I'm using Simple Access, which is working for other node types but when DiskNode is set to "Act as node" and the relevant roles are checked, all roles (including anonymous users) can see the DiskNodes.

If I convert the DiskNodes from "Act as Node" to "Page" or some such, then access control works as intended.

Brian.

Comments

Anonymous’s picture

Anonymous (not verified) commented

I'm not quite sure if this one is related, but the actual downloads seem not to be checked whether the user is allowed to see the file or not. I have the following setup:

Installed modules: OG, attached_node, disknode

Create a new disknode (right now, as BrianH pointed out, as a page or article – otherwise, the OG-audience-system will fail). Assign a non-public group to it. Try to access the node as anonymous user: You'll get "Access denied", as it should. Now embed this new node in a public node using attached_node. The new node will show up (which is attached_node's problem) and will display a link to download the file that works – which, IMHO, it shouldn't.

mooffie’s picture

mooffie commented

I had a quick look at the source code. hook_access() handles $op=='view' and by thus short-circuits the rest of Drupal's Node Access mechanism. It should be easy to fix.

Whatever, "Act as node" is a thing of the past. This module should be cleaned asap. It's 2008 already.

mooffie’s picture

mooffie commented
Assigned: Unassigned » mooffie
Status: Active » Fixed

Fixed.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.