I noticed this:

On a fresh install I enable BMS, and Organic Groups
Then I create 2 content types and set them as book type in BMS, in the global permissions I set user to be able to create one but not the other.
As admin I create some content and as common user I can see them, one with the "add child" link provided by BMS, and the other without, as it should be.

The problem arises as soon as I check the "Group content" checkbox in the content type settings: I can see the "Add child" link even when I shouldn't, and proceed to creating the content, even if its creation is not permitted by the global permission or the og permissions.

Comments

MarcElbichon’s picture

MarcElbichon CreditAttribution: MarcElbichon commented

I have never used OG. So, should be great if you could help me with a patch, but i'll try to have a look to the problem.

keyiyek’s picture

keyiyek CreditAttribution: keyiyek commented

I'm no programmer, so code is a bit hard for me, but I tried to look more into the problem, because I can't understand why OG is affecting the global permission behavior of your module, but suddenly I ran into this error.

Fatal error: Call to undefined function og_context_determine_context() in .../book_made_simple/book_made_simple.module on line 638

is not related to this problem, but it seems you are calling a function of the "Organic Group Context" module, after checking the "Organic Group" module exists.
I think you should instead check

  if (module_exists('og_context')) {

I tried and seems to work.

keyiyek’s picture

keyiyek CreditAttribution: keyiyek commented

I looked into this a bit more, and I think I pin-pointed the problem.

If the person viewing the content is just part of the Group the link is not displayed, since he has no permission whatsoever to create the content.
The problem arises when who is viewing the content is the administrator of another group. This means that he can actually create that kind of content inside his group.

The problem so is not much about permissions, which are handled right, but is consistency and segregation: does it make sense to create a child page in a group if the parent resides in another group? I think the answer is "depends".

So I think this is a matter of setting another option for the user like: "do you want to segregate the book into one single group" and check for permissions in groups.
It might not be your business actually, and more of some module like

OG Book
OG Book Inheritance

but one seems has not been updated in near 2 years, the other is still in dev version.

MarcElbichon’s picture

MarcElbichon CreditAttribution: MarcElbichon commented

Try the dev version. It has several improvements in interfacing with og.

Is OG Book or OG Book inheritance solves the problem ?

keyiyek’s picture

keyiyek CreditAttribution: keyiyek commented

I will try the dev

neither of the two modules "solves" the problem, but I think the segregation I was talking about should be competence of a module that explicitly takes in account books and groups such as the two I linked.