Hi,
I'm using the Subusers module to allow "Parent" role users to create "Child" users(authenticated users role). I want to be able to let the parent users moderate(update/delete/publish/unpublish) child user posts(nodes). Of course, when posts are published everyone should be able to view the posts inc. anon users.
When a child user creates a post, I add the the parent to the acl /w full privs.
*SIDE NOTE* I also have to add the child to the acl or nodes don't show up in views. (probably due to my misuse of the module)
function mymodule_entity_insert($entity, $type) {
if (in_array($entity->type, array('post'))) {
$account = user_load($entity->uid);
$parents = subuser_load_all($account, FALSE);
$parent_id = array_shift($parents);
if ($parent_id) {
// Create a new ACL.
$acl_id = acl_create_acl('mymodule', 'mod_'. $entity->nid);
// Provide access control to a node based upon an ACL id.
acl_node_add_acl($entity->nid, $acl_id, 1, 1, 1, 0);
// Add parent and child to an ACL.(@see views bug)
acl_add_user($acl_id, $parent_id);
acl_add_user($acl_id, $entity->uid);
// Node access grants for rebuilding.
node_access_needs_rebuild(TRUE);
}
}
}
This seems to work well in terms of moderating content. however, when posts are published by the parent. The anon and other site users still can't view the content. They do have "View Published Content" perms.
How can I keep these ACLs but, allow anon/authenticated users to view published content?
Thanks,
Comments
Comment #1
psychobyte CreditAttribution: psychobyte commentedComment #2
salvisPlease install the Devel Node Access module as explained when you created this issue. It'll show you what your state is.
node_access_needs_rebuild() is not what you want. It'll just set a flag that tells the administrator to run a batch rebuild of the entire {node_access} table. You want to call node_access_acquire_grants() instead.
Comment #3
psychobyte CreditAttribution: psychobyte commentedIt looks like views ignores ACL just like hook_node_access.
http://www.phase2technology.com/blog/drupal-7-node-access-grants-locks-a...
I was actually able to move to hook_node_grants() to do what I wanted.
Comment #4
salvisThis is wrong.
I don't have time to really study the post that you quote, but calling "Drupal [...] a 'deny-based' access control system" is at least misleading.
If you want to seriously discuss (and understand) this then follow the instructions and post screenshots of the two DNA blocks.
Everything else is just guesswork and a waste of time.