hi,
i'm using Domain Access and Workflow, and i'm having problems with different workflow states for different domains. Eg.: in my case, each domain can have its own state defined, so i copied 2 tables in DA: workflow_node and workflow_node_history.
These tables are getting updated normally, when i check at the database, sid values are right. But when i try to view as anonymous user that node in one domain checked to invisible status, it is actually visible, because the status, independently of the domain is always the last one modified.
I tried to hard code the function workflow_node_current_state($node) to get the the sid from DA doubled table, but even so it's getting the last modified state.
How can i configure to be able to have two grants:
1 - the DA permission to see the node at one domain
2 - the role permission to see a workflow state
Thanks,
Carlos
PS:
it's also related to this post:
http://drupal.org/node/564318#comment-2391898
Comments
Comment #1
agentrickardNo idea.
Comment #2
carvalhar commentedsorry, but i'm stuck on this problem.
i think it's all about node access api, the "or" problem. but i'm already using modules grants and grants aren't respected as i'd like.
i need a node access control that only DA can't help, so what do you suggested?
is there a way to use DA module with another node access module, as workflow, private, tac, nodeaccess etc?
Could you recommend one?
any idea?
thanks,
Carlos
PS: i found your video about "Using Node Access" at DrupalCON Szeged, nice explanation :)
Comment #3
agentrickardThe best way is to use hook_domainrecords() and hook_domaingrants() to write custom logic to handle your grants as you see fit.
You could also try the provided multiple_node_access.patch file. The problem, essentially is that the Node Access API doesn't support using two node access modules at the same time. Module Grants tries to solve that problem, but there really isn't a solution, AFAIK.
The table prefixing idea is a nice try, but probably unreliable, because it is entirely dependent on the domain from which the node is saved / viewed.
You probably need to adjust your requirements to what Drupal can actually support. You could also try Domain Access Advanced, which uses db_rewrite_sql() instead of node access, but that module has known issues and I do not support it.
Comment #4
agentrickardWithout looking at the Workflow code, here's what seems right to me. Put this in a custom.module file (with proper custom.info):
This would allow editors to edit and delete the node, but not allow users to View it unless the workflow state was approved.
Working out the workflow state logic I leave to you.
Comment #5
carvalhar commentedhi,
i tried this solution with a custom module but it didn't work.
i think every node is getting visible because of domain_all, at least trough devel node access module i saw only domain_all giving a true value for view.
I'm using module grants also, and i tried with deny option, but not fine... and no advance with da advanced either.
ah, i know that you don't like, but i tried also changing priority in grants array, but i think domain_all has a special type of priority, because it doesn't get affected.
i found an alternative solution with tac lite and rules, but it gives me a headache with search module...and i'm not sure it's 100%.
howso... can i control domain_all view grants? is there a way?
thanks,
carlos
PS: my devel node access table for hidden node shows:
Comment #6
agentrickard'domain_all' is set specially and never exposed to hook_node_access_records().
See the documentation on 'special page requests' for how 'domain_all' works. (README.txt section 4.5).
You can disable 'domain_all' be emptying the 'special page requests' settings and deselecting the 'search all content from any domain' option, both on the DA settings page.
Comment #7
carvalhar commentedi tried it, also i tried unchecking cron option, but no effect.
domain_all is there yet, giving view permission, even rebuilding them.
can i change domain_all in the function on comment #4? does it exists and can be changed in $grants array?
thanks,
Carlos
Comment #8
agentrickardNo, you can't. It only gets set if
domain_grant_all()returns TRUE. If that is TRUE, then the rest of domain_node_grants() is ignored.See lines 1254-1264 of domain.module.
Now, if you are using Domain Access Advanced (and forgot to mention it), then I can't assist you.
Comment #9
agentrickardAnd it doesn't matter if 'domain_all' is in the {node_access} table. What matter is if it is in the $grants array returned by hook_node_grants().
And it should not be, unless there is a mistake in domain_grant_all() somewhere that we haven't caught before. Check there.
Comment #10
carvalhar commentedhi,
devel module print this information:
Anonymous (user 0) can use these grants for view access (if they are present above):
* all: 0
* domain_site: 0
* domain_id: 3
* private_author: 0
is it $grants? i'm not sure how to print its value. i tried this function but it didn't work:
function custom_node_grants($account, $op) {
echo "
"; print_r($grants); echo "Comment #11
agentrickardGrants are gathered by the node_access_grants() function (in node module).
You can view grants for a page using Devel Node Access.
Comment #12
carvalhar commentedsorry to ask it again, but i'm a lost with node access....
how could i find the last time $grants array is called and them (with some specifics if statements for my case) remove a grant for domain_all ? where is the function that sets $grants? when is it called the last moment?
could you point me where in domain access module domain_all is set?
and...is this function called just once or it runs multiple times?
thanks
Carlos
Comment #13
agentrickardI already have. See #8.
Comment #14
agentrickard