When a non-admin user wants to edit the report criteria from a webform-report, he got the next error :

user warning: Column 'nid' in field list is ambiguous query: SELECT DISTINCT nid, title FROM node n WHERE type = 'webform') in /srv/www/htdocs/cms/sites/all/modules/webform_report/webform_report.inc on line 11.

And i've got no webform to select in de selectwebform dropdown list.
An admin users doesn't get this error and the dropdownlist will be filled with webforms.
So i was thinking about a permission issue, i grant the role of my non-admin user all the possible permissions of the webform_report module. Still tesame error.

So a changed line 11 from this
$result = db_query(db_rewrite_sql("SELECT nid, title FROM {node} n WHERE type = 'webform'"));
to this
$result = db_query(db_rewrite_sql("SELECT n.nid, n.title FROM {node} n WHERE n.type = 'webform'"));

And the error disappeared and i've got the webforms available in the webform dropdownlist.

Is this a good solution for this problem ? Or maybe i'm doing something terrible wrong or is there another and better solution.
Please let me know

CommentFileSizeAuthor
#4 754014-1.patch2.35 KBjimbullington
#1 754014.patch1.98 KBjimbullington

Comments

jimbullington’s picture

jimbullington commented
StatusFileSize
new 754014.patch1.98 KB

Thank you for reporting this and for providing a fix.

I've attached a patch that incorporates your fix, fixes a similar query later in the module and incorporates a small fix from Issue 297751 which involves an anonymous user query run through db_rewrite_sql() as well.

Let me know how it goes.

jimbullington’s picture

jimbullington commented
Status: Active » Needs review

Set correct issue status...

pbosmans’s picture

pbosmans commented

I'm glad i was for any help.

The first part of the patch worked for me, thanks
Can anybody explain why this has failed for a non-admin user and not for a admin user ?
What is the difference between the 2 queries ?

The second part gives me warnings for anomyous users on our front page.
On our front page we display a list of our public organic groups (og).
With the second patch part we get 2 user warnings :

* user warning: Unknown column 'n.type' in 'where clause' query: SELECT COUNT(*) FROM (SELECT DISTINCT node.nid AS nid FROM node node LEFT JOIN og og ON node.nid = og.nid INNER JOIN users users ON node.uid = users.uid INNER JOIN node_access na ON na.nid = node.nid WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 0 AND na.realm = 'content_access_author') OR (na.gid = 1 AND na.realm = 'content_access_rid') OR (na.gid = 0 AND na.realm = 'og_public'))) AND (n.type <> 'webform_report') AND ( (node.status <> 0) AND (node.type IN ('group')) AND (og.og_directory <> 0) )) count_alias in /srv/www/htdocs/cms/sites/all/modules/views/includes/view.inc on line 739.
* user warning: Unknown column 'n.type' in 'where clause' query: SELECT DISTINCT node.nid AS nid, node.title AS node_title, og.og_description AS og_og_description, users.name AS users_name, users.uid AS users_uid, (SELECT COUNT(n.nid) FROM node n INNER JOIN og_ancestry oga ON n.nid = oga.nid WHERE n.status = 1 AND oga.group_nid = og.nid) AS post_count, (SELECT COUNT(*) FROM og_uid ou INNER JOIN users u ON ou.uid = u.uid WHERE ou.nid = og.nid AND u.status > 0 AND ou.is_active >= 1 AND ou.is_admin >= 0 ) AS member_count, node.created AS node_created, og.og_selective AS og_og_selective FROM node node LEFT JOIN og og ON node.nid = og.nid INNER JOIN users users ON node.uid = users.uid INNER JOIN node_access na ON na.nid = node.nid WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 0 AND na.realm = 'content_access_author') OR (na.gid = 1 AND na.realm = 'content_access_rid') OR (na.gid = 0 AND na.realm = 'og_public'))) AND (n.type <> 'webform_report') AND ( (node.status <> 0) AND (node.type IN ('group')) AND (og.og_directory <> 0) )ORDER BY node_created DESC LIMIT 0, 90 in /srv/www/htdocs/cms/sites/all/modules/views/includes/view.inc on line 765.

So i've undoing this and the problem was gone.
- if ($primary_table != 'n') {
+ if ($primary_table != 'n' && $primary_table != 'node') {

This is very strange.

jimbullington’s picture

jimbullington commented
StatusFileSize
new 754014-1.patch2.35 KB

Thank you for the feedback - would you be willing to try another patch?


The first part of the patch worked for me, thanks
Can anybody explain why this has failed for a non-admin user and not for a admin user ?
What is the difference between the 2 queries ?

The way I understand it, the difference is in the user's access. The Drupal security team requires that modules that produce lists of nodes to anonymous users pass the queries through db_rewrite_sql() in order to restrict access to nodes that the user may not have access to. In the case of an administrator, since the user has access to all nodes, the sql is not modified. For an anonymous user, the sql is usually modified by all modules that implement hook_db_rewrite_sql(). In the case of webform_report, the hook_db_rewrite_sql() function checks for 'access webform reports' access and if the user does not have this access, appends a where clause 'n.type <> 'webform_report' to the query. This will cause webform_report nodes to be removed from the list of nodes, since the user doesn't have access to them.


The second part gives me warnings for anomyous users on our front page.

This will hopefully be corrected in the attached patch.

Hope all of this helps. Thanks for testing the patches - I do not have a good test bed setup for anonymous user testing as of yet.

pbosmans’s picture

pbosmans commented

It all works now.
Thanks for the patch.

jimbullington’s picture

jimbullington commented
Status: Needs review » Fixed

Committed patch - thanks for your help!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.