Closed (fixed)
Project:
Module Grants
Version:
6.x-3.4
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Reporter:
Created:
10 Oct 2009 at 19:04 UTC
Updated:
4 Mar 2010 at 01:40 UTC
Jump to comment: Most recent file
Module Grants implements replacement for node_access() function but that function is used only for single node view. Node access in listings is processed with db_rewrite_sql() function. Since Module Grants doesn't work with that function, node listings access remains default. That means node listings may show nodes which will be denied access when accessed directly.
More information: comment of node_access() function and http://www.advomatic.com/blogs/marco-carbone/using-multiple-node-access-...
| Comment | File | Size | Author |
|---|---|---|---|
| #6 | module_grants_db_rewrite_sql.patch | 2.71 KB | mcarbone |
| #4 | module_grants_db_rewrite_sql.patch | 2.63 KB | mcarbone |
Comments
Comment #1
crea commentedComment #2
mcarbone commentedI've added an issue for Drupal 7 to make sure this isn't a problem there as well with the new alter functions: http://drupal.org/node/603540
As for D6, the solution is to add a hook_db_rewrite_sql like that commenter mentioned in my blog post. I may have time to look at this down the road but can't in the immediate future.
Comment #3
guillaumeduveauIt's not critical but it makes the module quite useless ATM if you want to build a TAC + Workflow restricted areas site
Comment #4
mcarbone commentedHere's a patch that implements a hook_db_rewrite_sql for module_grants. The tricky part was getting it to work for the lenient configuration, which I was able to do with a subquery. If someone can come up with leaner SQL to accomplish, please provide.
Comment #5
mcarbone commentedAck, this is not working on further testing.
Comment #6
mcarbone commentedOK, I fixed the bug. module_grants_db_rewrite_sql now adds two subqueries per node access module if lenient, one per node access module if strict. Again, suggestions for leaner SQL are welcome. (I'm beginning to see why Drupal went with the whole OR grant thing.)
Comment #7
rdeboerThanks for the patch mcarbone! This is has been checked into the repository and is available for testing in development snapshots dated 10 Nov 09 or later.
Rik
Comment #9
henkiejan commentedHello,
There's a missing db-prefix for the node_access-table in the patch in this line:
$grants[] = "(" . $lenient_subquery . "(SELECT COUNT(1) FROM node_access nasq WHERE na.nid = nasq.nid AND ($module_grants)) > 0)";
That gave me quite some sql-errors in menu.inc and view.inc.
Erik Greve
Comment #10
rdeboerThanks for reporting this typo Erik!
Will have this corrected in the upcoming 6.x-3.0 version due later this week.
Comment #11
rdeboerFixed in 6.x-3.x (16 Dec).
Comment #13
smartinm commentedI think
_module_grants_node_access_where_sqlshould also check the universal "all" grant as_node_access_where_sql:Comment #14
rdeboerThanks!
Checked into repository as shown in #13.