Editing a node changes its uid [#53336]

1. Create a user role 'x'
2. Allow 'edit' permission for all forum categories with taxonomy_access for role 'x'
3. Create a forum topic owned by some user
4. Create a user 'u' which has been assigned role 'x'
5. Log in as 'u' and edit the forum topic created in step 3
6. move the forum topic to a different forum

Expected behavior: the topic is still owned by the user that created it in #3
Actual behavior: the topic is owned by 'u'

(mysql, taxonomy_access.module 1.70)

Comments

Comment #1

keve commented 10 March 2006 at 11:22

Thanks for detailed bug report. I never got such a well documented one. :)

I will check it when i get home.

Did you check this, w/ taxonomy_access disabled? so is this happening only when u use TAC? I mean it is not a bug of forum.module?

Comment #2

Wesley Tanaka commented 10 March 2006 at 15:00

I haven't tested that case, no.

We can just move this issue to (Drupal, forum.module) if that's where the problem turns out to be.

Lots of forum and comment functionality seems to have broken when the forms api landed, so it's very plausible that's where the problem actually is.

Comment #3

Wesley Tanaka commented 10 March 2006 at 15:27

I just tried this:

1. Disable taxonomy_access, and unloaded the module
2. Gave 'administer nodes' permission to user role 'x'
3. Logged in as 'u' and went to a forum topic not created by 'u'
4. Moved the forum topic to a different forum

The forum topic remained owned by its original owner, as expected.

That's because the administer nodes permission is special cased in node_submit as:

  if (user_access('administer nodes')) {
    // Populate the "authored by" field.
    if ($account = user_load(array('name' => $node->name))) {
      $node->uid = $account->uid;
    }
    else {
      $node->uid = 0;
    }

    $node->created = strtotime($node->date);
  }

The place where this bug is introduced immediately follows:

  else {
    // Validate for normal users:
    $node->uid = $user->uid ? $user->uid : 0;

But the taxonomy_access 'edit' case is a third case. We don't want to take the uid from a 'name' field, nor do we want to set it to the user that did the edit. Instead, we want to want to preserve the node's pre-existing uid, whatever it was previously.

Comment #4

gollyg commented 11 March 2006 at 08:04

I am having a similar problem, although it does not involve the forum module. I am simple using taxonomy access (4.7b5) to control access. When I edit a node that is in a controlled vocab an authenticated user with appropriate role based permissions can no longer view it. If I disable and re-enable the taxonomy access through the settings page the access permissions are granted correctly. So each time a node is edited the module needs to be disabled and reenabled.
Am also using event and upload modules.
I will start a new issue if this is unrelated
cheers (and thanks for such a useful module!)

Comment #5

keve commented 12 March 2006 at 15:07

Status:

Active

» Fixed

Commited to cvs.

(gollyg: i added another issue about your problem.)

Comment #6

(not verified) commented 26 March 2006 at 15:16

Status:

Fixed

» Closed (fixed)

Editing a node changes its uid

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

News items

Our community

Documentation

Drupal code base

Governance of community