Jump to:
| Project: | Simple Access |
| Version: | master |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
For the drupal-6 versions of this module (stable and -dev) in a very simple setup with exclusive access groups A B (and roles==groups), a node that is set to be view/edit/delete-able *only* by Owner and group A stops being viewable by group B. That's expected. However, group B can *still* edit pages by going to node//edit. The same aparently does not work for node//delete. The same behaviour can be observed for all other users (not in groups A or B), i.e. view/delete access is denied, however edit still works.
After some investigation, this seems to be related - at least to an extend - to content type specific permissions on admin/user/permissions, however the interaction isn't clear here. Seems like the interactions here should be explicitely documented by the module (at leats in README) and ideally options that don't have any effect (e.g. Acces-Owner-(View/Edit/Delete) if admin/user/permissions allows all kinds of owner access) shold be disabled in the Access form.
Comments
#1
Did you try Post settings - Rebuild permissions after changing the node's Simple Access settings?