Non-privleged user can change group post visibility on node edit in certain situations [#664048]

Using OG 6.x-2.0 we are finding that if authenticated users can create posts but not make them public and the post is made public by the site admin, subsequent editing of the post by the authenticated user causes the post to revert to private.

I can see how this might be the desired behaviour rather than a bug to control the content that is made public but it can be a real nuisance on some sites.

Is there a way to stop this from happening, so that the post remains public?

Thanks,

Izzy

Comment	File	Size	Author
#7	access.diff	1.25 KB	Peter Bex
#7

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

izmeez CreditAttribution: izmeez commented 23 December 2009 at 03:07

+bump

I'm just wondering if anyone has any thoughts that might be helpful in addressing this question. Thanks,

Izzy

Comment #2

gpk CreditAttribution: gpk commented 27 December 2009 at 15:19

>I can see how this might be the desired behaviour rather than a bug to control the content that is made public
But the problem is that an OG admin's attempts to make a post public can/will be thwarted every time the original user edits the post. I think your proposed use case, whereby the author can edit the post and it remains public, would be much more useful.

From looking at the code, I think a similar problem will occur if posts are all public but an OG admin sets one to private ... if the author edits it then it will become public once more.

So probably this is a level of complexity that's not been completely thought through yet.

In this code:
http://drupalcode.org/viewvc/drupal/contributions/modules/og/modules/og_...
the variable $vis determines whether the checkbox will be shown and what default value it takes. For cases OG_VISIBLE_BOTH and OG_VISIBLE_GROUPONLY, the existing value of $node->og_public needs to be used, if it exists, to fix the counter-intuitive behavior you are experiencing.

Comment #3

amitaibu

Hebrew

Israel

CreditAttribution: amitaibu commented 27 December 2009 at 20:22

Title:	How to prevent OG public posts reverting to private when re-edited by regular group member	» Non-privleged user changes group post visibility on node edit
Version:	6.x-2.0	» 6.x-2.x-dev
Category:	support	» bug

This sounds like a bug - we should prevent the non-privileged user from accessing the og_access field.

Comment #4

gpk CreditAttribution: gpk commented 27 December 2009 at 21:38

Title:

Non-privleged user changes group post visibility on node edit

» Non-privleged user can change group post visibility on node edit in certain situations

>we should prevent the non-privileged user from accessing the og_access field
They can't access the field, but the code in og_access_alter_nongroup_form() ignores the current value of og_public if they can't access it and resets it based on static variable og_visibility.

Comment #5

izmeez CreditAttribution: izmeez commented 31 December 2009 at 17:08

@gpk and @amitaibu, thanks for picking up on this. I do not have the coding experience to help with this but would be happy to test any patches. I was also wondering if a related issue http://drupal.org/node/624784 might be related to the same area of code. Thanks,

Izzy

Comment #6

gpk CreditAttribution: gpk commented 31 December 2009 at 18:54

Don't think that one is much related, but it does look as tho' some of this logic needs a bit of TLC, if anyone has the time...!!!

Comment #7

Peter Bex CreditAttribution: Peter Bex commented 30 May 2013 at 14:13

File	Size
access.diff	1.25 KB

How about the attached patch?

Comment #8

izmeez CreditAttribution: izmeez commented 9 July 2013 at 20:24

Status:

Active

» Needs review

@Peter Bex
I tested patch in #7 and it appears to work. I cannot comment on the code. Maybe someone else can. I will see how it holds up with more testing. Thanks.