FA grants appear not to 'stick' or be applied.
| Project: | Forum Access |
| Version: | 6.x-1.0-beta3 |
| Component: | Miscellaneous |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Hi
When I edit a forum or container, to change the access permissions for various roles, then save, I get a reasonable response:
* The forum Test forum has been updated.
* The content access permissions have been updated.
However the permissions are not applied. The logs state the grants were changed for the forum or container, and there appear to be no errors.
I don't know if the Node Access Summary (quoted below) is showing the expected information or not, however it does indicate there are nodes which are not in the node_access table, though the hyper-link against the count of those nodes points to a non-existent page, http://mysite/devel/node_access/view/NULL.
Do you have any ideas what might cause this effect, or suggestions for continued troubleshooting?
ACL 6.x-1.0-rc1
Forum Access 6.x-1.0-beta3
I have not had previous versions of these modules installed, although I have uninstalled and then re-installed (to no effect on the issue), as I have bneen looking at this, to see if I missed any informational messages during that process (fairly sure everything went smoothly there!).
DNA block information for a forum node after application of access permissions:
node prio status realm gid view update delete explained
47 0 empty acl 0 0 0 0 1: forum_access/32
Node_access summary
Legacy Nodes
You have 2 nodes in your node table which are not represented in your node_access table. If you have an access control module installed, these nodes may be hidden from all users. This could be caused by publishing nodes before enabling the access control module. If this is the case, manually updating each node should add it to the node_access table and fix the problem.
Access Granted to Some Nodes
The following realms appear to grant all users access to some specific nodes. This may be perfectly normal, if some of your content is available to the public.
realm public nodes
Public Nodes realm public nodes
all 31
Info about mysql tables with name 'acl' within, just in case it helps:
mysql> pager grep acl
PAGER set to 'grep acl'
mysql> show tables;
| acl |
| acl_node |
| acl_user |
95 rows in set (0.00 sec)
mysql> select * from acl;
| acl_id | module | name |
3 rows in set (0.00 sec)
mysql> select * from acl_user;
Empty set (0.00 sec)
mysql> select * from acl_node;
| acl_id | nid | grant_view | grant_update | grant_delete | priority |
4 rows in set (0.00 sec)
mysql>
Thanks
Richard
#1
Sorry missing information re. contents of tables above due to mysql pager. Below is the contents of various tables after I have attempted to apply permissions to one forum.
mysql> select * from forum_access;
Empty set (0.00 sec)
mysql> select * from acl;
+--------+--------------+------+
| acl_id | module | name |
+--------+--------------+------+
| 1 | forum_access | 32 |
+--------+--------------+------+
1 row in set (0.00 sec)
mysql> select * from acl_user; select * from acl_node;
Empty set (0.00 sec)
+--------+-----+------------+--------------+--------------+----------+
| acl_id | nid | grant_view | grant_update | grant_delete | priority |
+--------+-----+------------+--------------+--------------+----------+
| 1 | 47 | 1 | 1 | 1 | 0 |
+--------+-----+------------+--------------+--------------+----------+
1 row in set (0.00 sec)
mysql> select * from node_access;
+-----+-----+-------+------------+--------------+--------------+
| nid | gid | realm | grant_view | grant_update | grant_delete |
+-----+-----+-------+------------+--------------+--------------+
| 1 | 0 | all | 1 | 0 | 0 |
| 2 | 0 | all | 1 | 0 | 0 |
| 3 | 0 | all | 1 | 0 | 0 |
| 8 | 0 | all | 1 | 0 | 0 |
| 19 | 0 | all | 1 | 0 | 0 |
| 20 | 0 | all | 1 | 0 | 0 |
| 21 | 0 | all | 1 | 0 | 0 |
| 22 | 0 | all | 1 | 0 | 0 |
