User who has permission to edit node type, but not 'create blocks for nodes' will overwrite block settings with defaults

If a user has the permission to edit the content type, but not fiddle with the block settings, things like visibility are returned to their default values. The attached patch, which will have incorrect line numbers as it is patched against the D6 port (#254339), adds a permission check to the hook_nodeapi update/insert op to prevent this.

Comment	File	Size	Author
#2	nodeasblock.module.patch	1.7 KB	jhedstrom
	nodeasblock.module.patch	3.1 KB	jhedstrom

Comments

Comment #1

dropcube commented 18 June 2008 at 05:36

Status:

Needs review

» Needs work

Could you please provide a patch for the 5.x branch ?

Log in or register to post comments

Comment #2

English

Portland, OR

commented 18 June 2008 at 21:17

Status	File	Size
new	nodeasblock.module.patch	1.7 KB

Here is the patch against the 5.x branch

Log in or register to post comments

Comment #3

dropcube commented 19 June 2008 at 00:32

Status:

Needs work

» Fixed

Committed to 5.x branch and HEAD. Good catch! Thanks jhedstrom.

Log in or register to post comments

Comment #4

Anonymous (not verified) commented 3 July 2008 at 00:34

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

Log in or register to post comments