Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
First, thank you for the great module.
I am using lasted and greatest released and non-beta modules for Drupal 6.
Editable fields works as expected if the user has "edit any" permission, but does not work at all if the user does not.
I am granting the user permission with nodeaccess_userreference-6.x-2.1.tar.gz and other than editablefields, everything works great.
This could certainly be my mistake somewhere. I am happy to troubleshoot.
Comment | File | Size | Author |
---|---|---|---|
#26 | editablefields-488816-26.patch | 742 bytes | jhedstrom |
#23 | editablefields-488816-23.patch | 742 bytes | jhedstrom |
Comments
Comment #1
Anonymous (not verified) CreditAttribution: Anonymous commentedAny update on this?
Shouldn't editablefields have its own permission system?
Comment #2
ju.ri CreditAttribution: ju.ri commentedI can confirm this. My site shows a views block with editable fields, with the "user=current user" filter, so it shows only the users own profile node. The editable fields don't show up at all when the user doesn't have the "edit any" permission.
Comment #3
ju.ri CreditAttribution: ju.ri commentedthe code resposible seems to be this:
This doesn't seem to work when the editable field is inside a view.
I could remove the whole access check section for my site, because is checked elsewhere. but that's not a solution of course.
Comment #4
rjbrown99 CreditAttribution: rjbrown99 commented+1
Even though the user has "edit own XYZ content" permission, the editable fields do not show up in the resulting view. When the user is granted "edit any XYZ content" permission, all of the editable fields show up. This is using 6.x-1.2.
Comment #5
Anonymous (not verified) CreditAttribution: Anonymous commentedI have a more improtant issue:
- I want to allow users to edit fields with editablefields on node view
- I do NOT want users to EDIT the actual node
For this, editablefields really needs its own permission system. E.g. Authenticated users may edit fields, whilst they may not edit the node (node/12/edit)
Comment #6
Anonymous (not verified) CreditAttribution: Anonymous commentedSOLVED: In order to override content access permissions (such as 'edit any'), do this:
EDIT editablefields.module
ADD somewhere (e.g. at the top):
FIND:
if (!node_access('update',$node) || !content_access('edit', $field)) {
CHANGE TO:
if ((!node_access('update',$node) || !content_access('edit', $field)) && !user_access('edit all editablefields')) {
FIND in function editablefields_html():
if (node_access('update', $node)) {
CHANGE TO:
if (node_access('update', $node) || user_access('edit all editablefields')) {
FIND in function editablefields_submit():
if (node_access('update', $node)) {
CHANGE TO:
if (node_access('update', $node) || user_access('edit all editablefields')) {
And then go to user permission, and select which roles should have "edit all editablefields".
Thank you,
Comment #7
haroon373 CreditAttribution: haroon373 commentedThanks mxistence
Its a great solution for user permission
But in my case,
I have a profile field in a view. Like First Name, Last Name etc. These are all created from CCK under content type of profile. And these fields are editable in view.
The problem is, if i use your (above) changes, or i allow edit any profile content, then any user can edit anyones first name and last name fields.
I just want to permit a user to view only other user's profile and edit its own profile content.
I hope you understande what i am trying to say. You can ask question if there is some problem.
Sorry for the stupid question, but i am newbi in drupal development.
Any help will be greatly appriciated.
Comment #8
haroon373 CreditAttribution: haroon373 commentedYuppi... :)
I just resolve the issue I described above
Thanks to "mxistence" who show me the way :D
What I did is, i didn't impliment any hook. I just do the following steps:
FIND:
if (!node_access('update',$node) || !content_access('edit', $field)) {
CHANGE TO:
if ((!node_access('update',$node) || !content_access('edit', $field)) && (!user_access('edit own profile content', $account) && ($account->uid == $node->uid))) {
FIND in function editablefields_html():
if (node_access('update', $node)) {
CHANGE TO:
if (node_access('update', $node) || (!user_access('edit own profile content', $account) && ($account->uid == $node->uid))) {
FIND in function editablefields_submit():
de_access('update', $node)) {
CHANGE TO:
if (node_access('update', $node) || (!user_access('edit own profile content', $account) && ($account->uid == $node->uid))) {
Now these line will check that, is this the right user on his own profile page to edit it? then it will allow him to edit the profile fields.
