when I publish content, it is displayed on all my sites. I've read the README several times and read through all the posts I can find here but I can't figure out why.

I'm not doing this as an administrator. When I create content, it only shows up in the appropriate submenu under "Affiliated Content". When I publish, the "affiliates" column shows it is only assigned to one domain but when it is published it appears on all.

"New Content Settings" is set to "Only show on selected sites".

"Domain-based editing controls:" is set to "Use access control for editors"

Under "Access Controls" for my "moderator" role I have:
administer domains uncheck
assign domain editors uncheck
edit domain nodes check
set domain access check
view domain publishing check

Under "Node Access" I have administer content types, and administer nodes unchecked

I have not changed any of the default values for:
DOMAIN_INSTALL_RULE
DOMAIN_EDITOR_RULE
DOMAIN_SITE_GRANT

I've attached my node_access table dump. Any help is greatly appreciated. Thanks.

CommentFileSizeAuthor
node_access.sql_.zip6.94 KBjmunning

Comments

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

Term access is the issue.

Node Access is a permissive system. It uses OR to determine access control. So if term_access grants you access, domain access cannot take it away. Compare these two sets of records:

(2, 0, 'domain_site', 1, 0, 0),
(2, 0, 'domain_id', 1, 0, 0),
(2, 0, 'domain_editor', 0, 1, 1),
(2, 2, 'term_access', 1, 0, 1),

Node 2 is assigned to All Afiliates, and accessible from the default domain, plus to people with access to term 2.

(8, 0, 'domain_id', 1, 0, 0),
(8, 0, 'domain_editor', 0, 1, 1),
(8, 1, 'term_access', 1, 0, 0),
(8, 2, 'term_access', 1, 0, 0),

Node 8 is assigned only to the default domain, plus to people with access to terms 1 and 2.

Use the Devel module's 'Devel node access' module to help you debug conflicting rules.

The multiple_node_access patch (part of the download) attempts to correct this issue by allowing AND logic. However, the patch is being deprecated in favor of the Domain Access Advanced module, which needs to be backported to D5.

jmunning’s picture

jmunning commented

Ok, thanks very much. I will try the patch for now.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Active » Closed (fixed)
jmunning’s picture

jmunning commented

Sorry to bother you again but I've added the multiple_node_access patch, uploaded the new node.module file to my dev site, cleared the cache, and still all content is being posted to all sites no matter which type of user is posting it. Do I have to do something to make the patch take effect?

Am I missing something else? My most recent entry in node_access looks like:

544 1 domain_id 1 0 0
544 1 domain_editor 0 1 1
544 1 term_access 1 0 0
544 2 term_access 1 0 1
.

Here is what my node access summary looks like (not sure what to do with this info):
node_access summary
Access Granted to All Nodes (All Users)

Your node_access table contains entries that may be granting all users access to all nodes. Depending on which access control module(s) you use, you may want to delete these entries. If you are not using an access control module, you should probably leave these entries as is.
realm
domain_all
All Nodes Represented

All nodes are represented in the node_access table.
Access Granted to Some Nodes

The following realms appear to grant all users access to some specific nodes. This may be perfectly normal, if some of your content is available to the public.
Public Nodes
realm public nodes
domain_editor 444
domain_id 444
domain_site 27
Summary by Realm

The following realms grant limited access to some specific nodes.
Protected Nodes
realm private nodes
domain_editor 10
domain_id 10
term_access 447

Thanks for any more help, I am trying hard to figure this all out but it is still confusing.

jmunning’s picture

jmunning commented

I set the logic to AND instead of OR and cleared the cache but still no luck.

I also tried rebuilding permissions.

jmunning’s picture

jmunning commented
Status: Closed (fixed) » Active
jmunning’s picture

jmunning commented
Status: Active » Closed (fixed)

I was able to get this to work by changing the settings I had in Taxonomy from Allow to Ignore. Thanks!

kenorb’s picture

kenorb commented
Category: support » bug
Status: Closed (fixed) » Active

The same problem.
Even nodes which should be visible for user, are visible by additional domain_id and domain_site properties in node_access

kenorb’s picture

kenorb commented
Status: Active » Closed (duplicate)

Created new issue: #573626: Domain override default permissions