Posted by mariagwyn on February 14, 2010 at 7:39am
5 followers
| Project: | Advanced Book Blocks |
| Version: | 6.x-2.5 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | reviewed & tested by the community |
Issue Summary
I have a number of pages which I outline in a book, and which are only available to certain user roles. While the book pages themselves are inaccessible, these pages appear in the menu of advanced book blocks. Is there any way to automate whether links to these pages appear according to user role?
thanks,
Maria
Comments
#1
I was experiencing the same problem. I was using the book_access module, which uses the node access system. ABB was not respecting the permissions as specified in node access. I solved the problem for myself with the following change to the advancedbookblocks.module. Here is the diff against alpha1.
462a463,466> $node = node_load($book->bid);
> if (!node_access('view', $node)) {
> continue;
> }
This revision prevented books that book_access did not grant access to from showing up in ABB. I would imagine that this change would work for other modules that utilize node access, but I have not tested the same myself. By the way, the same revision worked against 6.x-1.9 for me too.
Kurt
#2
Kurt,
Would you mind providing this patch in the +/- format? I am not sure I follow the 462a463,466 notation - especially now that I might be changing the line numbers with the patch you suggest in http://drupal.org/node/729108
thank you
#3
I don't have a proper patch tool (on Windows here), but I was playing with this issue myself and can provide a bit more code context for the change.
I made the change to the end of the books_get_top_level function. The alpha1 code is this:
while ($book = db_fetch_object($result)) {if (!in_array($book->bid, $books)) {
$books[] = $book->bid;
}
}
return $books;
and the new code with the change suggested above is this:
while ($book = db_fetch_object($result)) {if (!in_array($book->bid, $books)) {
$node = node_load($book->bid);
if (!node_access('view', $node)) {
continue;
}
$books[] = $book->bid;
}
}
return $books;
Adding this change seemed to fix the problem I was having with the Book Access module.
#4
thanks, mpotter. very clear.
#5
I noticed that the patch in #3 above is no longer present, unless I am missing something. After installing 6.x-2.5, ABB was seriously misbehaving (showing books that should not have been seen, etc.) until I put the patch back in. Here is the patch again against 6.x-2..5 if you want it.
diff --git a/sites/all/modules/advancedbookblocks/advancedbookblocks.module b/sites/all/modules/advancedbookblocks/advancedbookblocks.moduleindex e2bd31b..52643f3 100644
--- a/sites/all/modules/advancedbookblocks/advancedbookblocks.module
+++ b/sites/all/modules/advancedbookblocks/advancedbookblocks.module
@@ -478,6 +478,10 @@ function books_get_top_level($d = NULL, $context = NULL) {
}
while ($book = db_fetch_object($result)) {
if (!in_array($book->bid, $books)) {
+ $node = node_load($book->bid);
+ if (!node_access('view', $node)) {
+ continue;
+ }
$books[] = $book->bid;
}
}
#6
The patch in #5 fixed an issue i was seeing where I was getting a phantom replica of a book in my block, ie. the book was appearing twice, but the second copy had a link to a different book that the user had no access to.
#7
the patch #5 solved this
http://drupal.org/node/1192594
Please commit!
Thanks!
#8
Changed the status
1,5 year old issue solved 1 year ago and not committed yet :(
#9
bump