Hello, Eric,
I am running several class sites using a standard install of Drupal with the taxonomy access control module, and I don't have this issue. I have configured the site so anonymous users can't see any student generated content. When the anonymous user types in "http://site.org/blog/x", they see the person's username, but none of their blog posts. One way around your current situation would be to use the taxonomy access control module to place further limits on the anonymous user, and hopefully to counteract the effect of the bug.
Also, if you are interested, I have made a pre-configured version of this site (the database dump, core drupal, and a few contributed modules) available for download on my web site: http://www.funnymonkey.com/configured-site
I hope this helps.
Cheers,
Bill.
Gerhard Killesreiter wrote:
On Mon, 3 Oct 2005, Eric Crump wrote:
Hope this isn't a faq but I haven't found a solution yet.
I have one site that I'm using for a college class and the whole site is supposed to be private, that is, for class use only. I thought that would simply be a matter of giving anonymous users *no* privileges in 'access control' and for the most part, that seems to work. Anonymous users get 403s wherever they go *except* if they type the path to a user's blog.
For any path 'http://site.org/blog/x' the blog teasers and links display just fine! If they click on a link, they get 403ed, but since anon users don't have content access privileges, this seems weird to me that they can see the titles and teasers for blogs.
I've gotten the same result on drupal 4.6.3 and civicspace 0.8.1.3 sites.
Is there a config option I've missed?
If the anonymous users don't have "access content" permission then you found a bug.
Cheers, Gerhard