We've tried this module on a large site and the node grants hoses the entire grants table. I understand why you can't use hook_access(), I don't suppose there's be a way to use hook_nodeapi() to enforce permissions?

CommentFileSizeAuthor
#2 customreports-nodegrants-patch.txt5.58 KBdrupalninja99
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

davidtrainer’s picture

davidtrainer CreditAttribution: davidtrainer commented

Subscribing

drupalninja99’s picture

drupalninja99 CreditAttribution: drupalninja99 commented
FileSize
customreports-nodegrants-patch.txt5.58 KB

I am adding a patch that replaces the node grants stuff with a simple nodeapi check.

if ($op == 'view') {
      /**
       * Enforce permissions
       */
      if (!user_access('view custom reports')) {
        drupal_access_denied();
        exit;
      }

This seems to do the trick much more easily without messing with node grants. Understand that on a site with 10's of thousands of nodes, that using node grants is an extremely costly operation and that's if it works.

a_c_m’s picture

a_c_m CreditAttribution: a_c_m commented

This looks good, i wil try to make time at or on DrupalCon to get this committed.

moshe weitzman’s picture

moshe weitzman CreditAttribution: moshe weitzman commented
Status: Active » Reviewed & tested by the community

I'll second that node access system is quite a big unwelcome surprise for sites with lots of nodes. Patch looks good.

a_c_m’s picture

a_c_m CreditAttribution: a_c_m commented
Status: Reviewed & tested by the community » Fixed

Committed.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.