node

I see.
The access hook isn't considered on this page.

Not sure there is a clean way to prevent this.
At now I found this solution :

function stormorganization_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
  switch ($op) {
    case 'view':
      global $user;      
      if (!stormorganization_access('view', $node, $user)) {
        $node = NULL;
      }
      break;
  }
}

And, with this function in storm.module file ?

function storm_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
  switch ($op) {
    case 'view':
      global $user;      
      if (!node_access('view', $node, $user)) {
        $node=NULL;
      }
      break;
  }
}

Yes, but it's not possible to do something more.
It would be necessary to rewrite the Drupal routine that creates the /node page.

I haven't had a change to look at the code yet but my guess is if you remove bit for the front page the issue would go away.

thanks
Robert

I had to remove the nodeapi hook implementantion.
It caused problems with other modules.

I'll figure out a different solution.

I figured out a way to fix this in the correct way and to work everywhere and also
in conjunction with others node access control systems.

It involves the use only of some sql code, in the hook db_rewrite_sql.

Here there is the idea :

select * from node n
where
(
case n.type
when 'stormproject' then (select if(spr.organization_nid=5 and n.uid=1,0,1) from stormproject spr where spr.vid=n.vid)
else
0
end
)=0

Implemented for MySQL in the version 1.6.

So, the view is using "node" as primary table but is passing "n" as primary table to db_rewrite_sql api.
I'll take a look at node_access system to understand how it is able to correctly use the alias name.

Just tried with frontpage standard view under D5.
It seems to me to work correctly.

Are you using some custom code ?

I think I have figured out what was happening.
It should be fixed now in the latest storm.module file in cvs.

Can you test it ? Thanks.