Closed (fixed)
Project:
Swish-E Indexer
Version:
5.x-1.1
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
12 Jun 2008 at 23:09 UTC
Updated:
3 Jul 2008 at 00:07 UTC
I noticed that there is no access control on indexed files that are listed in search results. If the user can not access the node for the file, it should not be listed.
Here is suggested code for swish_search('search') that I believe would address this:
$node = node_load($text_item->nid);
// Return this row only if user has access to view the node
if (node_access('view', $node)) {
$find[] = array('link' => $link0, 'title' => $title, 'snippet' => $snippet, 'extra' => $extra, 'node' => $node);
}
This is based on modified code that I have submitted here: http://drupal.org/node/269530 and here: http://drupal.org/node/269990
Comments
Comment #1
yasSomebodySysop,
I tried it and it works. I really, really, really appreciate you for your snippet.
Comment #2
yasTo ensure the process, I suggest to add isset($node) into if-condition like this:
Comment #3
yasI am sorry that I found that this would be covered by http://drupal.org/node/269530#comment-887060.
So ignore #2.
Comment #4
somebodysysop commentedI realized that what I really needed was a different implementation of the swish.module. My need was not only to enforce file access on the node level, but on the file level as well. I've created a new module, and for this particular section, an additional hook_nodeapi option: 'file' (unsupported by Drupal core):
And, I haven't even began working on enforcing organic groups access control. But, thanks anyway!
Comment #5
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.