| 23 | 0 | all | 1 | 0 | 0 |
| 24 | 0 | all | 1 | 0 | 0 |
| 25 | 0 | all | 1 | 0 | 0 |
| 27 | 0 | all | 1 | 0 | 0 |
| 28 | 0 | all | 1 | 0 | 0 |
| 29 | 0 | all | 1 | 0 | 0 |
| 30 | 0 | all | 1 | 0 | 0 |
| 31 | 0 | all | 1 | 0 | 0 |
| 32 | 0 | all | 1 | 0 | 0 |
| 33 | 0 | all | 1 | 0 | 0 |
| 34 | 0 | all | 1 | 0 | 0 |
| 35 | 0 | all | 1 | 0 | 0 |
| 37 | 0 | all | 1 | 0 | 0 |
| 38 | 0 | all | 1 | 0 | 0 |
| 39 | 0 | all | 1 | 0 | 0 |
| 40 | 0 | all | 1 | 0 | 0 |
| 41 | 0 | all | 1 | 0 | 0 |
| 42 | 0 | all | 1 | 0 | 0 |
| 43 | 0 | all | 1 | 0 | 0 |
| 44 | 0 | all | 1 | 0 | 0 |
| 45 | 0 | all | 1 | 0 | 0 |
| 46 | 0 | all | 1 | 0 | 0 |
| 48 | 0 | all | 1 | 0 | 0 |
| 49 | 0 | all | 1 | 0 | 0 |
+-----+-----+-------+------------+--------------+--------------+
32 rows in set (0.00 sec)
Above following manually dropping tables, then reinstalling. Still not understanding my my permissions are not being applied. Feel like I must be missing something very obvious as others obviously have this running!
-R
#2
This has me puzzled, too.
The contents of the {acl} and {node_access} tables look normal, but you should also have records in the {forum_access} table, but since these don't show in the DNA output, it seems to be empty.
It looks as if after uninstalling you've reinstalled only acl, but not forum_access. Try setting forum permissions again and check what you find in the {forum_access} table.
#3
Thanks for responding.
FA is definitely enabled. When it is disabled, the permissions settings disappear from the /admin/content/forum/edit/forum/32 page (for example).
I did some further investigation here as follows, and I think I found a bug around line 557 of forum_access.admin.inc in the funtion _forum_access_form_submit().
Line 557 is causing the foreach() loop, started on the line above, to exit early each time, and the result will be the same for each time we pass through the loop as nothing is changing the value of $tid before we exit the loop. Perhaps it is just chance this effects my particular set up of roles and their permissions. Should like 557 refer to $rid not $tid? Certainly making that change appears to fix the problem in this case, however I'd like your feedback in case my interpretation of this is wrong, and in case I'll be suffering unintended consequences later as a result of that change.
556 foreach ($access['view'] as $rid => $checked) {557 if (!empty($form['forum_access']['view'][$tid]['#disabled'])) {
558 continue;
559 }
560 $grants[] = array(
561 'realm' => 'forum_access',
562 'gid' => $rid,
563 'grant_view' => (bool) $checked,
564 'grant_update' => !empty($access['update'][$rid]),
565 'grant_delete' => !empty($access['delete'][$rid]),
566 'priority' => $fa_priority,
567 );
568 db_query("INSERT INTO {forum_access} (tid, rid, grant_view, grant_update, grant_delete, grant_create, priority) VALUES (%d, %d, %d, %d, %d, %d, %d)", $form_state['values']['tid'], $rid, (bool) $checked, !empty($access['update'][ $rid]), !empty($access['delete'][$rid]), !empty($access['create'][$rid]), $fa_priority);
569 }
I see in the 6.1.x-dev version, there is much code which has changed around that area and elsewhere.
I'm a Drupal noob so all this is good fun, as it forces me to learn about it's inner workings!
Cheers
Richard
#4
Ah, yes, sorry. Definitely $rid not $tid. I got side-tracked, but I'll definitely make a new BETA based on the -dev version this weekend.
Is the -dev version working for you?
#5
Yes that is the only issue I have found on initial testing. I'll let it loose on a site next week to see what happens with real users. :)
-Richard
#6
Just kind of an FYI but our site was also affected by this bug, and the above change did work for us as well!
So thank you Richard for finding it!
Looking forward to the new beta release.
#7
Thank you for the feedback.
Fixed in BETA4. Please update!
#8
Automatically closed -- issue fixed for 2 weeks with no activity.