In node permissions, I've given role A access to create nodes of type B, which is content in group type C. In OG permissions, I've given the non-member role access to edit fields in type B. Users in role A, outside any group, get a blank node add form, because og_field_access_field_access() returns FALSE for these fields. I would expect it to return TRUE, since the user is a non-member and non-members explicitly have access to edit these fields.
Looking at the code, og_field_access_field_access() is only granting access on new nodes based on the user's groups, so non-member access is never checked at all. That seems like a bug.
|FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch og-check_permissions_for_nonmembers-2064653-1.patch. Unable to apply patch. See the log in the details link for more information. |
[ View ]