Download & Extend
Content Access » Issues

Conflict CA and Organic Groups OG Access

Posted by tenx on April 11, 2009 at 10:34pm
Project:Content Access
Version:6.x-1.1
Component:Miscellaneous
Category:support request
Priority:normal
Assigned:Unassigned
Status:active

Issue Summary

I have both CA module OG Access module installed on my site . ever since i enabled CA module . all OG home pages which were private and could only be accessible by its users are now public and accessible by every user. How can i get CA to play nice with the og access module .

Login or register to post comments

Comments

#1

Posted by fago on April 17, 2009 at 6:09pm

Try lowering the priority. Please report back if it works for you.

#2

Posted by tenx on April 21, 2009 at 8:47am

Hi there,

I have already lower the priority to 1, but still not working

#3

Posted by ksc on June 28, 2009 at 6:50am
Title:Conflict CA and OG Acess» Conflict CA and Organic Groups OG Access

subscribe - I have the same problem.

I use OG 6.x-2.0-rc3.
OG has an option for each group: "List in groups directory". When I enable this option all content will be shown also to non group users. I tried the weight/priority for goups and group content -10 and +10. No success.

When I disable the OG option "List in groups directory" and use priority -10 for all groups content type it works fine. But with this option non group members don´t see that the group excist and can´t request membership.

Any ideas from your side?

#4

Posted by ksc on June 28, 2009 at 7:31am

Did you (maintainer) ever thought about having a selection within CA to which content type it applies?

#5

Posted by ksc on June 28, 2009 at 8:35am

Good news. I seems to work now.
What I did: disable the module, enabled it again, rebuilt permission, set CA priority (weight) to -10 for content type groups (the groups itself) AND for all content types that can be used withing groups and set the permissions to the specific roles.

Hope this can be helpful for others too.

Thanks for the nice module - it is really of great help!

#6

Posted by itsnotme on July 7, 2009 at 12:37pm

I just tried the same including the troubleshooting but the authentified user could still see group nodes he had no view rights for.

Only when I set the group node Content Access weight to +10 (!) it worked in my case. Hmmm.

#7

Posted by fago on July 31, 2009 at 9:05am
Category:bug report» support request

Yep, I'd say it depends what you want: Should organic groups access system or the content access system should be priorisized?

Anyway I leave the issue open so others interested in this can find it.

#8

Posted by dpantele on November 4, 2009 at 10:31am

Well. And what if I want to only deny access using both modules? If one of them have denied access, then there is no access to node. And If it didn't happened --- you are welcome to view it.

#9

Posted by salvis on November 11, 2009 at 5:04pm

what if I want to only deny access using both modules?

The Node Access system works the other way around. Access is denied by default, and any NA module can grant access, but not take it away (except by increasing its priority, which will cause ALL of the other module's grants to be ignored completely).

#10

Posted by izmeez on November 11, 2009 at 5:09pm

subscribing

#11

Posted by dpantele on November 13, 2009 at 6:12pm

Thanks, salvis.

#12

Posted by ianchan on November 21, 2009 at 7:48am

Setting priority for the group content type is working. OG permissions take precedence. Great module... thanks for leaving this issue open.

#13

Posted by tallsimon on March 14, 2010 at 10:48pm

I found moving the priority to 10, rebuilding permissions and clearing cache seemed to work...

Edit: Totally messed up all permissions, including all those configured with forum access, rendering all our private forums public.... NOT GOOD, I would avoid using with OG!

#14

Posted by hefox on March 12, 2010 at 9:28pm

Og has an alter hook for it's node records, this module may also have an alter hook, but it'd require a third module to do the alterations. What those alterations are, not sure.

#15

Posted by salvis on March 16, 2010 at 8:17pm

Playing with Priority can indeed mess up everything, that's why it's under Advanced...

Use the Devel Node Access module (from Devel) to find out exactly what is happening.

#16

Posted by Rob_Feature on May 18, 2011 at 3:27pm

I have private OG groups and public OG groups. (separate content types, even). I have 'news' which can be posted in either group AND can be made public/private using content access. From my testing I dont think there's a way to have a priority setting for CA and OG which allows the same content to be posted in public or private groups and have it respect the setting of the group, falling back to CA for 'public'....

The reason this can't really be fixed, I think, is that access control only ADDS access, never removes it. So, as soon as a single module adds access, another module can't override that decision unless it has higher priority. And if that module has higher priority, the OTHER module can never override it's grants. So, in this way you can't setup a situation where og_access and CA both have an opportunity to deny access (working together as equals)...they both only have the opportunity to ADD access and which ever one has higher priority wins. And once one module does that, you're hosed.

So, this is really a structural problem with the drupal node_access system, I think...

#17

Posted by hefox on May 18, 2011 at 4:15pm

I add a third module that makes new grants based on the existing grant when trying to do multiple access control modules (that runs at higher priority).

For d6, olddd, but used my https://github.com/hefox/alter_grants to provide me a convient alter hook, but can be done without.

A bs-ed example: o I have grant_x with domain_f that that needs to AND with other module's grant_y, domain_s grant_x_domain_4_grant_y domain = s.