If you give a role the permission to 'ask a question', then they can type in www.yoursite.com/node/add/question and they can create a new question on your site without approval. I don't know if this is the same in 5.x. I haven't tested it. I have just tested on the latest 6.x-1.x-dev

CommentFileSizeAuthor
#1 question_519626_permissions.patch796 bytestanoshimi

Comments

tanoshimi’s picture

tanoshimi commented
Issue tags: +Question-6.x release blocker
StatusFileSize
new question_519626_permissions.patch796 bytes

It looks like question_access is checking the wrong permission. Currently, permission to create a question node is granted to users with "ask questions" permission, but the question node is really the question and answer combined, which should therefore only be given to users with the "manage questions" permission.
Permission to create questions (i.e. to add a new row to the question_queue table) is controlled by the "ask questions" combined with the value of the question_require_registered variable in question_qform().

Attached patch should correct this.

tanoshimi’s picture

tanoshimi commented
Assigned: Unassigned » tanoshimi
Status: Active » Needs review

changing status

tanoshimi’s picture

tanoshimi commented
Status: Needs review » Reviewed & tested by the community

This patch passes the tests created in http://drupal.org/node/758638, so I'm going to mark it as Ready To Be Committed.
As soon as my cvs access is sorted out, I'll commit both the patch and the test!

tanoshimi’s picture

tanoshimi commented
Status: Reviewed & tested by the community » Fixed

Committed to 6.x-1.x-dev branch.

Status: Fixed » Closed (fixed)
Issue tags: -Question-6.x release blocker

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.