Currently biblio_access grants explicit view access to all users who are not explicitly forbidden to access it. This makes it impossible for node access modules to control access to biblio entries. I propose that access to biblio nodes should be handled in the same way as access to other nodes (see http://api.drupal.org/api/function/node_content_access/5) so that if there is no overriding reason to grant or deny access biblio_access should return NULL so that the node_grants mechanism can kick in.

The patch attached is for the DRUPAL-5 branch.

CommentFileSizeAuthor
#1 biblio.module.patch1.26 KBgustav
biblio.module.patch1.61 KBgustav

Comments

gustav’s picture

Status: Active » Needs review
StatusFileSize
new1.26 KB

Sorry, the previous patch contained some spurious code. The newly attached patch is clean.

rjerome’s picture

Status: Needs review » Fixed

Fair enough, the change has been made.

Ron.

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.