I hope this solution will help anyone...
BUT
I face problem after doing this. when i go to any other user's profile page to view his profile, application show the that much alert boxes that much fields are on page.
What i did to resolve it is, just comment the line ~53 in module/editablefields/editablefields.js which is looks like
alert(Drupal.t("An error occurred at ") + url);
But this is not the solution... :P
any one can help me to resolve this issue.
Comment #9
bengtan CreditAttribution: bengtan commentedHi,
I have a clean fix.
For editablefields 6.x-1.2, in the file editablefields.module, in the function theme_editablefields_formatter_editable(), change line 73 from:
to
The bug was that $node wasn't actually a node object. Hence, the subsequent node_access() call was failing because it was getting garbage.
Comment #10
bengtan CreditAttribution: bengtan commentedFor those who are using editablefields 6.x-2.x, the relevant line number is line 79.
Or else you can apply the patch from comment #1 of #578678: Replace ajax loads with inline html widgets. Improve load time by 90%+.
Comment #11
bengtan CreditAttribution: bengtan commentedThe suggested fix from comment #9 has been committed to cvs and will be incorporated into the next release of editablefields.module.
Until that time, you can patch your own site by following the directions in comment #9. Thank you.
Comment #12
maverick14 CreditAttribution: maverick14 commented+1 waiting for the next release of this module including the permission fix.
Comment #14
rjbrown99 CreditAttribution: rjbrown99 commentedI am re-opening this. Beng's change was merged out of the latest module release so node access permissions are now broken again. #9 is still the fix.
The fix was reverted in the following commit:
http://drupalcode.org/viewvc/drupal/contributions/modules/editablefields...
Lots of other things seem to have been reverted in that commit so it may warrant a closer look at that change.
Can someone please re-commit this fix back to the main module? Access permissions are broken without it. Thanks.
Comment #15
markfoodyburton CreditAttribution: markfoodyburton commentedVery odd!
Must have been a mistake - anyway - I've re-committed. I've checked the other changes - they look OK .
BTW, this is for the 2.x branch now, please test out 2.x-dev and see if it's ok
Thanks
Mark
Comment #16
catorghans CreditAttribution: catorghans commentedI downloaded latest dev and no function "function editablefields_perm" found.
Comment #17
NaX CreditAttribution: NaX commentednode_access for me is returning the wrong value.
I am using some more advanced access control modules like "Node Access User Reference" and if my user goes to the node the edit tab appears and they are able to edit the node and the node form only shows the the correct fields per the field permissions.
The only time things go wrong is when not full nodes are used with node_access.
This in the end fixed it for me.
If you look in views (views_handler_field_node_link_edit.inc) they doing the same thing.
If you look at http://api.drupal.org/api/function/node_access/6 you will see the problem code
if ($op != 'create' && $node->nid && $node->status) {
I hope that helps.
Comment #18
aaronschachter CreditAttribution: aaronschachter commentedthe code in #9 works for me, using 6x-2.0. the code to change in the theme_editablefields_formatter_editable function can be found on line 87.
Comment #19
Vidus CreditAttribution: Vidus commentedI'm trying the 6.3x dev version, and still have the problem listed above. I've given my users field permission to edit a given field (Review Status), but they do not have the ability to edit the node itself, just the field.
What I'd like is to have the user able review a node, make a comment, then change the status of the field to Reviewed, so it no longer shows up on a list of nodes to review.
However, I can't get the editable field to show unless the users have the ability to edit all nodes of that type and the field as well.
Neither the patch in #9 no the 6.3x dev is getting it work for me.
