When a module makes an SQL query to the node, and taxonomy core tables, it should pass the query string to db_rewrite_sql() which allows other modules (including the core node.module module) to filter the list of nodes returned.
In the case of node.module, it filters out the nodes to which the current user has no access.

Comments

avpaderno’s picture

See the Drupal documentation for more details.

Zohar.Babin’s picture

Status: Active » Fixed

fixed in 6.x-1.4 and 5.x-1.3

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.