Why?

  $items['admin/content/node-settings'] = array(
    'title' => 'Post settings',
    'description' => 'Control posting behavior, such as teaser length, requiring previews before posting, and the number of posts on the front page.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('node_configure'),
    'access arguments' => array('administer nodes'),
    'file' => 'node.admin.inc',
  );
  $items['admin/content/node-settings/rebuild'] = array(
    'title' => 'Rebuild permissions',
    'page arguments' => array('node_configure_rebuild_confirm'),
    'file' => 'node.admin.inc',
    // Any user than can potentially trigger a node_acess_needs_rebuild(TRUE)
    // has to be allowed access to the 'node access rebuild' confirm form.
    'access arguments' => array('access administration pages'),
    'type' => MENU_CALLBACK,
  ); 

I don't see here any sense.
If somebody doesn't have access to admin/content/node-settings (no 'administer nodes'), why he should have access to admin/content/node-settings/rebuild and rebuilding the permissions?
And after that see page to which he don't have even access.
It's a bug?
Permission in second item should be the same:

    'access arguments' => array('administer nodes'),

instead of:

    'access arguments' => array('access administration pages'),

Comments

kenorb’s picture

File: modules/node/node.module

mikey_p’s picture

Category: support » bug

I'd call this a bug report rather than a support request.

mile23’s picture

Version: 6.x-dev » 6.15

Still there in 6.15.

See also: http://drupal.org/node/359356 ("Access Denied" when trying to Rebuild access rights.")

gpk’s picture

Status: Active » Closed (works as designed)

IIRC the reason users with 'access administration pages' can rebuild node permissions is that they may be able to do other things that cause a rebuild to be required.

Also I think #359356: "Access Denied" when trying to Rebuild access rights. is unrelated.