Setting node to "Private" does not limit view access.
| Project: | Coherent Access |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
The documented functionality:
# They may add viewers. As soon as one user is added to the view list only those listed in the view and edit lists as well as the author may view the node
# For author-only editing and viewing it is expected the author will un-publish a node
Leads me to believe that after the "Private" button is checked and at least one user is added to the viewers list that the node should only be viewable by the author and the users in the viewers list. This is not the case however. As expected if "If checked new nodes will default to private." or "Trust editors" are checked or un-checked in admin/settings/coherent-access this is behavior persists. I don't see any permissions in admin/user/permissions that would be causing a conflict here.
If this is expected behavior, maybe this is just a documentation bug. Can anyone advise?
#1
edited: This was all a configuration issue on my end.
There are a few things I learned in my debugging process. Access control modules permissions for a node and the requested operation (view, update, delete, etc.) take effect after checks for "administer nodes" permissions, and checks for hook_access() ("edit story content", "edit own story content", etc).
Two things should be noted when setting up this module.
1) Make sure you don't have any node permissions ("edit story content", "edit own story content", etc) set up that will determine whether or not a user can access a node before coherent access steps in.
2) Make sure you rebuild node permissions after you install the module. This step is crucial.
#2