Closed (cannot reproduce)
Project:
Rate
Version:
7.x-2.x-dev
Component:
User interface
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
13 Dec 2010 at 10:39 UTC
Updated:
30 Mar 2012 at 14:36 UTC
Hello,
I enabled this fantastic module for a content type, but when I click on any of the thumbs in a thumb up down widget, I am redirected to a user page saying you must login.
But I am logged in as admin.
Comments
Comment #1
bertboerland commentedcould you provide us with more information since this is rather odd. what other modules have you installed? how is rate configured? what if you log in after the message (even if you were logged in as admin)?
Comment #2
weka commentedI am unable to replicate this behavior. Please reopen if you are still experiencing the problem and try to provide more details.
Comment #3
giorgio79 commentedSeems to be related #1110786: 404 after login on redirected page "You must login before you can vote"
I figured it out meanwhile:
I checked my widget settings, and for some reason, in the permissions only Anonymous was enabled. After enabling authenticated it started working again :)
Comment #4
aacraig commentedThis error still exists in D7 as well. If you are the admin user (ie, uid == 1), then it is possible that you get denied voting privileges in _rate_check_permissions(), because that function only checks the user's roles. While technically correct, it doesn't respect the common practice that the admin user has permission to do anything on the site and doesn't have to pass any permissions check.
If the admin user isn't specifically part of a role that has permission to vote (in the OP's case, that is authenticated user, but it could be any role that the admin isn't in) then permission will be denied.
In my particular case, only users of a certain role may vote, so the authenticated role is not checked. Therefore, my admin user (who is only an authenticated user) may not vote.
To replicate this error on a fresh install, create at least one role (I'll call it 'voters'). Make sure your admin user is NOT a member of the voters role.
Create a thumbs up/down widget (thought behaviour will be the same for all widgets that test permissions with _rate_check_permissions()) and allow voting ONLY with the 'voters' role.
Try to vote as the admin user.
This can be easily fixed by adding the test $user->uid == 1 at the top of the function, like:
While there is a valid argument to say that the function works as it should and only users specifically associated with a role that can vote should be allowed to vote, it is common for site administrators to assume that the admin user has access to everything.
Comment #5
aacraig commentedThe page didn't show my previous post after saving it, so I thought it hadn't gone through.
Removing repeated post.