Attachments of nodes are found on which the user has no node access right
mdroste - April 23, 2008 - 16:04
| Project: | Search attachments |
| Version: | 5.x-3.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
I think the reason is this Statement:
$allowed_node_ids = array();
$allowed_node_ids_result = db_query(db_rewrite_sql("SELECT n.nid FROM {node} n"));
while ($allowed_node = db_fetch_object($allowed_node_ids_result)) {
$allowed_node_ids[] = $allowed_node->nid;
}After that the allowed_node_ids array includes all nodes of the node table.
Am I wrong?
#1
This has been fixed in the final version of the module, which I will be releasing this weekend. Just out of curiosity, what module/method are you using to restrict access to nodes?
#2
That sounds good. I use core methods and the contentaccess module to restrict node access.
#3
Actually, I am going to do some further testing with the contentaccess module. Also, by 'core methods', do you mean limiting access to specific permissions under q=admin/user/permissions?
Mark
#4
Yes, thats what I mean.