Jump to:
| Project: | Protected node |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | AlexisWilke |
| Status: | closed (fixed) |
Issue Summary
tolmi,
Okay... You're going to kill me on this one 8-)
I'm not too sure how it is doable because you have a session that's separate from the regular logged in user session to authorize the view of a node... Yet, I think that several of the problems I've seen listed would go away if we were to reprogram the software to use the GRANT system.
For instance, the GRANT could prevent the cache problem. And I'm pretty sure that the Search problem as mentioned by 2 users would go away too because the Search system would automatically understand the GRANT feature.
On top of that, any other module, such as the Views module, would automatically get it right. At this time, I'd bet that they would list all the nodes, whatever the content, to whomever has otherwise the right to see those nodes. (Of course, you could say that's an operator error... but the GRANT system should automatically fix the problem!)
If you're okay to consider the use of the GRANT system, then I'll look into it.
Note that Frank's idea can then be implemented in that way too.
Thank you.
Alexis Wilke
Comments
#1
They say my humor is killer but I never considered to use it in a malicious way. I'm just not that kind of person.
If you can take a look into it then I very much welcome a patch using the grant system.
#2
https://github.com/hefox/node_password; haven't touched it in ages, but could use it as an example.
#3
This is done. Tested with /node, rss.xml and a view and it works great.
This could be considered a security risk, although I'd bet most people did not mind to show the title of such nodes anyway. Now everything is hidden unless you at least have the 'access protected content' permission.
Thank you.
Alexis Wilke
http://drupalcode.org/project/protected_node.git/commit/f61c60d
#4
Automatically closed -- issue fixed for 2 weeks with no activity.