Also I have not tried this but to mention does activity respect User Relationship Node access module? Otherwords when a user selects which relationship can view the node will activity also not record it if the other user's relationship is not selected to view the node?

CommentFileSizeAuthor
#3 Empty LI6.85 KBAnonymous (not verified)
#1 nodeactivity.patch496 bytesScott Reynolds
#1 commentactivity.patch952 bytesScott Reynolds

Comments

Scott Reynolds’s picture

Scott Reynolds commented
Title: UR node access » Doesn't Respect Node Access
StatusFileSize
new commentactivity.patch952 bytes
new nodeactivity.patch496 bytes

I have two patches for nodeactivity and commentactivity that call node_access('view', $nid) in hook_activityapi(). This isn't ideal, be great if activity table had a primary_id field. THEN that could be used.

Maybe that wouldn't make it simpler.. not sure. Something to consider. But this works!

Anonymous’s picture

Anonymous (not verified) commented
Status: Active » Needs work

This needs to be a feature in the module.

I'm getting this error after patching the commentactivity contrib.

    * warning: Invalid argument supplied for foreach() in /home/mysite/public_html/modules/node/node.module on line 561.
    * warning: implode() [function.implode]: Invalid arguments passed in /home/mysite/public_html/modules/node/node.module on line 565.
    * user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 query: SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM node n INNER JOIN users u ON u.uid = n.uid INNER JOIN node_revisions r ON r.vid = n.vid WHERE in /home/mysite/public_html/includes/database.mysql.inc on line 172.

What could be causing this?

Anonymous’s picture

Anonymous (not verified) commented
StatusFileSize
new Empty LI6.85 KB

The Node Activity Patch seems to be working for the most part. However, it does still output an empty <li> see attached screenshot.

jaydub’s picture

jaydub commented

cross reference with this issue:

#230010: Check node_access permissions when displaying activity

minesota’s picture

minesota commented

Subscribed

geodaniel’s picture

geodaniel commented

subscribing

lelizondo’s picture

lelizondo commented

subscribing

jaydub’s picture

jaydub commented

Ok I think the approach the original poster took in their patch is sound. I am adding this now but it will need testing across the various activity contrib modules.

jaydub’s picture

jaydub commented

Added an access check to the display phase of the activity records. Please test out on a development snapshot (10/31 or later).

jaydub’s picture

jaydub commented
Category: support » task
jaydub’s picture

jaydub commented
Title: Doesn't Respect Node Access » Move node access checks to load instead of display
Version: 5.x-3.0-beta2 » 6.x-1.x-dev
Status: Needs work » Active

I've changed the title to reflect the current state of this task. We need to change the model for node access to act on activity load and not on display. This will require activity records to be able to store content IDs so that access checks can be made at load time.

This is likely to be a 6.2 branch feature.

merilainen’s picture

merilainen commented
Priority: Normal » Critical

I would say that this is very critical. Currently I can see all the topics of comments listed in activity from private groups for example.

I'm not familiar with views filters, but I managed to hide comments which the user didn't have access with "Node access"-filter in another view. Would it be possible to have this filter in Activity also, so that the view wouldn't list the activity if the user doesn't have access to the node? Then there should be some other way to hide them from activity/all-listing.

sirkitree’s picture

sirkitree commented
Status: Active » Closed (won't fix)

Closing. 1.x no longer supported.