[support] node_access table
VJ
vrao at misteam.net
Fri Dec 30 02:56:49 UTC 2005
There arent any other access control modules, but Im way past a vanilla
install..Im sure some of my code is interfering with node_privacy.
If I cant do this through the node_access table, is there any other way? I
just want to make a node read only.
I can remove the edit interface through the theme, but thats my last option.
-v
> Hmm... I'm not having that trouble with node_privacy_byrole on the
> 4.6.x. code, but here are some things I might check.
>
> 1. Make sure in the table that there are no rows with realm=all, or any
> other realm.
>
> 2. Verify there are no other access control modules enabled. (e.g.
> taxonomy_access, organic groups, simple access).
>
> The reason a module is required is that drupal fires the nodeapi hooks
> in modules to check and see if the user has permissions to node
> content. Different modules implement different security in different
> ways and the way they are integrated is by implementing the hook.
> Drupal does not implement any "node specific security" by default. So
> if you don't have any of these modules enabled all you get is the basic
> security model.
>
> That's at least how I understand it. As always, I volunteer to be wrong
> about this.
>
> Dave
>
> -----Original Message-----
> From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On
> Behalf Of VJ
> Sent: Thursday, December 29, 2005 3:38 PM
> To: development at drupal.org
> Cc: vrao at misteam.net; support at drupal.org
> Subject: RE: [support] node_access table
>
> Thanks.
>
> I have node_privacy_byrole installed, but setting everything to 0 for
> both node_privacy_byrole_role and node_privacy_byrole_user has no
> effect..i.e anyone can access it.
>
> Anyway, Ive had problems with that module before which is why I was
> wondering if I can bypass it...i.e set the permissions myself in code.
> On my site, when an user clicks 'complete' (which is a custom button),
> the node should immediately become read only.
>
>>From your email, I get the impression that I have to use a module. Why
>>is
> that? do these modules change the node_load query?
>
> Thanks,
>
> V
>
>> The short answer here is that it depends on which access control
>> modules you're using. If you're using the "og module" it's different
>> then if you're using "node privacy by role". If I understand it
>> correctly, without additional modules installed this table doesn't do
> anything.
>>
>> You should be extremely careful about modifying this table without
>> using the API's for the appropriate access module. More info is in
>> the hook_access on the Drupal Api documentation.
>>
>> If you still want to do this programatically then here's and example:
>>
>> If you're using node_privacy_by_role, then an example insert would be:
>>
>> Insert into node_access
>> (nid,gid,realm,grant_view,grant_update,grant_delete)
>> values
>> (<node>,<role_id>,'node_access_byrole_role',<grant_view>,<grant_update
>> >,
>> <grant_delete>)
>>
>>
>>
>> With the followign replacements:
>> <node> The node id that you're protecting - find from node edit
> screen
>> <role_id> the role ID for the role your granting access to.
>> <grant_view> 1 if the role can view, otherwise 0
>> <grant_update> 1 if the role can update, otherwise 0
>> <grant_delete> 1 if the role can delete, otherwise 0
>>
>>
>> -----Original Message-----
>> From: support-bounces at drupal.org [mailto:support-bounces at drupal.org]
>> On Behalf Of VJ
>> Sent: Thursday, December 29, 2005 9:20 AM
>> To: support at drupal.org
>> Cc: development at drupal.org
>> Subject: [support] node_access table
>>
>>
>>
>> How does this table work? If I want to remove comment and update
>> rights to a specific user (or role), whats the exact SQL query?
>>
>> Thanks,
>>
>> V
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
More information about the support
mailing list