I'm marking this as a feature request, because I don't want to call this a bug, though from my perspective it equates to one (and possibly is one, pending the ACL review).

Essentially there is a 'conflict' or 'incompatibility' - neither words are very appropriate but that's the only ones I can come up with now - between the Catalog Taxonomy terms view of Ubercart, uc_catalog, and the ACL module (in my case required by Forum Access, to provide private forums to our site). As soon as the ACL module is present Anonymous users lose the uc_catalog view, making it impossible for them to browse the catalog.

No amount of tweaking of the uc_catalog View (permissions or roles) could resolve the matter for me, so I'm not sure there is anything the ubercart team could solve in the next version, but well I'll leave to someone more competent to assess whether that is possible in any way.

The only way for me to resolve this matter (short of killing our private forums... or enable 'Bypass content access control' for Anonymous users in Drupal permissions tab, err not really a viable option for obvious reasons) was to install a further module to control access to taxonomy, for example http://drupal.org/project/tac_lite

To me the bottom line though is that basic control access of nodes and taxonomy should not be separate from the ACL module. I understand it is an API, but, IMO, that's a major pitfall of the ACL module and can only lead to users frustrations.

So I'd really like to pitch the idea of including basic code for nodes and taxonomy access control through a rudimentary UI, or partner with Content Access and TAC (or TAC lite though those 2 seems to have plans to merge in the future). At the very least TAC and TAC lite should be mentioned on the ACL project page, which was my first port of call and would have helped save me a few hours.

Anyway, please review the suggestion and see what's most appropriate, but right now the situation is not ideal for those of us who dabble into access control, particularly those who load up ACL based on requirement of another module and for who the relation with taxonomy is not obvious ;-)

Comments

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented
Status: Active » Postponed (maintainer needs more info)

Please post screenshots of DNA's debug mode and both blocks, according to the instructions that were displayed when you created this issue. Without that information we have no idea of what is going on.

RogueM’s picture

RogueM CreditAttribution: RogueM commented

sorry, but I have no idea what you are asking me... ubercart catalog pages are NOT nodes, they are taxonomy terms. I have just checked now to be sure and as I suspected there are no NDA information on these pages, I only get this info on Products (which are nodes) but that has never been my problem.

Apart from pointing you to one of the catalog page, for example http://www.bushido-thegame.com/catalog/25 I'm not sure how I can help. Note that the site is live and problem solved so the page will appear correctly to Anonymous users.

... anyway unless you tell me how the instructions you referred me to apply and can be followed that's the best I can do!

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

Hmm, I don't understand what the nature is of the "'conflict' or 'incompatibility'".

As soon as the ACL module is present Anonymous users lose the uc_catalog view, making it impossible for them to browse the catalog.

Why is that so? I can't think of how ACL could have any effect on a listing of taxonomy terms. ACL does not deal with taxonomy at all.

RogueM’s picture

RogueM CreditAttribution: RogueM commented

well, perhaps there is a bug in Forum Access, I don't know. But simply turning on or off ACL would respectively create or solve the problem for me. That was before I even understood that the problem was with the Taxonomy terms that form the UB catalog, so no voodo on my part at any point. As soon as I installed TAC, and set appropriate permissions on the catalog terms for Anonymous users then my shopping cart functioned again.

From my perspective, whether it is an ACL or Forum Access database change, or something else that came with the pair, that resulted in the problem it is irrelevant, I installed ACL as a requirement for Forum Access. I haven't filed this as an ACL bug in any case, what I'm suggesting is that TAC (lite) be listed on the project page in the same way a Content Access or Forum access.

... and that you consider adding rudimentary functionality to address content/taxonomy permissions, but I know that's a long shot. If you think that I'm barking up the wrong tree, still I think you should talk to the peeps at Forum Access because ACL+Forum Access = broken UB catalog. The same has been reported for other content control modules in the UB issue trackers so I think it's likely ACL is part or fully the problem.

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

You're saying that enabling ACL, even without enabling FA will cause this problem?

FA does actively work with taxonomy (the forum structure is a vocabulary), and I could imagine having an interference there, but ACL is completely ignorant about taxonomy.

