In node permissions, I've given role A access to create nodes of type B, which is content in group type C. In OG permissions, I've given the non-member role access to edit fields in type B. Users in role A, outside any group, get a blank node add form, because og_field_access_field_access() returns FALSE for these fields. I would expect it to return TRUE, since the user is a non-member and non-members explicitly have access to edit these fields.
Looking at the code, og_field_access_field_access() is only granting access on new nodes based on the user's groups, so non-member access is never checked at all. That seems like a bug.
Comment | File | Size | Author |
---|---|---|---|
#1 | og-check_permissions_for_nonmembers-2064653-1.patch | 864 bytes | sreynen |
Comments
Comment #1
sreynen CreditAttribution: sreynen commentedThis patch checks for any non-member access to edit the field.
Comment #3
BeK27 CreditAttribution: BeK27 commentedIf there are any more ideas on how to fix this bug please let's start discussing.