Download & Extend
Search attachments » Issues

Attachments of nodes are found on which the user has no node access right

Posted by mdroste on April 23, 2008 at 4:04pm
Project:Search attachments
Version:5.x-3.0
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:active

Issue Summary

I think the reason is this Statement:

      $allowed_node_ids = array();
      $allowed_node_ids_result = db_query(db_rewrite_sql("SELECT n.nid FROM {node} n"));
      while ($allowed_node = db_fetch_object($allowed_node_ids_result)) {
        $allowed_node_ids[] = $allowed_node->nid;
      }

After that the allowed_node_ids array includes all nodes of the node table.

Am I wrong?

Login or register to post comments

Comments

#1

Posted by markj on April 23, 2008 at 4:14pm

This has been fixed in the final version of the module, which I will be releasing this weekend. Just out of curiosity, what module/method are you using to restrict access to nodes?

#2

Posted by mdroste on April 24, 2008 at 7:14am

That sounds good. I use core methods and the contentaccess module to restrict node access.

#3

Posted by markj on April 24, 2008 at 4:22pm

Actually, I am going to do some further testing with the contentaccess module. Also, by 'core methods', do you mean limiting access to specific permissions under q=admin/user/permissions?

Mark

#4

Posted by mdroste on April 28, 2008 at 10:19am

Yes, thats what I mean.