FA and CA actively use ACL, that's why they're listed on ACL's front page. AFAIK, TAC is ignorant about ACL, except that they share the node access mechanism, like any two well-behaved node access modules do.

adding rudimentary functionality to address content/taxonomy permissions

No, that's not the way to go. Client modules use ACL to provide a service to manage and apply per-user access control. They rely on ACL doing exactly what they tell it to do. If ACL provided a UI for the user to muck with its data, then those client modules would break. No one would want to use an unreliable ACL module.

The same has been reported for other content control modules in the UB issue trackers

Please give me some pointers. We need to understand the problem before we can try to come up with a solution.

RogueM’s picture

RogueM CreditAttribution: RogueM commented

"You're saying that enabling ACL, even without enabling FA will cause this problem?"

yes that's correct. But I have not tried to clean the database from the forum access entries, so I do not know for sure whether ACL ALONE would create the problem. But it does after the initial db changes done with FA. To clarify:

DP7.2+all modules required for our site
+ Forum Access (ACL required)
= problem

If you turn off the FA module but not ACL, the problem persist (cleared cache, etc)
If you then turn off the ACL module, the problem goes away
Re-enable just ACL and it comes back

All these were established (repeatedly and with 100% reproducibility) when I had no other content control module enabled, I did not know what ACL was until I installed FA in fact.

In respect to other similar problem, there are these entries:

http://drupal.org/node/1189098 which is mine (you may get extra details but I don;t think so, it's mostly a copy/paste)
and
http://drupal.org/node/1136732 which started as an almost identical issue with OG, but apparently can be reproduced with many (any) content control module + ACL

As you can see from the first thread, the UB coder seem to think that it could be a bug in Views. I woud disagree based on my own experience trying to get to the bottom of it, but he may be correct, I should don't see why TAC would solve the problem if it had to do with Views (but I'm not a programmer).

I hope this helps.

Docc’s picture

Docc CreditAttribution: Docc commented

I have a simalair problem.

Enabling ACL will cause the (the default shipped with views) taxonomy_term view to te be inaccessible by anonymous users.
Though i do see the pager, the rows arent shown to the user. This only happens on this particular view.

Other views without the term contextual relationships do not seem to be affected.

ps this is ACL installation only without FA or other ACL dependant modules

EDIT: http://drupal.org/node/754906

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

And, did updating Views to the latest -dev version help?

#754906-74: Views pager disappear if I use an argument

Docc’s picture

Docc CreditAttribution: Docc commented

no it didnt. Disabling sql alter for the view did work. Though that should be considered as a temp fix.

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

"Disabling sql alter" — what is that? I've never heard of that.

RogueM:

"You're saying that enabling ACL, even without enabling FA will cause this problem?"

yes that's correct. But I have not tried to clean the database from the forum access entries, so I do not know for sure whether ACL ALONE would create the problem.

Cleaning/uninstalling is not necessary. Just do the [Rebuild permissions].
The next logical step is to disable ACL and enable any other node access module, e.g. Content Access.

I'm pretty sure that you'll find that CA (or any other node access module) will produce the same effect that ACL does...

Docc’s picture

Docc CreditAttribution: Docc commented

Views 3 has the option to disable SQL rewriting on a view

Disabling SQL rewriting will disable node_access checks as well as other modules that implement hook_query_alter().

RogueM’s picture

RogueM CreditAttribution: RogueM commented
Status: Postponed (maintainer needs more info) » Fixed

my initial issue having been resolved through a Views module code change, I am closing this. All seems to work as intended out of the box now, with the proviso of an up-to-date Views.

I will however still advocate adding TAC to the project page, where it says: "We're aware of the following modules using ACL (let us know if you know of others)

salvis’s picture

salvis
he/his
CreditAttribution: salvis commented

Are you referring to TAC or to TAClite? Does it really use ACL?

I thought it had a somewhat beneficial effect, but wasn't actually using ACL...

RogueM’s picture

RogueM CreditAttribution: RogueM commented

TAC lite (TAC isn't DP7 yet). and point taken, it does not depend on ACL and presumably makes no use of it.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.