Hi, I've found a particular bug on the rules integration. When you create a rule with "grant/revoke OP to rule", the content_access table is wrongly updated: instead of using:

"view", "view_own", "edit", "edit_own", "delete" and "delete_own"

the table is filled with the following strings:

"View any content", "View own content", "Edit any content", "Edit own content", "Delete any content" and "Delete own content"

The $params variable passed to the functions content_access_action_grant_node_permissions() and content_access_action_revoke_node_permissions() contains the wrong values.

It looks like the params contains the Label instead of the correct values.


Example of correct record:

a:6:{s:4:"view";a:4:{i:0;i:2;i:1;i:4;i:2;i:5;i:3;i:3;}s:8:"view_own";a:2:{i:0;i:4;i:1;i:3;}s:6:"update";a:2:{i:0;i:4;i:1;i:3;}s:10:"update_own";a:2:{i:0;i:4;i:1;i:3;}s:6:"delete";a:1:{i:0;i:3;}s:10:"delete_own";a:1:{i:0;i:3;}}

Example of wrong record:

a:6:{s:16:"View any content";a:3:{i:0;i:2;i:1;i:4;i:2;i:5;}s:16:"View own content";a:0:{}s:16:"Edit any content";a:2:{i:0;i:4;i:1;i:5;}s:16:"Edit own content";a:0:{}s:18:"Delete any content";a:1:{i:0;i:2;}s:18:"Delete own content";a:4:{i:0;i:1;i:1;i:2;i:2;i:4;i:3;i:5;}}


Files: 
CommentFileSizeAuthor
#5 content_access_rules.patch2.24 KBjjs
PASSED: [[SimpleTest]]: [MySQL] 32,682 pass(es).
[ View ]

Comments

I've done some tests. If I replace "View any content" with "view" in the $ca_settings variable before calling the content_access_save_per_node_settings() all will works fine:

    content_access_save_per_node_settings($params['node'], $ca_settings);

I suspect that the function which create the settings of the rule doesn't use the correct parameters.

I've noticed this same error.

After looking into this some more, simply changing the label doesn't fix the issue for me. It looks like the permissions aren't set properly in the content_access table.

Using the rule action "Grant content permissions by role" I allow the author to edit their own node. The following gets written to content_access for that node:

a:6:{s:16:"View any content";a:3:{i:0;i:4;i:1;i:5;i:2;i:3;}s:16:"View own content";a:4:{i:0;i:2;i:1;i:4;i:2;i:5;i:3;i:3;}s:16:"Edit any content";a:3:{i:0;i:4;i:1;i:5;i:2;i:3;}s:16:"Edit own content";a:4:{i:0;i:2;i:1;i:4;i:2;i:5;i:3;i:3;}s:18:"Delete any content";a:3:{i:0;i:4;i:1;i:5;i:2;i:3;}s:18:"Delete own content";a:3:{i:0;i:4;i:1;i:5;i:2;i:3;}}

The original author, however, did not get the ability to edit their own node. When I set the permissions using the Access Control tab on the node, the following gets inserted into the content_access table for the same node as above, which does allow the original author to edit that node.

a:6:{s:4:"view";a:3:{i:0;i:4;i:1;i:5;i:2;i:3;}s:8:"view_own";a:4:{i:0;i:2;i:1;i:4;i:2;i:5;i:3;i:3;}s:6:"update";a:1:{i:0;i:3;}s:10:"update_own";a:2:{i:0;i:2;i:1;i:3;}s:6:"delete";a:1:{i:0;i:3;}s:10:"delete_own";a:1:{i:0;i:3;}}

Indeed, you've to change the value stored on the DB...

StatusFileSize
new2.24 KB
PASSED: [[SimpleTest]]: [MySQL] 32,682 pass(es).
[ View ]

It seems the rules integration wasn't updated for the change to _content_access_get_operations(), which now provides both the database operation and the text label.

I've attached a patch (it's quick and not thoroughly tested) that should fix the problems. A couple strings may accidentally get run through t() twice (once in _content_access_get_operations() and once as $label), but it seems to work okay nonetheless.

Status:Active» Needs review

I'll check to see if this patch works.

The patch in #5 fixes my problem.

Status:Needs review» Reviewed & tested by the community

Status:Reviewed & tested by the community» Patch (to be ported)

Thanks for reporting & testing, I'll review it and commit.

Status:Patch (to be ported)» Fixed

Committed to the current dev version, thanks.

btw, never use t() with variable directly, instead use substitution more here.

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.