know if there's anything specific your having trouble with. I spent alot of time customizing and I'd like for my knowledge not to go to waste ;-)

mariagwyn’s picture

mariagwyn commented

I replied on the other node as well...

both the authenticated and anonymous user were created with drupal, they are locked, and they are lower case. Everything was working fine on 4.5, 4.6.0,.1, and at .2, it stopped. I can't change the case even if I wanted to as they are locked.

So, any other ideas?

Thanks,
maria