I just thought of how to accomplish this today, and wonder if we should bother.

We could have an advanced setting that says "Force node access rules on admins" and, if set, we would run db_rewrite_sql() for user 1 and users with 'administer nodes' (only).

Thoughts?

CommentFileSizeAuthor
#10 615294-enforce-d5.patch2.54 KBagentrickard
#2 615294-enforce.patch2.52 KBagentrickard
#1 615294-enforce.patch2.45 KBagentrickard

Comments

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Priority: Normal » Critical
StatusFileSize
new 615294-enforce.patch2.45 KB

Here's a patch. I think this will lessen support requests considerably.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
StatusFileSize
new 615294-enforce.patch2.52 KB

Better patch.

voxpelli’s picture

voxpelli commented

Seems like a good idea - can sometimes be confusing for the admins today when it's not enforced

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

The only issue is that I am only enforcing DA rules, so if you have two access control modules, it isn't perfect.

skizzo’s picture

skizzo commented

is the patch designed for 6.x-2.x-dev only? It appears to apply against my 6.x-2.0-rc9 installation (no other access control module), but then user 1 can still access any node from any domain... I think that an advanced setting option would be useful, as under some circumstances the current behaviour might be desirable (e.g.: monitoring activities across domains).

[domain]# patch < 615294-enforce_0.patch          
patching file domain.admin.inc                                  
patching file domain.module                                     
Hunk #1 succeeded at 2086 (offset -172 lines).
agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

It should work for user 1. There is a configuration option you have to toggle.

The setting is right under 'debug mode' in the form.

skizzo’s picture

skizzo commented

Got it, and it's working fine for me. I guess that for new installations the setting would default to "Restrict node views for administrator", so to reduce support request.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

No, it defaults to FALSE, since this alters core behavior. The documentation will indicate how to enable it.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Needs review » Patch (to be ported)

Committed to HEAD.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
StatusFileSize
new 615294-enforce-d5.patch2.54 KB

D5 version.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Patch (to be ported) » Fixed

Committed to D5.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.