In node permissions, I've given role A access to create nodes of type B, which is content in group type C. In OG permissions, I've given the non-member role access to edit fields in type B. Users in role A, outside any group, get a blank node add form, because og_field_access_field_access() returns FALSE for these fields. I would expect it to return TRUE, since the user is a non-member and non-members explicitly have access to edit these fields.

Looking at the code, og_field_access_field_access() is only granting access on new nodes based on the user's groups, so non-member access is never checked at all. That seems like a bug.

Files: 
CommentFileSizeAuthor
#1 og-check_permissions_for_nonmembers-2064653-1.patch864 bytessreynen
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch og-check_permissions_for_nonmembers-2064653-1.patch. Unable to apply patch. See the log in the details link for more information.
[ View ]

Comments

Status:Active» Needs review
StatusFileSize
new864 bytes
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch og-check_permissions_for_nonmembers-2064653-1.patch. Unable to apply patch. See the log in the details link for more information.
[ View ]

This patch checks for any non-member access to edit the field.

Status:Needs review» Needs work

The last submitted patch, og-check_permissions_for_nonmembers-2064653-1.patch, failed testing.