[development] problems with permissions on node

Lluís enboig at gmail.com
Wed Nov 18 16:24:17 UTC 2009 

After some research I found the error was not using "break;"; so after
checking update permission, delete permission was taking the lead.

    case 'update':
      $output = user_access('edit own nodetype', $account) && is_author ||
        user_access('edit any nodetype', $account);
      if ($output) return TRUE;
      break; //  <----------


On Wed, Nov 18, 2009 at 3:52 PM, Ken Rickard <agentrickard at gmail.com> wrote:
> node_access() is not proper here, since hook_access() is called within
> the node_access() stack (so calling it again creates a loop).
>
> The problem may be security. Read the node_access() function and note
> that there 4 separate return statements (3 FALSE and a TRUE) before
> hook_access() is invoked.
>
> Typically, this is a filter access problem, as the node body may be
> using a filter not accessible to the user trying to edit the node.
>
> - Ken
>
> On Wed, Nov 18, 2009 at 9:18 AM, Svein-Tore With
> <Svein-Tore.With at telemed.no> wrote:
>> I think you need to add a "$" sign in line 7
>>
>> Cheers,
>> Svein-Tore With (username falcon)
>>
>>> function nodetype_access($op, $node, $account) {
>>>   $is_author = $account->uid == $node->uid;
>>>   switch ($op) {
>>>     case 'create':
>>>       return user_access('create nodetype', $account);
>>>     case 'update':
>>>       $output = user_access('edit own nodetype', $account) && [HERE]is_author ||
>>>         user_access('edit any nodetype', $account);
>>>       if ($output) return TRUE;
>>>     case 'delete':
>>>       return user_access('delete own nodetype', $account) && $is_author ||
>>>         user_access('delete any nodetype', $account);
>>>   }
>>> }
>>
>>
>
>
>
> --
> Ken Rickard
> agentrickard at gmail.com
> http://ken.therickards.com
>



-- 
*Les normes hi són perquè hi pensis abans de saltar-te-les
*La vida és com una taronja, què esperes a exprimir-la?
*Si creus que l'educació és cara, prova la ignorància.
*La vida és com una moneda, la pots gastar en el que vulguis però
només una vegada.
*Abans d'imprimir aquest missatge, pensa en el medi ambient.

More information about the development mailing list