I've set up Forum Access to control access to some forums such that anonymous users do not have view, post, edit or delete access to those forums. The role is blocked as expected for posting. However, after a topic has been created by a user in an allowed role, that topic and its comments are viewable by the restricted role by typing in the url, and they are also able to post comments.

Anonymous users (i.e. the role that I am trying to use Forum Access module to restrict) have the access content permission in the node module, because they need to be able to see other content on the site. I think this is why they are able to see forum topics after the topics have been created. I thought Forum Access module should either override or bypass that setting? Even then, the access content permission does not explain why they are able to post comments in restricted forums! Or does it?

Have I set something up wrong?

I've got:
Drupal 5.7
ACL 5.x-1.6
Forum Access 5.x-1.10

Thanks for your help.

Comments

salvis’s picture

salvis
he/his
commented
Status: Active » Postponed (maintainer needs more info)

Please follow the directions that were displayed when you created this issue.

logicexpertise’s picture

logicexpertise commented

Here's the output from the devel module.

node			realm				gid	view	update	delete	explained
Parkwood Fuel	all				0	1	0	0	All users may view this node.
Parkwood Fuel	workflow_access		1	1	0	0	
Parkwood Fuel	forum_access			2	1	0	0	authenticated user
Parkwood Fuel	workflow_access		2	1	0	0	
Parkwood Fuel	content_access_rid		3	0	1	1	
Parkwood Fuel	forum_access			3	1	1	1	parkwood administrator
Parkwood Fuel	workflow_access		3	1	1	1	
Parkwood Fuel	workflow_access_owner	3	1	0	0	
Parkwood Fuel	forum_access			4	1	0	0	distributor
Parkwood Fuel	workflow_access		4	1	0	0	
Parkwood Fuel	acl				5	1	1	1	forum_access/4: parkadmin, parkadmin2
Parkwood Fuel	content_access_rid		6	0	1	1

Forum Access appears to be restricting access to the node, but node access seems to be granting access (in the all realm), effectively overriding the permissions set by Forum Access (and other modules). Also, although update access is disabled in the all realm, anonymous users are able to reply to forum posts on the site. Is any of this normal?

Thanks.

salvis’s picture

salvis
he/his
commented

Unfortunately, content_access and workflow don't explain their GIDs, so it's hard to tell what they're really doing. Consider posting feature requests in their queues to implement hook_node_access_explain() and explain what their grants do (or more specifically, what users/roles/whatever they apply to).

Please update Forum Access to 5.x-1.x-dev. It will give you additional information specific to Content Access, both on the Forum topic content type and the forum administration pages.

If you enable the Devel main module, you can go to admin/settings/devel#edit-devel-node-access-debug-mode and enable Devel Node Access's debug mode. This will show you which of the records are granting which type of access to the current user. Please post that output as well.

The "all" realm record is probably (and illegitimately, IMO) provided by Content Access — debug mode will show where it comes from.

The fact that user who can view a node can also post comments to it, is a long-standing issue, that I haven't been able to address yet. See #123152: Comment creation and other active issues in the queue.

logicexpertise’s picture

logicexpertise commented
Status: Postponed (maintainer needs more info) » Closed (fixed)

I disabled content-access, and looking at the output from the devel module, it appears that workflow is the culprit:

node	realm	gid	view	update	delete	explained
Parkwood Fuel	workflow_access	1	1	0	0	
Parkwood Fuel	forum_access	2	1	0	0	authenticated user
Parkwood Fuel	workflow_access	2	1	0	0	
Parkwood Fuel	forum_access	3	1	1	1	parkwood administrator
Parkwood Fuel	workflow_access	3	1	1	1	
Parkwood Fuel	workflow_access_owner	3	1	0	0	
Parkwood Fuel	forum_access	4	1	0	0	distributor
Parkwood Fuel	workflow_access	4	1	0	0	
Parkwood Fuel	acl	5	1	1	1	forum_access/4: parkadmin, parkadmin2
Parkwood Fuel	workflow_access	5	1	1	1	
Parkwood Fuel	workflow_access	6	1	1	1

I still haven't managed to figure out how to implement forum moderation, but apparently Forum Access works as it should, so I'm marking this issue closed.

Thanks for your help, and apologies for taking so long to get back to you.