Maybe it's because it's 1am, but permissions just aren't behaving the way I think they should.
I'm trying to prevent an authenticated user with no other roles from being able to delete the content that they create.
The nodetype is an Ubercart product with a number of CCK fields and fieldgroups.
The "authenticated user" column in permissions has only these boxes checked:
access site-wide contact form access content search content create enrollment products (enrollment is the name of the product class)
"delete own enrollment products" is NOT checked. Neither is "edit own enrollment products"
Admin users have all the boxes checked.
I even installed the access control module, and set the "authenticated user" to be only allowed to view this content type, not edit or delete even their own. No effect. plain ol' authenticated user with no other roles can build a new product, then go back and delete it. Which is what I don't want to happen.
Is there something about Ubercart that overrides permissions?
I suppose I could use CSS to hide the "delete" button. Admin users could still delete content through the content list. Still, seems like this is not behaving the way it ought to.
Maybe after I sleep a while it will become clear. Or maybe someone out there reading this knows some permissions voodoo.
Thanks in advance,
Steve
Quoting Steven Scotten steves@splicer.com:
Maybe it's because it's 1am, but permissions just aren't behaving the way I think they should.
Did you log out of the authenticated user after each change? Did you clear cache just to make sure?
-- Earnie -- http://r-feed.com/ -- http://for-my-kids.com/ -- http://www.4offer.biz/ -- http://give-me-an-offer.com/
On Sep 25, 2009, at 5:56 AM, Earnie Boyd wrote:
Quoting Steven Scotten steves@splicer.com:
Maybe it's because it's 1am, but permissions just aren't behaving the way I think they should.
Did you log out of the authenticated user after each change? Did you clear cache just to make sure?
I did a lot of cache-clearing, but didn't try logging out of that user and back in until this morning when I saw this. No dice.
I guess I should start looking for modules that are incompatible with one another.
At least I know from your response that it really is supposed to work the way it appears it should work. Thank you!
Steve
Steven Scotten wrote:
Maybe it's because it's 1am, but permissions just aren't behaving the way I think they should.
<snip>
I even installed the access control module, and set the "authenticated user" to be only allowed to view this content type, not edit or delete even their own. No effect. plain ol' authenticated user with no other roles can build a new product, then go back and delete it. Which is what I don't want to happen.
What access control module? This could be the source of the issue.
Cheers,
Bill
On Sep 26, 2009, at 7:46 AM, Bill Fitzgerald wrote:
What access control module? This could be the source of the issue.
Sorry, not Access Control but Content Access. 6.x-1.2.
However, the behavior preceded the installation of said module.
Yep, you're right. Someone else (who preceded me on this project) installed Nodeaccess. That was overriding all my permissions. Wow, that was easier to find after eight hours of sleep than it was after fourteen hours of work. Fancy that. =^)
Thank you!
Steve
-
Bill Fitzgerald -
Earnie Boyd -
Steven Scotten