I recently upgraded from 6.1 to 6.2 and am having some permissions problems. Here are the details:

- All existing (prior to the upgrade) nodes' permissions continue to work.
- All newly created nodes' permissions work.
- Changes to permissions for existing (prior to the upgrade) nodes do not work.

Thanks in advance for any ideas.
Dan

Comments

deekayen’s picture

Status: Active » Postponed

Drupal 6.3 is supposed to fix some bugs introduced in 6.2 that messed up the permissions system. Feel free to remind me to revisit this after that comes out.

deekayen’s picture

Status: Postponed » Postponed (maintainer needs more info)

Did you update your permissions through the mass update option on Administer > Content Management > Content ? If so, does http://drupal.org/node/270516 sound familiar?

Otherwise, please try again with Drupal 6.3 and report back. It wouldn't hurt to get a bit more detail on which screens you're updating the permissions through and what the permissions of the roles are that you're doing it as and if any of those are uid 1 superuser.

bradnana’s picture

I am having a similar problem. I have Drupal 6.3 installed and I recently installed node_privacy_byrole. At first glance it appears to be working well, however, I have encountered a gliche that is quite a problem for existing sites. Once installed, it will not update the EDIT permissions on old content. I have not been able to get it to update EDIT permissions on anything I had created prior to the install. Here is what I have done.

1. Set Drupal core permissions like I want in case I ever uninstall the node_privacy_byrole module. If I understand correctly this module overrides the core, and once it is uninstalled the core defaults are put back in place.

2. Set default node privacy permissions on each individual content type- page, story, event, etc...

3. Run mass content update on all created content at Administer>>Content Management>>Content to apply EDIT permissions to the appropriate types. Does not appear to be working.

All new created content has the new permissions. All old content does not. I can't even go into each old page individually and manually change the EDIT permissions. It has no effect. VIEW permissions seem to update correctly. Otherwise, I have to actually recreate the node (by copying it to a new node) for any new EDIT permissions to take effect. I have tried every combination I can think of to get the old content to respond, but all I can do is go into the node and turn off all permissions, and when I save that it will deny access to everyone. Or I can turn them back on "anon view, auth view, and auth edit" and all that will take effect is the VIEW permissions. I cannot set an old node to allow anyone to EDIT it, unless a new page/node is duplicated/created. Also, as an aside, I can't tell whether the DELETE permissions are getting updated on old content, since the DELETE button would only show up on the EDIT page. So, DELETE permission updates remain to be seen on old content.

Has anyone else run into this? Am I missing something simple?

bradnana’s picture

Title: Permissions problem » node EDIT permissions do not assign across users with different filter permissions
Component: Code » Documentation
Priority: Normal » Minor
Status: Postponed (maintainer needs more info) » Closed (works as designed)

AHAAA! I found it!

As far as my situation goes, I've found the problem. In my case, as superadmin, I was creating content using the 'full HTML' filter. Then when I set up individual site users, they are only given 'filtered HTML' permission. So the problem lies with this... Node privacy does not apply to content between two separate user accounts with different access permissions to filters. Whatever filters are enabled on a particular node, must be the same filters assigned to the user needing EDIT permissions to that node. So, I cannot create a page using the 'full HTML' filter and then allow it to be edited by a user that only has 'filtered HTML' permissions.

I still had to go into each node and set the filter to 'filtered HTML' in order to make EDIT permission available to lower users, and I had to add several tags to the filter to get the existing content to format the way I wanted it, but it was better than having to copy and recreate each old node.

And to answer my own question in my previous post, "Yes, DELETE permissions work just fine once EDIT permissions are enabled correctly. "

Now I'm wondering if this is the intended behavior. This behavior effectively eliminates granular control of filters by reducing available filters to the least common denominator. It causes you to have to choose one filter at the start and assign it to everyone needing EDIT permissions or turn on other filters for those users. I understand that filter access is controled per role, but shouldn't a node be editable by a user even if the filter it uses is different from the filter assigned to the user? Of course, it would strip out any formatting that had been applied in the initial node if the user's filter did not allow it. But I'm debating if that would be more acceptable behavior (and easier to understand) than not getting EDIT permissions at all and scratching your head trying to figure out why!

Then again, maybe this is the way it should work, but we should at least add a description about this behavior in the module documentation.

BTW, I'm certainly not complaining about this module! It works great and, in my opinion, provides functionality that ought to be available in the core. That's one area where Mambo/Joomla outshines Drupal.

Hope this helps anyone else experiencing the same dilema.

deekayen’s picture

Title: node EDIT permissions do not assign across users with different filter permissions » document that node EDIT permissions do not assign across users with different filter permissions
Category: support » task
Status: Closed (works as designed) » Needs work

I think what you experienced is the desired behavior because Drupal doesn't have a way right now to gracefully just hide that one particular field with the conflicting input filter permissions.

bradnana’s picture

I take it back... :(

Apparently, the EDIT and DELETE permission settings through this module are not working. The VIEW permissions are working fine, but turning on or off EDIT or DELETE permissions for any content is having no effect.

Just to clarify, in a vanilla Drupal install, core permissions can control DELETE and EDIT but not access or VIEW per node type or per node. The filter setting stipulation still applies, though. If Drupal core permissions are set to allow EDIT by a user but the node was authored using a filter that the user is not allowed to use, then the node is not editable by the user regardless how the core permissions are set.

This module is supposed to control permissions by node type by allowing the admin to set defaults for each type and then disallowing users to administer permissions. It is also designed to work per node, i.e not just per node type. The logic is very straightforward. However, disregarding core permissions and filter settings and all things being equal, node privacy byrole is just not working to set EDIT or DELETE permissions.

It still works for me for the time being though since both the core permissions and the filter settings effectively control which user can edit or delete content. By adding this module to the mix to control VIEW permissions per node, I essentially have full control albeit in a round about way!

Hope others can provide some feedback and we can get this module up and running correctly. It's a great addition to a Drupal admin's toolbox.