OG-type Posts are rejected when created via the web interface if they are not assigned to an OG group

IGNORE THIS PATCH :)

This adds a check to the hook_nodeapi() checks which ensures the logic is only applied when the node is created via the batch or cron methods. However, this isn't a perfect fix, for a number of reasons:

1. A legitimate node may be getting created via batch API but not via Mailhandler, eg node_import. So checking for batch or cron is not the correct method to identify whether the node should have OG restrictions applied. I need to inspect how OG does these checks when validating a node.

2. Mailhandler configuration permits one mailbox to create OG posts and another to create non-OG posts. So checking to see if this node creation is triggered by mailhandler isn't really relevant at all - except mailhandler offers one way of creating nodes in Organic Groups.

It would be good if OG exposed a method to check if user $uid may create a node (of type $type) in OG $gid. (Maybe it does?)

ok, this makes more sense, even if it does have to use form_set_error to prevent the node being saved ...

/**
 * provide a method for identifying whether posts submitted via 
 * mailhandler are acceptable based on the originating email address
 * and the corresponding user's membership of relevant OG groups
 *
 * see http://drupal.org/node/559524
 */
function og_mailhandler_nodeapi(&$node, $op, $a3=NULL, $a4=NULL) {
  switch( $op ) {
  case 'validate' :
    /* we need to validate if (1) this node may be an og content type (2) it has og_groups set */
    if ( og_is_group_post_type($node->type) && isset($node->og_groups) && !empty($node->og_groups) ) {
      // watchdog('og_mailhandler','Is an OG Group Post Type, and has groups assigned. Groups are: '.print_r($node->og_groups,1));
      if ( !isset($node->uid) || $node->uid == '0' ) {
        form_set_error('',"Rejecting submission from unrecognised email address.");
        watchdog('og_mailhandler','Rejecting OG group post from unknown email via mailhandler.');
      } else {
        $args['!uid'] = $node->uid ;
        $account = user_load($node->uid) ;
        foreach( $node->og_groups as $k => $gid ) {
          $args = array('!name'=>$account->name,'!gid'=>$gid) ;
          if ( !og_is_group_member($gid, TRUE, $account->uid) ) {
            // watchdog('og_mailhandler','UID'.$user->uid.' is a not member of Group '.$gid);
            unset($node->og_groups[$k]) ;
            watchdog('og_mailhandler',t('Post by !name to OG Group !gid is not allowed',$args));
          }
        }
        /* we've excluded groups this user can't post to. if there are none left, reject the post */
        if ( empty($node->og_groups) ) {
          // watchdog('og_mailhandler','Groups for this node is empty, so will drop it.');
          form_set_error('',t('Rejected post by !name',$args));
          watchdog('og_mailhandler',t('Rejected post by !name',$args));
        }
      }
    }
    break ;
  }
}
 

Patch against current CVS attached.

updated patch - applied to 6.x-1.x