Closed (duplicate)
Project:
Taxonomy Access Control
Version:
5.x-2.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Reporter:
Created:
7 Aug 2008 at 08:51 UTC
Updated:
27 Feb 2010 at 22:33 UTC
I have a category with a couple of terms. The category is not required, the user may leave the choice blank. In Taxonomy Access Permissions I only have specified Allow as the default rule for this category.
When I create a node with no choice made for this cat, there will appear no record in node_access for this node, resulting in no access to the node. When I then choose rebuild access permissions (admin/content/node-settings/rebuild) the records in node_access suddenly appear and access to the node is granted.
Bug? Or am I missing something?
Comments
Comment #1
toniw commentedJust installed a fresh D5.9 with just TAC to rule out other modules causing the observed behavior.
- create category with two terms
- setup TAC permissions for anonymous user to have global default Deny and your cat default Allow
- create a node without choosing a term for your category
node_access now has:
goto admin/content/node-settings/rebuild to rebuild the permissions
Now node_access has:
Comment #2
cpugeniusmv commentedI was able to reproduce the described behavior using your procedure in #1. This may be a bug, I'll look into it.
Comment #3
toniw commentedI'm currently hunting this problem down since it bites my sites big time.
Initially I thought the problem was simple: in function taxonomy_access_node_access_records() is this test:
As it happens $node->taxonomy is not the same at node-save time as it is while rebuilding permissions (in the above use case). If you do not select a term for the category, then $node->taxonomy is an array with one element being an empty string. While rebuilding permissions it is a zero sized array.
On node save time the if-construct takes the if part, otherwise it takes the else branch.
Once you change the if into:
then the above situation is resolved.
But of course this is a way too simplistic fix. It will not work if we have more than one category, of which some might be not required.
While trying to resolve this, I stumbled on a more philosophical issue. If you do not select a value for a not required category, which access rule should be applied? Is it the default for that category? Or should the access rules for that category be totally ignored and should the default for the role be applied? Think about this for a while before answering. The consequences might be huge...
While at it, should this query:
not better be written like this:
No need to join with the node table if we don't use any field of it...
Comment #4
xjmI believe this is the same issue as in #727696: Global defaults do not work properly on some sites.