Cannot ungrant anonymous view permission for new content type

I am having this excat same problem, I have a role "members" and unticked all other boxes apart from "members" and when I click submit the annonymous reappear. Please help :)

Same issue here. On my 6.9 sites, working fine.

Same here, the only way to get around this problem so far was rolling back to drupal 6.9. It's a drupal version issue as I could notice.

Exactly the same problem here...
Drupal 6.10,
Content_Access 6.x-1.0,

Content_Access 6.x-1.0 with Drupal 6.8 works ok...but with Drupal 6.10, the same issue....

subscribing

Just adding some info, not only for a new content type, but for all site content already published. If you need to change the permission of published contents or you want to modify your content access for an existing content type it's impossible to ungrant anonymous permission because it keeps checking back the anonymous permission when permission changes are submited.

Yes same issue here. Anonymous always to be granted. Worse than that, anonymous can now edit and delete which was not the case before.

Roll back to Drupal 6.9 until this module corrects this issue with Drupal 6.10 bitsize. A strange thing is that it seems that the module developers are not visiting this issue, no response until now. This module is great and my site has a heavy dependence on this module.

I am having this same problem as well. Downgrading to 6.9 is not an option.

Currently running d6.10, other access module is Taxonomy Access Control version 6.x-1.x-dev

Cannot deselect anonymous role from Content Access. Also, users still have access to nodes when I uncheck their roles in the access page. I've set the Content Access priority to a negative and a positive number, no change in behavior.

Of course, disabling TAC solves the problem with Content Access allowing roles access to things they shouldn't have. But I need TAC for the main part of my access control. I only really need to deny viewing of particular content types to everyone except a couple roles.

And even disabling TAC doesn't allow me to deselect the anonymous role.

Subscribing.

You tried to downgrade to D6.9 and the problem persisted? I downgraded and all worked fine again. The difference is that I don't have multiple modules to control content access only the module content_access.

Can't downgrade, we're running this on a Windows server and so are susceptible to the security hole in 6.9 that was fixed by 6.10.

same issue for me after upgrading to Drupal 6.10.

I did some testing and found some strange database entries:

Example: I allowed view access (only) to user group #3 for node #1508. After saving permissions there were 3 entries in table node_access:

1) node: 1508 | gid: 3 | realm: content_access_rid | grant_view: 1 | grant_update: 0 | grant_delete: 0
2) node: 1508 | gid: 1 | realm: content_access_rid | grant_view: 1 | grant_update: 1 | grant_delete: 1
3) node: 1508 | gid: 1 | realm: content_access_author | grant_view: 1 | grant_update: 0 | grant_delete: 0

Entry #1 seems to be the normal behaviour as I found similar entries for earlier nodes (created before upgrading to 6.10).
The other 2 database entries with all grants set to 1 (#2) and realm set to "content_access_author" (#3) do not show up for any earlier nodes.

Hope, this may be of help when fixing the problem.

------

Workaround for those who cannot (or do not want to) revert to Drupal 6.9:

Run a cron job which eliminates all entries from node_access where gid=1 AND realm=content_access_rid AND grant_view=1 AND grant_update=1 AND grant_delete=1
I suspect no one is running a Drupal site, where anonymous users (gid=1) are granted delete access for a node. Therefore these database entries should usually not be necessary.

However: I take no response for any unwanted data losses :-)

Subscribing. I'm having this issue as well.

Subscribing, I too suffer from this malady.

Same here. Please someone post a potential fix... Do we know where the code is breaking? why are those rows in the database if they are causing the issue?

This is a security issue.

Found a patch at #384916: Permissions for anonymous user not saved but did not yet try if it's working.

Perhaps anyone could do so and post a feedback.

Thx!

the patch is working...

Thx!!

I can confirm that too. My version of Content Access 6.x-1.0 required patching and was a success with the patch above. Thanks

patch is working for me, too.

Yes, it is working - but is it safe???

And you may have to go through all the content types and reinstate the original settings.

Not sure how to avoid this. Seems a bit risky if the upgrading to Drupal 6.10 wipes out such a sensitive settings as access_control.

Which in turns prompts my question is the patch safe or is it opening up a whole that was plugged by Drupal 6.10 release?

Thanks for this module, the good work and general support all around - a real joy to work with Drupal.

I doubt that this patch opens any security holes.

CA module obviously uses some core Drupal functions for form processing which have been updated (and hopefully improved?) in 6.10. In other words: Former Drupal versions accepted some "fuzzy" (and therefore potentially insecure) form input which 6.10 does not.

I'm not sure about this, it is just a guess. But I am quite confident that applying this patch is far better than reverting to Drupal 6.9

Working for me too until now, any other problem I'll report.

same issue.
Subscribing ...

same problem here - subscribing

patch mentioned in #18 works for me too!

Patch working here as well. I'm bumping the status to 'code needs review' in the hopes that someone with more knowledge of the changes in Forms API can speak to whether or not the code contained in the patch is secure. If it is, then this patch should go to RTBC pretty quickly.

duplicate of #384916: Permissions for anonymous user not saved

Subscribing. Experiencing same issue.