Fancy Node Access with OG
I'm working on a node access module to stomp all over OG's og_public grant realm. As part of this process, I am conditionally creating a grant that specifically grants no access. It appears this grant does not even get written to the node_access table. This would not be a problem, except (or so I surmise) without a "0" in the update column of that table, users that are not members of a given group can go directly to node/#/edit and make changes. (On account of the <em>edit any **** content type</em> permission. Is there some way I can simply revoke access to nodes? Why am I attempting this madness? I am attempt to skate along the top of the Spaces module.
Once you grant 'edit any *** content type' perm, there is nothing OG or any node access module can do to intervene. You have to revoke that perm in order for anyone in those roles to be denied access. On Tue, Jul 27, 2010 at 6:47 PM, Adam B. Ross <grayside@gmail.com> wrote:
I'm working on a node access module to stomp all over OG's og_public grant realm. As part of this process, I am conditionally creating a grant that specifically grants no access. It appears this grant does not even get written to the node_access table.
This would not be a problem, except (or so I surmise) without a "0" in the update column of that table, users that are not members of a given group can go directly to node/#/edit and make changes. (On account of the <em>edit any **** content type</em> permission.
Is there some way I can simply revoke access to nodes?
Why am I attempting this madness? I am attempt to skate along the top of the Spaces module.
Take a long look at the order of the access checks in the node_access () function itself before you go much further. Of course, in Drupal 7, revoking access is trivial with hook_node_access(). On Jul 27, 2010, at 8:37 PM, Moshe Weitzman <weitzman@tejasa.com> wrote:
Once you grant 'edit any *** content type' perm, there is nothing OG or any node access module can do to intervene. You have to revoke that perm in order for anyone in those roles to be denied access.
On Tue, Jul 27, 2010 at 6:47 PM, Adam B. Ross <grayside@gmail.com> wrote:
I'm working on a node access module to stomp all over OG's og_public grant realm. As part of this process, I am conditionally creating a grant that specifically grants no access. It appears this grant does not even get written to the node_access table.
This would not be a problem, except (or so I surmise) without a "0" in the update column of that table, users that are not members of a given group can go directly to node/#/edit and make changes. (On account of the <em>edit any **** content type</em> permission.
Is there some way I can simply revoke access to nodes?
Why am I attempting this madness? I am attempt to skate along the top of the Spaces module.
Thank you both. Moshe has the right of it. Testing shows that once I uncheck that permission and convert the node type group settings to a wiki post, everything works as I expected it to. On Tue, Jul 27, 2010 at 7:58 PM, Ken Rickard <agentrickard@gmail.com> wrote:
rder of the access checks in the node_access() function itself before you go much further.
participants (3)
-
Adam B. Ross -
Ken Rickard -
Moshe Weitzman