Access control (Permission) is not checked for the nodes themself.

roychri - September 14, 2009 - 18:38

Project:	Node Blocks
Version:	6.x-1.2
Component:	Code
Category:	bug report
Priority:	normal
Assigned:	tom_o_t
Status:	needs review

Jump to:

I created a site where only the authenticated users could see the content of the nodes.
Using the nodeblock module I saw that anonymous users could still see the content of the block and node.

So this means that this module does not verify that the current user have permission to see the content of the node.

Steps to reproduce:

create a new content type and configure it to be a nodeblock type.
Create a new node from that content type
Assign your node to a region (using the admin/build/block page)
change the permissions so that only authenticated users can access content.
Logout
Expected Behavior: Not able to see the node you created

» Login or register to post comments

#1

roychri - September 14, 2009 - 18:42

Status:

active

» needs review

Here is my proposed patch.

Attachment	Size
577234.patch	551 bytes

Login or register to post comments

#2

tom_o_t - November 30, 2009 - 21:59

Assigned to:

Anonymous

» tom_o_t

I can reproduce this. I'll check with Roger, but most likely will roll this patch next time I'm working on the module.

Login or register to post comments

Drupal is a registered trademark of Dries Buytaert.