Hi, I test last 7.x version, disabling view anonymous role to view some content types works ok. But if I start link to taxonomy eg. taxonomy/term/2 anonymous user can view teaser content. It's bug or feature? Thank you.

Comments

good_man’s picture

no I think it's a bug, anon. user shouldn't be able to see the nodes even if inside taxonomy term listing page.

bryancasler’s picture

subscribe

dooug’s picture

Subscribing. I also experienced this. I have restricted the "article" content type to be viewable only by the admin. However, when viewing a taxonomy page the teasers of the "article" content are showing up.

I agree with comment #1, this is most likely a bug. I am looking into it but not very familiar with this module.

UPDATE:
I enabled the views version of the taxonomy page, and this works as expected. This is a temporary workaround.

mjgruta’s picture

Hi, I also have problems with Taxonomy and Content access.

Content is missing on Visitors when using Taxonomy term views with pager.
Pager is showing but not the content queried.
When logged in as admin, everything is showing and working properly.

I tried enabling pager on other views and everything is showing.
I tried "Display all items" and all the content queried showed without any problem.

See my post on views module
#1089146: Content missing on Visitors when using Views Taxonomy Term with Pager

mjgruta’s picture

Component: Miscellaneous » Code
Priority: Normal » Critical
shadowmihai’s picture

subscribe

BenK’s picture

Subscribing

cnolle’s picture

I am experiencing somewhat the same problem. Content Access is not showing nodes that should be available on taxonomy/term pages if you are not logged-in as admin. The nodes are showing up just fine in a normal view. It should be noted that these taxonomy/term pages are views overriding the default taxonomy/term listing using Panels.

Firewolf’s picture

Subscribing. Same problem.

Test system: Drupal 7.0 + Content Access 7.x-1.x-dev (2011-Feb-25). For the moment no other modules on this system.

good_man’s picture

Issue tags: +Release blocker

comment #4, related issue #1115794: Conflict with views module

georgemastro’s picture

subscribe

good_man’s picture

The problem is deeper than I thought, the query in taxonomy.module don't check node_access correctly IMO. I'm trying to digg into the database layer to see why it's not behaving as it should do.

00trav’s picture

subscribing

good_man’s picture

Status: Needs review » Active

Reported the issue in core queue [#1192196]

Bitnetix’s picture

Here's what we see (which, I believe, is what everyone else sees):

We have a taxonomy vocabulary called "Clients." Each client has a term in that vocabulary (ACME Corp, Kodak, Sony, etc). Each client then has sub-terms for various things like contracts, billing, proprietary information, and so forth.

We have a login that our consultants use to gain access to private content on the site (which is not yet live, thank goodness). A menu link using Views is made to point to the Client Info taxonomy so consultants can get through to the pieces they need to look at.

If an anonymous user tries to go to the URL for the client-info, then they get an access denied. But if they go through to the specific URL for the taxonomy term, say /taxonomy/term/123, then the page is shown.

This is incorrect behavior and the page should never be shown to anonymous users. I'm glad that they have to first know the URL to get to it, but guessing taxonomies in Drupal is not hard.

Drupal 7.2
PHP 5.3.2
Content Access 7.x-1.x-dev

maciej.zgadzaj’s picture

Status: Active » Needs work

Reporting same problem as in #8.

Using Drupal 7.2 + Views 7.x-3.x-dev + Content Access 7.x-1.x-dev, with default "Taxonomy term" view provided by Views overriding Drupal's native taxonomy/term pages, and experiencing the same issue - nodes (which are otherwise accessible directly, and visible in views not using taxonomy terms) are not visible for anonymous visitors in view with contextual filters set up us "Content: Has taxonomy term ID (with depth)" + "Content: Has taxonomy term ID depth modifier". The same nodes are visible though for main admin (uid = 1).

After disabling Content Access module (which I don't actually need that much at the moment) everything is back to normal, view works correctly once again and anonymous users see all nodes in question as they should.

good_man’s picture

Status: Needs work » Needs review

Okay guys, now Drupal 7.3 & 7.4 fixed that issue in core, I need you to retest, this bug now should be gone forever :)

maciej.zgadzaj’s picture

Status: Active » Needs review

Enabled Content Access again, and all seems to be fine now - I can see all relevant nodes on my Taxonomy Term view. So, for me it's ok, but my site's config has been evolving slightly over all that time, so I'd rather prefer not to be an ultimate confirmation of resolving the issue... Perhaps someone else having the problem before could comment as well?

Edit: Ah, no, sorry, scratch that, forgotten that it was not showing for anonymous/non-admin users (actually, I do not have any other users on the site than the main admin). And it's still the same - once Content Access is enabled, the nodes are not showing in the view.

good_man’s picture

@maciej.zgadzaj: This issue needs Drupal 7.3 or 7.4 AND latest Views dev version, not 24 June but after 28 Jun. Exactly this issue #1201908: Taxonomy filter with depth generating incorrect results because of core subquery bug

maciej.zgadzaj’s picture

Ah, actually you're right, I have updated Drupal to 7.4 and Views too yesterday, but it was to the most recent rc1 version, not dev... Tried today's dev right now, and yes, everthing's fine. Thanks!

karilu_ec’s picture

I had the same issue. After updating to drupal7.4 and latest dev views fixed the problem

good_man’s picture

Status: Needs review » Fixed
Issue tags: -Release blocker, -taxonomy

cool thanks a lot @maciej.zgadzaj and @karilu_ec very happy to hear it's fixed for you :)

ChoY’s picture

The problem still contiunue in my case - the node viwe seems well protected from anonymous view - but then when I call the term page link used with the the node everythuing is open and hitchhiked by google bots for public view! With other words - Using content access and a taxonomy vocabular together you have no content access control at all!

BenK’s picture

@ChoY: Are you using the latest -dev version of views? From what date?

ChoY’s picture

views 3.0 rc 1 is still running with a bug (don't show users role) - I use the views dev - just updated to the last version from 13.7. let's see how it works now …

good_man’s picture

@ChoY: please read the issue carefully, and update Views to latest dev, and Drupal core to 7.3 or 7.4. If you still have an issue with it, reopen this issue AND write the steps how to reproduce it.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

TravisJohnston’s picture

Status: Closed (fixed) » Active

Sorry but creating a new ticket isn't worth it. I am having this same issue and Content Access is disabled and Views pager is set to All....

I have a views page that lists out a bunch of skill terms. Only the administrator can see the results. Permissions is set to None.

Drupal is 7.22
Views is 7.x-3.7

I've tried many different permission tweaks, tried enabling the taxonomy term view, no luck.

gisle’s picture

Issue summary: View changes
Priority: Critical » Normal
Status: Active » Closed (outdated)

This issue has not received any updates in the previous 7 years. If you believe it to still be relevant, you are encouraged to reopen the issue and update it.

If you got an email about this Issue status update, it is because you at one time (possibly a very long time ago), subscribed to it. To learn how to unsubscribe yourself, please visit: https://www.drupal.org/project/webmasters/issues/3142987