[development] problems with permissions on node

Ken Rickard agentrickard at gmail.com
Wed Nov 18 14:52:55 UTC 2009


node_access() is not proper here, since hook_access() is called within
the node_access() stack (so calling it again creates a loop).

The problem may be security. Read the node_access() function and note
that there 4 separate return statements (3 FALSE and a TRUE) before
hook_access() is invoked.

Typically, this is a filter access problem, as the node body may be
using a filter not accessible to the user trying to edit the node.

- Ken

On Wed, Nov 18, 2009 at 9:18 AM, Svein-Tore With
<Svein-Tore.With at telemed.no> wrote:
> I think you need to add a "$" sign in line 7
>
> Cheers,
> Svein-Tore With (username falcon)
>
>> function nodetype_access($op, $node, $account) {
>>   $is_author = $account->uid == $node->uid;
>>   switch ($op) {
>>     case 'create':
>>       return user_access('create nodetype', $account);
>>     case 'update':
>>       $output = user_access('edit own nodetype', $account) && [HERE]is_author ||
>>         user_access('edit any nodetype', $account);
>>       if ($output) return TRUE;
>>     case 'delete':
>>       return user_access('delete own nodetype', $account) && $is_author ||
>>         user_access('delete any nodetype', $account);
>>   }
>> }
>
>



-- 
Ken Rickard
agentrickard at gmail.com
http://ken.therickards.com


More information about the development mailing list