I haven't determined yet if this is the cause of my site's configuration but content on admin/domain/content, admin/domain/content/all and admin/domain/content/domain name is visible to anonymous users.
These pages should be only visible to users with edit domain nodes and/or administer nodes permission. The problem seems to be the wildcard in domain_content_menu() function, when the first item path is changed to admin/domain/content/list everything works as expected.

CommentFileSizeAuthor
#9 domain_content.module.patch3.42 KBariflukito
#6 admin.png69.22 KBagentrickard
#6 editor.png26.11 KBagentrickard
#2 dc.patch3.65 KBagentrickard
#2 dc-5.patch725 bytesagentrickard

Comments

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Priority: Normal » Critical

Confirmed. Turn off the module until a fix can be applied.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Active » Needs review
StatusFileSize
new dc-5.patch725 bytes
new dc.patch3.65 KB

Here are patches for D6 and D5.

nonsie’s picture

nonsie
she/her
Primary language Estonian
commented

Patch above fixes the bug reported.

edit: once again I'm not sure if it's DA or my setup but there's now only one menu item named "Content for all affiliate sites" (admin/domain/content/all) in Navigation->Administer and affiliate sites are listed straight under Navigation at the same level with Administer.
Also admin/domain/content lists no affiliates even when affiliates exist and user has permissions to them.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Needs review » Needs work

This is due to a change in the menu system that we have not accounted for. Any testing you can do to make this work properly is appreciated.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

Make sure you clear the cache to rebuild the menus.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
StatusFileSize
new editor.png26.11 KB
new admin.png69.22 KB

Hm. Works for me. Be sure the user has the 'edit domain nodes' permission and that the 'Use access control for editors' option is set under 'Advanced settings.'

Screenshot 1: 'editor.png' is the restricted editor
Screenshot 2: 'admin.png' is the admin user

nonsie’s picture

nonsie
she/her
Primary language Estonian
commented

Thanks, Ken. I had 'use access control' unchecked and therefore I no longer saw affiliate publishing (which is how it is supposed to work).

Anyone else willing to test this patch?

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Needs work » Needs review

Let's hope so, but you should be good to use it, patched.

The theory, by the way, is that only 'domain editors' -- or people who 'administer nodes' -- should be using this screen. We could also allow users with 'set domain access' to see this page. I need to check the documentation for accuracy on this point.

ariflukito’s picture

ariflukito commented
StatusFileSize
new domain_content.module.patch3.42 KB

hi ken, the patch failed to apply on HEAD
here is the updated version with minor change
- 'access argument' is default to empty array so we don't need to specify it.

edit: it works for me

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Needs review » Fixed

Nice catch. Committed.

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.