Table node_access: Deleting rows filled with 0s for all 3 grants.
Helo, everybody. I have an issue concerning access modules. Table node_access has too many lines. (nid * role_id) Concerning taxonomy_access, there is an idea to remove (and not generate) those lines in table 'node_access' where all three types of grants are 0.(grant_view = 0 and grant_upadet = 0 and grant_delete = 0). Because actually only records which grants some permission affect node_access() behaviour. What do you guys, think about it? Does this have any drawback in your opinion? For troubleshooting or to be able to check integrity of table 'node_access', I would definitely generate at least one line per node, even if it is filled with zeros. (so that all 'nid' would be inside table 'node_access'). I have an issue with Taxonomy_access about this: 'Prevent taxonomy_access from populating node_access table more than necessary.' http://drupal.org/node/54544 Many thanks for the support in advance. Have an ice weekend :) Keve.
Keve, My understanding is that you should not write the rows which grant nothing, as you state. Regarding writing at least one row per node, even if it grants nothing, I'm not sure. If you find that useful for checking integrity then I don't see it doing harm. What is the expected behavior when a node has no grants in the node_access table? I think either: a) noone is allowed to view that node. Or, b) another module might write an entry to the node_access table. That is, the user has two access control modules installed. While (b) should remain possible, I think it will be rare. More likely the user has made a node which noone can see, including themselves. Is this really what they wanted? -Dave On Saturday 18 March 2006 06:24 am, Keve wrote:
Concerning taxonomy_access, there is an idea to remove (and not generate) those lines in table 'node_access' where all three types of grants are 0.(grant_view = 0 and grant_upadet = 0 and grant_delete = 0). Because actually only records which grants some permission affect node_access() behaviour.
Thanks for your comment. Dave Cohen wrote:
Keve,
My understanding is that you should not write the rows which grant nothing, as you state. Regarding writing at least one row per node, even if it grants nothing, I'm not sure. If you find that useful for checking integrity then I don't see it doing harm.
I would like to write at least one line per node to be able to check integrity later. I can think of one case: It can happen, that admin disables the module at admin/modules page without deactivating it at TAC settings page. Then admin enables module again. BUT while it was disabled, some new nodes could be added which does not appear in table node_access. To catch this kind of error and nid, it would be useful to write at least one line per node.
What is the expected behavior when a node has no grants in the node_access table? I think either:
a) noone is allowed to view that node. Or,
b) another module might write an entry to the node_access table. That is, the user has two access control modules installed.
I know these could happen very rarely. So that adding at least one line per node to table node_access would not make the table much more robust. What do you think? Regards, Keve
On Saturday 18 March 2006 06:24 am, Keve wrote:
Concerning taxonomy_access, there is an idea to remove (and not generate) those lines in table 'node_access' where all three types of grants are 0.(grant_view = 0 and grant_upadet = 0 and grant_delete = 0). Because actually only records which grants some permission affect node_access() behaviour.
participants (2)
-
Dave Cohen -
Keve