AJAX search by author name works fine as superuser (user/1) and other roles I defined.

However, AJAX search by author name doesn't work for any role that doesn't have the permission 'admin cmf module'. By comparison, the 'search by author list' works just fine for that role.

I would have expected that users can use both 'search by author list' and 'search by author name' equally, as long as they have the permissions 'view user content list' and 'filter and manage site content'.

On a side note, this made me wonder what the permission 'admin cmf module' is used for in the first place. See separate support request: #501900.

CommentFileSizeAuthor
#6 incremental-search_drupal-project-cmf-1.png81.06 KBpips1
#6 incremental-search_drupal-project-cmf_role-site-architect-1.png88.81 KBpips1
#5 cmf_1.jpg68 KBnancydru

Comments

nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented
Status: Active » Postponed (maintainer needs more info)

The latest -dev code no longer has 'admin cmf module' and I am unable to reproduce this problem. If you can, please, confirm that this is no longer an issue, then mark this issue "fixed."

pips1’s picture

pips1 commented
Version: 6.x-1.6 » 6.x-1.7

I see that 'admin cmf module' is now gone in permissions. Ok, fine, if that didn't do anything in the first place. :-)

However, the "live search" (AJAX search) for 'title/subject' (new feature of 6.x-1.7) and 'user name' still only works for the superuser (/user/1). For any other (custom created) role, I don't get any available node titles / user names listed by the live search...

For comparison, I tested the live search of the cck nodereference with those roles, and the live search works just fine.

Can anyone reproduce this at all?

pips1’s picture

pips1 commented
Title: AJAX search by author name doesn't work without permission 'admin cmf module' ? » Live search (AJAX search) by 'title/subject' and 'author name' doesn't work for roles other than superuser
pips1’s picture

pips1 commented
Title: Live search (AJAX search) by 'title/subject' and 'author name' doesn't work for roles other than superuser » Live search (AJAX search) by 'title/subject' doesn't work / by 'user name' doesn't work for roles other than superuser

I just discovered that live search for 'title/subject' (new feature of 6.x-1.7) doesn't work with the superuser role either.

(However, the 'user name' works for the superuser).

nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented
StatusFileSize
new cmf_1.jpg68 KB

Here's a picture from my user/3 showing content selected with the "title/subject" filter. And I assure you that I tested it before committing it. BTW, I don't think the "title/subject" filter uses Ajax.

pips1’s picture

pips1 commented
StatusFileSize
new incremental-search_drupal-project-cmf_role-site-architect-1.png88.81 KB
new incremental-search_drupal-project-cmf-1.png81.06 KB

Hi Nancy, thanks for looking into this. Please have a look a the two attached screenshots.

pips1’s picture

pips1 commented
Title: Live search (AJAX search) by 'title/subject' doesn't work / by 'user name' doesn't work for roles other than superuser » Incremental find by 'title/subject' doesn't work / by 'user name' doesn't work for roles other than superuser
nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented
Title: User autocomplete also requires 'access user profiles' permission » Incremental find by 'title/subject' doesn't work / by 'user name' doesn't work for roles other than superuser

In order to use the user/autocomplete function, a user must have the 'access user profiles' permission. So, there are three ways to go here:

  1. Duplicate the user module's function within CMF, but with a different permission and hope this doesn't trigger a security issue.
  2. Skip that filter if that permission is not granted.
  3. Alter the user module menu to use either their permission or CMF's permission. There could be a huge security potential with this.

I sort of lean towards #2 because of potential security issues, but #1 would not be all that hard to accomplish. While #3 is not hard, I am very concerned about that.

The "title/subject" filter is not an autocomplete. You simply enter a string and the filter will find all nodes/comments with that string.

nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented
Title: Incremental find by 'title/subject' doesn't work / by 'user name' doesn't work for roles other than superuser » User autocomplete also requires 'access user profiles' permission

Changing title.

nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented
Title: Incremental find by 'title/subject' doesn't work / by 'user name' doesn't work for roles other than superuser » User autocomplete also requires 'access user profiles' permission
Status: Postponed (maintainer needs more info) » Patch (to be ported)

Fix committed to 6.x-1.x-dev. Will be ported to 5.x.

I went with option #1, which means that you will need to rebuild the menus (or clear cache).

nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented
Status: Patch (to be ported) » Fixed

Committed to 5.x-1.x-dev

nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented
Status: Fixed » Closed (fixed)