Re: [development] problems with permissions on node
I think you need to add a "$" sign in line 7 Cheers, Svein-Tore With (username falcon)
function nodetype_access($op, $node, $account) { $is_author = $account->uid == $node->uid; switch ($op) { case 'create': return user_access('create nodetype', $account); case 'update': $output = user_access('edit own nodetype', $account) && [HERE]is_author || user_access('edit any nodetype', $account); if ($output) return TRUE; case 'delete': return user_access('delete own nodetype', $account) && $is_author || user_access('delete any nodetype', $account); } }
node_access() is not proper here, since hook_access() is called within the node_access() stack (so calling it again creates a loop). The problem may be security. Read the node_access() function and note that there 4 separate return statements (3 FALSE and a TRUE) before hook_access() is invoked. Typically, this is a filter access problem, as the node body may be using a filter not accessible to the user trying to edit the node. - Ken On Wed, Nov 18, 2009 at 9:18 AM, Svein-Tore With <Svein-Tore.With@telemed.no> wrote:
I think you need to add a "$" sign in line 7
Cheers, Svein-Tore With (username falcon)
function nodetype_access($op, $node, $account) { $is_author = $account->uid == $node->uid; switch ($op) { case 'create': return user_access('create nodetype', $account); case 'update': $output = user_access('edit own nodetype', $account) && [HERE]is_author || user_access('edit any nodetype', $account); if ($output) return TRUE; case 'delete': return user_access('delete own nodetype', $account) && $is_author || user_access('delete any nodetype', $account); } }
-- Ken Rickard agentrickard@gmail.com http://ken.therickards.com
After some research I found the error was not using "break;"; so after checking update permission, delete permission was taking the lead. case 'update': $output = user_access('edit own nodetype', $account) && is_author || user_access('edit any nodetype', $account); if ($output) return TRUE; break; // <---------- On Wed, Nov 18, 2009 at 3:52 PM, Ken Rickard <agentrickard@gmail.com> wrote:
node_access() is not proper here, since hook_access() is called within the node_access() stack (so calling it again creates a loop).
The problem may be security. Read the node_access() function and note that there 4 separate return statements (3 FALSE and a TRUE) before hook_access() is invoked.
Typically, this is a filter access problem, as the node body may be using a filter not accessible to the user trying to edit the node.
- Ken
On Wed, Nov 18, 2009 at 9:18 AM, Svein-Tore With <Svein-Tore.With@telemed.no> wrote:
I think you need to add a "$" sign in line 7
Cheers, Svein-Tore With (username falcon)
function nodetype_access($op, $node, $account) { $is_author = $account->uid == $node->uid; switch ($op) { case 'create': return user_access('create nodetype', $account); case 'update': $output = user_access('edit own nodetype', $account) && [HERE]is_author || user_access('edit any nodetype', $account); if ($output) return TRUE; case 'delete': return user_access('delete own nodetype', $account) && $is_author || user_access('delete any nodetype', $account); } }
-- Ken Rickard agentrickard@gmail.com http://ken.therickards.com
-- *Les normes hi són perquè hi pensis abans de saltar-te-les *La vida és com una taronja, què esperes a exprimir-la? *Si creus que l'educació és cara, prova la ignorància. *La vida és com una moneda, la pots gastar en el que vulguis però només una vegada. *Abans d'imprimir aquest missatge, pensa en el medi ambient.
Don't forget to add a $ before your is_author, or it will continue to fail on anyone without the "edit any nodetype" permission. Jamie Holly http://www.intoxination.net http://www.hollyit.net Lluís wrote:
After some research I found the error was not using "break;"; so after checking update permission, delete permission was taking the lead.
case 'update': $output = user_access('edit own nodetype', $account) && is_author || user_access('edit any nodetype', $account); if ($output) return TRUE; break; // <----------
On Wed, Nov 18, 2009 at 3:52 PM, Ken Rickard <agentrickard@gmail.com> wrote:
node_access() is not proper here, since hook_access() is called within the node_access() stack (so calling it again creates a loop).
The problem may be security. Read the node_access() function and note that there 4 separate return statements (3 FALSE and a TRUE) before hook_access() is invoked.
Typically, this is a filter access problem, as the node body may be using a filter not accessible to the user trying to edit the node.
- Ken
On Wed, Nov 18, 2009 at 9:18 AM, Svein-Tore With <Svein-Tore.With@telemed.no> wrote:
I think you need to add a "$" sign in line 7
Cheers, Svein-Tore With (username falcon)
function nodetype_access($op, $node, $account) { $is_author = $account->uid == $node->uid; switch ($op) { case 'create': return user_access('create nodetype', $account); case 'update': $output = user_access('edit own nodetype', $account) && [HERE]is_author || user_access('edit any nodetype', $account); if ($output) return TRUE; case 'delete': return user_access('delete own nodetype', $account) && $is_author || user_access('delete any nodetype', $account); } }
-- Ken Rickard agentrickard@gmail.com http://ken.therickards.com
ok, thanks On Wed, Nov 18, 2009 at 5:32 PM, Jamie Holly <hovercrafter@earthlink.net> wrote:
Don't forget to add a $ before your is_author, or it will continue to fail on anyone without the "edit any nodetype" permission.
Jamie Holly http://www.intoxination.net http://www.hollyit.net
Lluís wrote:
After some research I found the error was not using "break;"; so after checking update permission, delete permission was taking the lead.
case 'update': $output = user_access('edit own nodetype', $account) && is_author || user_access('edit any nodetype', $account); if ($output) return TRUE; break; // <----------
On Wed, Nov 18, 2009 at 3:52 PM, Ken Rickard <agentrickard@gmail.com> wrote:
node_access() is not proper here, since hook_access() is called within the node_access() stack (so calling it again creates a loop).
The problem may be security. Read the node_access() function and note that there 4 separate return statements (3 FALSE and a TRUE) before hook_access() is invoked.
Typically, this is a filter access problem, as the node body may be using a filter not accessible to the user trying to edit the node.
- Ken
On Wed, Nov 18, 2009 at 9:18 AM, Svein-Tore With <Svein-Tore.With@telemed.no> wrote:
I think you need to add a "$" sign in line 7
Cheers, Svein-Tore With (username falcon)
function nodetype_access($op, $node, $account) { $is_author = $account->uid == $node->uid; switch ($op) { case 'create': return user_access('create nodetype', $account); case 'update': $output = user_access('edit own nodetype', $account) && [HERE]is_author || user_access('edit any nodetype', $account); if ($output) return TRUE; case 'delete': return user_access('delete own nodetype', $account) && $is_author || user_access('delete any nodetype', $account); } }
-- Ken Rickard agentrickard@gmail.com http://ken.therickards.com
-- *Les normes hi són perquè hi pensis abans de saltar-te-les *La vida és com una taronja, què esperes a exprimir-la? *Si creus que l'educació és cara, prova la ignorància. *La vida és com una moneda, la pots gastar en el que vulguis però només una vegada. *Abans d'imprimir aquest missatge, pensa en el medi ambient.
participants (4)
-
Jamie Holly -
Ken Rickard -
Lluís -
Svein-Tore With