CCK field access permissions

It should just be a 6.x issue. CCK in 6.x comes with a module called "Content Permissions" that allows for role based, field by field, edit and view permissions. So there may be fields present in a content type that a given user doesn't have access to, and therefore won't show up in the presave $node.

CCK in 6.x also allows for other modules to control field level access directly through hook_field_access(). It's really a great addition, but because of it you just can't count on every field in content type to be present in $node for save.

Yep.. actually it's a little more bizarre then I first thought, as it seems to come after a couple "edits" of a node that has a *multiple value imagefield and access permissions. (Which is making me question if filefield/imagefield (or possibly cck) has a multi-value bug with access permissions, as the value changes)

In any event, to reproduce here is what I did:

- Started with a fresh Drupal 6.4 db
- Enabled CCK, Content Permissions, Filefield/Imagefield, token, imageapi, Filefield Path
- Create a dummy user and give them permissions to create, edit and delete "story" type content
- Add "field_images" imagefield to "story" as a multi-value imagefield (must be 2+, not single value)
- Login as "dummy" user and create a story node. (no error)
- as "dummy" user, edit the story node -- say add something to body (no error)
- as "dummy" user, edit the story node again -- say add more to the body (error will appear)

It's important that authenticated users don't have edit permissions to field_images, so that the "dummy" user doesn't have field_images on their form for creation/editing. If you output the value of $node->$field['field_name'] during the above scenario you'll see how it changes.

I'll take a peek at things more tomorrow as it does seem odd how the value changes after a couple edits. The patch certainly works around it, but still...