Bug in Drupal Core 6.2 silently disables half of the node access mechanism
netpat - April 13, 2008 - 17:53
| Project: | Forum Access |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
Compared to the D5 version, I don't see any difference when I toggle the permissions of "Edit posts" or "Delete posts" in D6. D6 is using the information of "User management -> Permissions" which has been enhanced in D6 but Forum Access does not overwriting these permissions.
Additionally if I add moderators, I don't see more permissions for them. Maybe I overlooked something and I am happy for any hint.
#1
There are not supposed to be any differences between the D5 and D6 versions.
FA has nothing to do with permissions.
Follow the directions that were displayed when you created the issue, create a post and look at the node_access entries to see what FA is doing.
#2
Sorry about that. Here more details:
The following data has been catched in a forumboard where I have activated all access-options in FA for authenticated user:
node realm gid view update delete explainedTest 2 forum_access 1 1 0 0 anonymous user
Test 2 forum_access 2 1 1 1 authenticated user
But an authenticated user cannot edit or delete a message before I haven't activated "edit/delete any forum topic" under the D6 permissions. On the other way when I deny access in FA, the authenticated user can still edit / delete messages except I adjust the D6 permissions. It looks like these FA settings will be overwritten by the D6 internal permissions.
BTW: View and Create is working as expected.
BTW2: Thanks for the great modules.
#3
Thank you for completing the picture. This is actually a bug in core.
See #153998: Inconsistent permissions in forum, poll and blog modules and try the patch in #91.
#4
Thank you... great work. With your patch it seems to work.
Let's say when I don't use "Edit posts" and "Delete posts" then I don't need the core patch or even then it is suggested?
As a result of my tests I assume, that the moderators-feature is "only" permitting common access (view) to the forum. If a moderator can edit or delete posts has to be defined in the core permissions?
#5
Well, it's a bug in core and it should be committed at some point. Node access control is just not working without it.
The moderator should have full access without needing any permissions at all, and it works for me (with the core patch). Does it not work for you?
If you want to investigate further, install the devel_node_access patch in http://drupal.org/node/241060#comment-797217 and you'll see much more detail about what's going on.
#6
It turns out there were dumb bugs in my patch. Please undo the patch in $91 and apply this one: http://drupal.org/node/153998#comment-812767
#7
The patch is in #153998: Inconsistent permissions in forum, poll and blog modules #93 (or later).
Please review and comment, so the patch can get committed.
#8
I found out that the moderator-feature is working when I rebuild the permissions after adding a moderator. Otherwise only newer messages created after defining the moderator(s) are working as supposed.
Thanks for your great support. Together with your core-patch it seems to work as it should.
#9
Yes, the need to manually rebuild the permissions to enable the moderator for pre-existing nodes is a left-over from the D5 version that I will remove before releasing 6.x-1.0.
Thanks for your help with this!
#10
I leave this open as a signpost until Drupal 6.3 is out.
#11
subscribing