"Access denied" for userpoint details

I tested against dev and couldn't duplicate this issue.

Can you please test this again with
(1) disabling all contrib modules
(2) with the latest 6 dev version.

Thanks

That's interesting... I wanted to check this issue with current activated modules a few seconds ago. I already updated all modules to latest version and Drupal 6.9. There is no bug at the moment. Don't have time to check with the versions I mentioned above.

I've seen this too. It occurs when a user has no points transactions in the database. To be clear, a user can have zero points if they've received and then lost the points to total to zero. That is 2 transactions and they show in the /myuserpoints page. A user who has never received any points has no transactions and gets the access denied page instead. I would agree that this should be marked as a bug since an access denied page is confusing to a user.

great thanks you guy. I couldn't replicate so now that I have more information I'll try to duplicate and then fix this as soon as I can. I'm traveling today so I expect at least >12 hours.

I just tested this again. As user 1 and as a test user I was able to view the account details even if the account had 0 points (but transactions)
My tests were
2 users

Login as User 1
Grant 10 points to testuser
Grant -10 points to testuser
try to view account details at /myuserpoints/2 <--test user id
click on user's account /user/2 then click view
click on "Users by points" then click user's account then view next to points
Everything worked fine

Login as testuser
visit account click view
click on Users by points then details next to account.
These all passed.

So far I can't duplicate this error.

If you are still experiencing this error please try to document everything that is happening. You could try using something like Jing to screencast how to duplicate this error.

I'm trying here.

(I tested this on stable and dev)

OK now I'm closer to duplicating this error. This is what I have.

If I am user with 0 points and I navigate to /myuserpoints/3 then I get an "Access denied" message.
This is actually by design because that page doesn't exist (yet) moreover there are no links anywhere to this page.

Now I did find a "bug" but its not an "Access denied" error.
How to recreate
1) Create at least 2 additional users. we'll call them userpoints_admin and testuser
Grant userpoints_admin the permissions "administer userpoints" "view userpoints" "view user profiles"
2) Log in as userpoints_admin and navigate to /user/testuser (or the id of the testuser)
3) click "view" next to the 0 on the user account's page
--- a Page not found error will be returned.

tested again 6-x-dev.

OK based on what I saw before I "fixed" the issue. The issue was that the code was returning a page not found if the user in question did not have any transactions in the database. This "bug" arose from the new user permission "view own userpoints"; which elevated the former permission "view userpoints".

Its been fixed and committed to dev, give it some time and then check it out and comment.

I'm also having an access denied issue. It's on the top contributors page

http://www.breakpal.com/userpoints/list/all

I've went over and over my permissions and upgraded to dev and still have the problem..

Thanks

Phil

I have a same problem.

Please do not change the topic of the issue.
If there is a bug or an issue with userpoints top contributor please report it on that module.

At this point I do not know if 4venture is having an issue with top contributors or with the userpoints module.

Sorry, my bad. I was thinking I was in the right module

Sorry, I don't undestood at first time.
I can't see any userpoints before I added point to myself. After that everything is fine.
But I have question.
How I can remove my nickname from this list http://www.mysite.com/en/userpoints?
Is it possible?
Thanks.

Here is how to replicate the problem, in 6.x-1.0 & 6.x-1.x-dev also:

- admin (uid 1) & 1 user (eg. uid 3)
- add a point to the user
- goto auction/myuserpoints/3
as admin - access denied,
as the user - ok
- there is a link beside the username at admin/user/userpoints

To expand on ckng's steps, the specific issue is that any user who has no point activity in the database (not zero points as one could have activity that sums to zero) gets this error.
On my site, I had to manually add 1 point to my admin user (uid 1) and the other user who does some management so they both could access the general user's point info. The manual add was required since those users are exempt from earning points.

I have the same problem. If I'm the user, then I can see my own points. But as an admin role, I can click on "detail" next to each user's name, but access denied even though under points, it shows each users having 1 point.

I've just tried adding 1 point to admin role also and it still doesn't work. Under permissions setting everything that can possibly be checked are checked for the admin role.

I wasn't able to reproduce this problem /until/ in uninstalled userpoints (wiped the tables clean) and re-installed.

Now, as user 1, I can browse to a user's profile page and click the "view" link next to their userpoints but get an "Access Denied" message.

HTH,
Kevin

I too can confirm this issue. Here is my fix for it. When doing any special user access user 1 should always return true. I've also enabled it for those with points admin permission as well.

Replace userpoints_access_my_points() in userpoints.module with this:

The if conditional is all that is added.

#17 patch is good to go.

#17 works for me too.

Can we have a proper patch against -dev for this?

Committed.

Thank you.

Automatically closed -- issue fixed for 2 weeks with no activity.

Hello,

I would like to reopen this issue, since I have the same problem using the version 6.x-1.1 (2009-Oct-21). In that version, the patch of #17 is already integrated, but still I have the access denied error.

Thanks.

I experience the same problem.
Drupal 6.14
User Points 6.x-1.1

I am not familiar with patch, sorry. I re-wrote 2 lines at function:

function userpoints_list_my_userpoints() {
$overall_total = 0;
$unapproved_total = 0;
$approved_total = 0;

global $user;

// User which are displaying points for
$uid = (int)arg(1);
if ($uid) {
if ($uid != $user->uid && !user_access(USERPOINTS_PERM_ADMIN)) {
// If not the same as logged in user
drupal_access_denied();
return;
}
}
else {
// Default to currently logged in user
$uid = $user->uid;
}
$point_user = user_load(array('uid' => $uid));

// Check permissions
if(!user_access(USERPOINTS_PERM_VIEW)) {
// User has no access to view points
drupal_access_denied();
return;
}
elseif (!user_access(USERPOINTS_PERM_VIEW_OWN)) {
// User has no access to view own points
drupal_access_denied();
return;
}
... function continues....

The first change allow USERPOINTS_PERM_ADMIN to access althought they are not the requested user.
The second change allow USERPOINTS_PERM_VIEW override USERPOINTS_PERM_VIEW_OWN perm.

thanks for userpoints, these module is great!!

Hello Jose,

Thanks alot. This has solved my problem!

Yoel

#26 works like a charm. Fixes the problem with access to other users points, even with user 1.
Thanks Holoduke.

So, what is the verdict here? Can we agree on one right way to fix this so I can commit it?

k got rid of the else statement and put it in a proper patch.

In my case, a user can view his own points (details) but the administrator still cannot view userpoints of other users (/drupal/admin/user/userpoints) it says 'Access denied'