I just installed tac lite to restrict access to some nodes on my site.
(Nearly) all nodes reappear after editing and saving them, but wikipages.

Anonymous users cannot access any wiki pages although there no page is added to the corresponding taxonomy.

Comments

Dave Cohen’s picture

is there a 'view' permission for that node type? And if so does anonymous have permission to view?

Can you download the devel module, then install devel_node_access, then add the devel_node_access block to your theme footer, then visit one of these wiki pages, and post here what is shown in the block? (Sounds like a lot to do buts its not so bad).

Or, post the result of this query (essentially the same things):

SELECT * FROM node_access WHERE nid=0 OR nid=WIKINID;

WIKINID is the node id of your wiki page.

Thanks.

freeborg’s picture

Thanks for the hint. I observed the database table and here's what I found out:
- When saving non-wiki nodes, node_access got an additional entry added with the tac_lite realm.
- Wiki nodes, however only get this entry added, if I explicitely select one of the topics != . When reverting to , the database entry gets deleted.

I don't know which behaviour is preferred, but I now introduced a topic for anonymous access and this works for me. If it is a bug, I'd be glad to test some patches (or provide some, if you give me a hint on where to look).

However, here are the relevant table entries:

+-----+-----+-------------+------------+--------------+--------------+
| nid | gid | realm       | grant_view | grant_update | grant_delete |
+-----+-----+-------------+------------+--------------+--------------+
|   0 |   0 | all         |          1 |            0 |            0 |
|   4 |   1 | wiki_access |          1 |            1 |            1 |
|   4 |   9 | tac_lite    |          1 |            0 |            0 |
+-----+-----+-------------+------------+--------------+--------------+

Cheers...

Dave Cohen’s picture

Status: Active » Fixed

I do not understand your comment. I think the HTML filter deleted parts of it. Or I'm just too tired to make sense of it.

Anyway, you seem to use both wiki_access and tac_lite. tac_lite would normally make a wiki node visible to all - if there is no specific privacy set. However, some specific privacy is set by wiki_access, so tac_lite does not add an entry as that would defeat whatever wiki_access is trying to do. Tac_lite is trying to play nice with the other node_access modules. Your problem is that wiki_access is preventing anonymous users from viewing the node.

Your solution, to explicitly grant access to anonymous users sounds like it will work fine. But it is generally unpredictable to have two access control modules working concurrently. Keep devel_node_access enabled, you may need it.

Anonymous’s picture

Status: Fixed » Closed (fixed)