Hello,
I want to restrict access to anonymous users and specific user roles for a content section of the site. I used this methodology:
Tag the restricted node with a term. Using the taxonomy access control module, I deny all permissions for the anonymous user and for content tagged with the specific term. However, the anonymous user can still see the node. The node is tagged with this term only. Shouldn't this procedure normally work and restrict access to anonymous users?
Thanks.
On 10/7/07, Vasileios Lourdas lourdas_v@yahoo.gr wrote:
Hello,
I want to restrict access to anonymous users and specific user roles for a content section of the site. I used this methodology:
Tag the restricted node with a term. Using the taxonomy access control module, I deny all permissions for the anonymous user and for content tagged with the specific term. However, the anonymous user can still see the node. The node is tagged with this term only. Shouldn't this procedure normally work and restrict access to anonymous users?
Generally yes. Except if:
- Another access control module grants "view" access to anonymous users, not necessarily by category but possibly by something else (by content type, by individual node, by og subscriber group etc.
- Permissions have been messed up, in which case the "Rebuild Permissions" button in /admin/content/node-settings (if it exists) could help.
- TAC has a bug. Exactly which version is it?
Thanks.
# Vasileios Lourdas, # Informatics Engineer, Thessaloniki (Greece)
# http://www.lourdas.name
[ Drupal support list | http://lists.drupal.org/ ]
On Monday 08 October 2007 07:51:20 Cog Rusty wrote:
- Another access control module grants "view" access to anonymous
users, not necessarily by category but possibly by something else (by content type, by individual node, by og subscriber group etc.
- Permissions have been messed up, in which case the "Rebuild
Permissions" button in /admin/content/node-settings (if it exists) could help.
Hmm... Could not find any button under this setting. I will look somewhere else.
- TAC has a bug. Exactly which version is it?
The latest stable, 1.1. What kind of bug are you talking about?
Thanks for your reply.
On 10/8/07, Vasileios Lourdas lourdas_v@yahoo.gr wrote:
On Monday 08 October 2007 07:51:20 Cog Rusty wrote:
- Another access control module grants "view" access to anonymous
users, not necessarily by category but possibly by something else (by content type, by individual node, by og subscriber group etc.
- Permissions have been messed up, in which case the "Rebuild
Permissions" button in /admin/content/node-settings (if it exists) could help.
Hmm... Could not find any button under this setting. I will look somewhere else.
That button appears only under some conditions. Not sure what they are.
- TAC has a bug. Exactly which version is it?
The latest stable, 1.1. What kind of bug are you talking about?
No idea. This was one of the 3 "if"s
Something else you can check is the 'node_access' table. Take one specific node which displays the problem, and get all the rows with that nid. Then check the 'realm' column to find out which module grants "view" access to whom. TACs 'realm' is "term_access" and its 'gid' column uses role IDs. Other modules have other realms (for example "og"), and their 'gid' may mean something else (for example an og group).
Or check these same things using the devel module.
Thanks for your reply.
# Vasileios Lourdas, # Informatics Engineer, Thessaloniki (Greece)
# http://www.lourdas.name
[ Drupal support list | http://lists.drupal.org/ ]
On Monday 08 October 2007 08:25:16 Cog Rusty wrote:
Something else you can check is the 'node_access' table. Take one specific node which displays the problem, and get all the rows with that nid. Then check the 'realm' column to find out which module grants "view" access to whom. TACs 'realm' is "term_access" and its 'gid' column uses role IDs. Other modules have other realms (for example "og"), and their 'gid' may mean something else (for example an og group).
All tables rows have these data (x is the node id): x | 1 | 0 | all | 1 | 0 | 0 |
Hm...
On 10/8/07, Vasileios Lourdas lourdas_v@yahoo.gr wrote:
On Monday 08 October 2007 08:25:16 Cog Rusty wrote:
Something else you can check is the 'node_access' table. Take one specific node which displays the problem, and get all the rows with that nid. Then check the 'realm' column to find out which module grants "view" access to whom. TACs 'realm' is "term_access" and its 'gid' column uses role IDs. Other modules have other realms (for example "og"), and their 'gid' may mean something else (for example an og group).
All tables rows have these data (x is the node id): x | 1 | 0 | all | 1 | 0 | 0 | Hm...
The columns should be only 6. But it is strange. If there is no other realm except "all" then TAC doesn't do anything at all...
I would disable and then uninstall TAC. Then I would empty the node_access table and I would insert only a single row with nid=0, like 'system.install' does in a fresh installation.
db_query("INSERT INTO {node_access} VALUES (0, 0, 'all', 1, 0, 0)");
Then I would start over, reinstalling TAC and trying again.
I am not sure what is going on with TAC these days. Rel.1.1 is 4 months old. I checked the issues pages and there was one issue a couple of months ago (http://drupal.org/node/168748) where keve replied "Module has been totally rewritten, please try to use 5.x-2.x-dev version."
This uncertainty is a bit sad, because TAC has been a pioneer module. It made things possible which couldn't be done until much later by specialized modules.
-- # Vasileios Lourdas, # Informatics Engineer, Thessaloniki (Greece)
# http://www.lourdas.name
[ Drupal support list | http://lists.drupal.org/ ]
On Monday 08 October 2007 10:03:14 Cog Rusty wrote:
I am not sure what is going on with TAC these days. Rel.1.1 is 4 months old. I checked the issues pages and there was one issue a couple of months ago (http://drupal.org/node/168748) where keve replied "Module has been totally rewritten, please try to use 5.x-2.x-dev version."
This uncertainty is a bit sad, because TAC has been a pioneer module. It made things possible which couldn't be done until much later by specialized modules.
Cog, thanks for your suggestions.
The problem lies in the phpfreechat module (a php/ajax chat solution). I created a new content type (chat) and a new vocabulary with the term chat. I created a new chat node and assigned the tag term for it. Using taxonomy access control, I revoked all permissions from the anonymous user for the chat term. However, the anonymous user can still see the body of the node (but not the chat iframe). So, practically, access is denied for the anonymous user. But for other vocabulary terms, if I revoke all permissions, the anonymous user is not able to find the page, I get a page not found error. If i grant the view permission (and deny all in the other permissions, update, delete, create, but enable listing), the anonymous user can see all nodes tagged with those terms. So, I guess TAC works right here.
It's strange that I don't have the same behaviour for the chat content type.
-
Cog Rusty -
Vasileios Lourdas