Closed (fixed)
Project:
Taxonomy Access Control
Version:
4.6.x-1.x-dev
Component:
User interface
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
27 Jan 2006 at 03:21 UTC
Updated:
28 Apr 2006 at 14:30 UTC
I had trouble getting access control to work properly for some new user roles that I created. I'm running Drupal 4.6.5 with taxonomy_access installed.
I set editing rights for these roles to edit pages, yet users with the roles weren't able to do page editing. Giving them node editing access worked, but it should work with just page editing access.
I found that I had some page nodes that weren't assigned to a vocabulary, and when I went through and assigned ALL pages to a vocabulary, then it started working. I would still consider this a bug though, since it should work if some of the pages aren't assigned a taxonomy. Right?
Comments
Comment #1
keve commentedYou have to give permissions for user_roles on admin/access page: either: e.g: 'create story', 'edit own story', etc. Or for all node types: 'administer nodes'.
>it should work if some of the pages aren't assigned a taxonomy. Right?
Right, it should work. These are 'uncategorized nodes'.
Did it solved your problem?
Comment #2
ob3ron commentedI set access on both the 'admin->access control' page, and category permissions for those roles. It wouldn't work until I set a vocabulary for all pages.
Comment #3
keve commentedOk. so you have a problem with "update" permission for 'uncategorized' nodes.
I did not understand.
-Can you check if view, and delete permissions work for 'uncategorized' nodes for given user role?
-When you submit category permission page, does it save the settings all right for 'uncategorized'? (Go back to the same category permission page of the given user role, and check it).
- If you disable and then enable the module on admin/settings/taxonomy_access, does it solve your problem? (It makes a complete 'housekeepin' of the node_access table, which controls eg. update permission for nodes)
Comment #4
ob3ron commentedThe problem was that when I didn't have all pages categorized, none of them could be edited by those user roles. Now that I've categorized all of the pages, I've worked around the problem. I just posted this bug report so that the issue could be looked at, so other users don't face the same problem.
The roles could view the pages fine, they just couldn't edit. I never checked if they could delete, since I didn't give them that permission anyway.
I did try disabling and enabling the module -- and it did start working after I had done that and categorized all page nodes. I can't remember absolutely whether I checked right after disable/enable to see if it worked, but I think I did. It's a pain to troubleshoot this, since testing every change requires logging out and logging back in as a different user with the new user role.
Here, in a nutshell, is what I see as being the bug:
That's the situation that I had, and I was unable to edit any pages with that user role, even if they were in a category that had permission set. If it was just some kind of glitch that only affected me, great, no problem. But if it's reproducible, then there's a bug. The workaround for me was to categorize all pages.
Hope that makes it clear!
Arvana
Comment #5
nydrupalfan commentedThis bug is real, I just experienced it. Designated roles (without administer nodes permission) cannot edit stories flagged with the appropriate taxonomy UNLESS all posts are categorized. Any ideas how to fix this?
Comment #6
mfredrickson commentedI might be seeing a similar problem on 4.7:
When I set a node's term via the database (i.e. I write an SQL UPDATE/DELETE/or INSERT on the term_node table), the access permissions work intermitantly.
Sometimes they work, but if I change the node's term (via a module I'm working on) all the permissions break. I can return to having correct permissions by disabling and renabling the module.
While I only have 1 node (thus my problem is not having some node uncategorized), the symptoms sound very similar.
-M
Comment #7
mfredrickson commentedOk. I think I'm on to something. The problem is with this block of code in nodeapi (at least in 4.7)
For starters: terms are objects. Note how we now need:
Secondly, the bit_or aggregate function performs strangely. Expected behavior:
However if we have a table with values other than 0 and 1 in the bit_or'd column we get:
The term access table has values other than 0 and 1 in it's
grant_*fields I think we are getting really weird responses. (I think it is behaving the same as the MAX aggregator function).I'm not sure exactly what the fix is. There are two possibilities. Should the node_access table only have values of 0 and 1, or should this block of code be written to do something else.
Advice?
Comment #8
mfredrickson commentedOk. I figured out my problem, at least.
This method runs at during the nodeapi function. It assumes that all changes to the taxonomy will have occurred by the time the update code runs.
My module changes the terms of the node by calling taxonomy_node_save during the insert/update phase as well. My code must run after and/or not change the taxonomy of this object.
Sadly, taxonomy_node_save does not call any hooks nor does it call the more generic node_save. Arg.
I take back (some) of my earlier critiques of TAC. Attached is a patch that fixes at least one issue: terms as objects.
-M
Comment #9
nydrupalfan commentedThe module still seems to only let designated users edit posts randomly. I'm not sure why it is behaving so erratically. I have tried emptying the node_access and term_access tables and rebuilding them by enabling the module, but it doesn't seem to help. Mfredrickson, do you think this is related to the problem you found? Could you post your patch?
Also, I have the problem both in drupal 4.6 and cvs.
Comment #10
keve commentedI will try to check this bug.
BIT_OR: is bitwise OR. (You have to group by another column, not the one, that you need the OR operation for)
That is OR operation for 1,1,2 is 3. It is a binary OR that is BIT_OR: 01, 01,10 is 11. That is 3.
Comment #11
keve commentedFor arvana's problem, i found the bug in function _refresh_node_access_table().
- The SQL query did not fetch values for grant_update, grant_delete.
(Bug is fixed for both 4.6 and 4.7).
Comment #12
keve commentedI mark issue 'fixed', since orginal bug reported by arvana is fixed.
mfredrickson: If your problem persist, please create another bug report.
Comment #13
(not verified) commented