Hello,

I noticed that cron is executed as admin, so if anonymous does not have access to the action it will be blocked.

Perhaps a warning would be welcome when enqueuing the action, or even better, when enabling it for enqueing. :)

Comments

bojanz’s picture

bojanz CreditAttribution: bojanz commented

Does this happen when attempting to run a core action, or a rules component?
Access is checked for the same user who enqueued the operation, so that should work (at least for core actions).

EDIT: Okay, I see the problem.The script action does its own access checking where the behavior described above is not present and the current user is used instead.

bojanz’s picture

bojanz CreditAttribution: bojanz commented
Category: support » bug
Status: Active » Fixed

Committed a fix.

bojanz’s picture

bojanz CreditAttribution: bojanz commented
Version: 7.x-3.x-dev » 6.x-1.x-dev
Status: Fixed » Patch (to be ported)

This is the commit: http://drupalcode.org/project/views_bulk_operations.git/commitdiff/cd9d063

infojunkie might be interested in this, as far as I can see, 6.x-1.x should have the same problem.

infojunkie’s picture

infojunkie
Location Vancouver
CreditAttribution: infojunkie commented

Is the permission attribute supported in D6? I should check.

infojunkie’s picture

infojunkie
Location Vancouver
CreditAttribution: infojunkie commented

Sorry, I don't understand how this patch works. Who handles the permission attribute in the action info?

Hehehe it's my own style plugin code :-)

infojunkie’s picture

infojunkie
Location Vancouver
CreditAttribution: infojunkie commented
Status: Patch (to be ported) » Fixed

Committed to D6.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.