Also worth noting I'm using the HTML version of the field, and working it through a view. Though, it also doesn't' work on node view either.
Comment #20
mry4n CreditAttribution: mry4n commented#9 also works for me.
It also looks like this change has already been rolled into the latest git versions of 6.x-2.x & 6.x-3.x (which I believe are the dev versions?).
As far as #17 goes, I just tried using the Node Access User Reference, and it worked just fine. I used it in a View and in Node view.
In any case, since this change has already been rolled into branches, I don't see any reason to not mark this as fixed?
-Mike
Comment #22
jhedstromThe solution in #17 is the proper solution (so that access that is only granted my node access modules will work). However, I'm not sure that hard-coding
$node->status = 1
is the solution--a person could easily make a view where in fact the status was not 1.Comment #23
jhedstromHere's a patch that checks if
$node->status
is already set. If it isn't, it checks for$node->node_status
(which is how the field comes through from views). This still isn't perfect, as I think that field name will change with more complex views.Comment #24
johnvMarked as duplicate of this issue:
#1313682: field permissions not working properly containing patch.
#1126708: Allow access to editablefields to be altered.
#545408: editablefields compatible with content access & ACL?
Comment #25
SocialNicheGuru CreditAttribution: SocialNicheGuru commentedDeleted comment
Comment #26
jhedstromRe-rolling to cleanly apply to 2.x dev.
Comment #27
rho_ CreditAttribution: rho_ commentedPath in #22 applied cleanly form me. Thanks jhedstrom.
Comment #28
naero CreditAttribution: naero commentedFor some reason, the patch isn't working for me and my CCK field, which is also controlled by Content Access.
Which permissions are required in order for a certain role to use editable fields? Can someone explain what this code is doing?
if (!node_access('update', $node)
I ended up commenting out this code to make it work:
Comment #29
naero CreditAttribution: naero commentedOkay, #6 definitely solved my issue. I applied his code manually to the latest 6.x-2.x-dev version.
Comment #30
SocialNicheGuru CreditAttribution: SocialNicheGuru commentedIs there a Drupal 7 version?
Comment #31
rafaqz CreditAttribution: rafaqz commentedAlso wondering about this in drupal 7. In my views tables currently only admin can view editable fields, having edit any permission. But I want them to be accessible for users to edit their own content. Any ideas?
Comment #32
ncarty97 CreditAttribution: ncarty97 commentedClose to a year since the last post, but this still seems to be an issue for D7. Any update?
Comment #33
dags CreditAttribution: dags commentedPermissions were introduced in 7.x here: #1730600: "Use editablefields" permission
If that doesn't solve the issue, please set the "Version" of this issue to 7.x-1.x-dev.
Comment #34
ncarty97 CreditAttribution: ncarty97 commentedOk, thanks. I did move to the dev version and that has exposed the permission. Still can't get it to work on my view, but that may be me.
Comment #35
alpinisteI second #34. I installed and enabled 7.x-1.x-dev (Last updated: September 30, 2013 - 21:24), and it has indeed exposed the editablefields permission, however when I gave the permission to anonymous, it didn't work on my view.
Comment #36
keeprock CreditAttribution: keeprock commentedIt's not working on a last 7.x-1.x-dev using views 3. Tries to create a specific role for a user, considering problem in role permission system, but still no luck.
Currently working for solution, because I need to implement this in my current project. Will post a patch if come up with anything.
Comment #37
milos.kroulik CreditAttribution: milos.kroulik commentedI also need a solution for this.
Comment #38
keeprock CreditAttribution: keeprock commentedI was able to solve this using "Field Permissions" module. At least user can see content now, but still no edit functionality.
Comment #39
johnkareoke CreditAttribution: johnkareoke as a volunteer commentedLook forward to a solution to this. Just ran into this issue
Comment #40
cimo75 CreditAttribution: cimo75 commentedField Permissions module fixed part of the issue for me as in a file entity the File field does not accept custom permission from this module.
S.