User not allowed to access node using node_access
I wrote a module called Project Permissions that allows access to be controlled to Project and Issue nodes by user (using uid as gid in node_access). I installed it on a site, and specified access to a certain project node for a certain user, and the record was written as was expected to node_access. The role the user belongs to does not have the 'access project' or 'access project issues' permissions enabled. The problem is, the user can't even access the project that she should have permissions to access according to the record in node_access. The nid for the node is 9, and the user_id is 9, so the data in node_access is: nid - 9 gid - 9 realm - project_permissions grant_view - 1 grant_update - 1 grant_delete - 0 Here's my hook_node_grants: function project_permissions_node_grants($user, $op) { $grants['project_permissions'] = array($user->uid); return $grants; } I have the devel_node_access block enabled, and I can see that this record is the only one being returned from node_access. I've had this working on another site, so I'm not sure what else I could be missing. Can anyone explain why my user wouldn't be able to access the node? Thanks. Steve
On Apr 8, 2008, at 2:18 PM, Steve Edwards wrote:
The role the user belongs to does not have the 'access project' or 'access project issues' permissions enabled. ... Can anyone explain why my user wouldn't be able to access the node?
from modules/project/project.inc function project_project_access($op, $node) { ... if (!user_access('access projects')) { return FALSE; } ... } Cheers, -Derek (dww)
So there's no way to override that setting using node_access? According to the handy dandy diagram on page 104 of 'Pro Drupal Development' it looks like node_access is the last thing checked when granting access to a node. Is that incorrect, or am I misunderstanding how that process works? Thanks. Steve Derek Wright wrote:
On Apr 8, 2008, at 2:18 PM, Steve Edwards wrote:
The role the user belongs to does not have the 'access project' or 'access project issues' permissions enabled. ... Can anyone explain why my user wouldn't be able to access the node?
from modules/project/project.inc
function project_project_access($op, $node) { ... if (!user_access('access projects')) { return FALSE; } ... }
Cheers, -Derek (dww)
On Apr 8, 2008, at 2:31 PM, Steve Edwards wrote:
So there's no way to override that setting using node_access? According to the handy dandy diagram on page 104 of 'Pro Drupal Development' it looks like node_access is the last thing checked when granting access to a node. Is that incorrect, or am I misunderstanding how that process works?
I suggest you read through the source for function node_access() from modules/node/node.module in core. Here are the relevant parts: if (user_access('administer nodes')) { return TRUE; } if (!user_access('access content')) { return FALSE; } // Can't use node_invoke(), because the access hook takes the $op parameter // before the $node parameter. $module = node_get_types('module', $node); if ($module == 'node') { $module = 'node_content'; // Avoid function name collisions. } $access = module_invoke($module, 'access', $op, $node); if (!is_null($access)) { return $access; } // If the module did not override the access rights, use those set in the // node_access table. ... Since project's hook_access() is returning FALSE when the user doesn't have 'access projects' permission, that aborts node_access() early in a way that denies access to your users. What you need to do is grant everyone who needs to see a project "access projects" permission, then use the node access grant system to hide projects from users/roles that shouldn't see them. Cheers, -Derek (dww)
So there's no way to override that setting using node_access? According to the handy dandy diagram on page 104 of 'Pro Drupal Development' it looks like node_access is the last thing checked when granting access to a node. Is that incorrect, or am I misunderstanding how that process works?
Note that you only reach node_access if the results from hook_access() are inconclusive. In this case it's not inconclusive; project module is returning FALSE and therefore access is disallowed.
Yes, I was just noting that in the PDD diagram. Looks like I'll have to suggest an enhancement to the Project module. Thanks. Steve John VanDyk wrote:
So there's no way to override that setting using node_access? According to the handy dandy diagram on page 104 of 'Pro Drupal Development' it looks like node_access is the last thing checked when granting access to a node. Is that incorrect, or am I misunderstanding how that process works?
Note that you only reach node_access if the results from hook_access() are inconclusive. In this case it's not inconclusive; project module is returning FALSE and therefore access is disallowed.
participants (3)
-
Derek Wright -
John VanDyk -
Steve Edwards