The code used to determine if a node type can be created by the current user is broken.

A user with 'administer nodes' does not always have permission to create all types of nodes currently defined in the system. Using the node_access() function always returned TRUE for any node type if the user had 'administer nodes' permission set.

The attached patch changes the way the form detects what node types are available to the user. The code is taken from the ?q=node/add page -- in the node_add() function.

CommentFileSizeAuthor
addform.patch429 bytesbudda

Comments

jvandyk’s picture

Status: Reviewed & tested by the community » Fixed

Committed, thanks.

Anonymous’s picture

Status: Fixed » Closed (fixed)