[development] Table node_access: Deleting rows filled with 0s for all 3 grants.

Keve kevex at pro.hu
Mon Mar 20 08:52:28 UTC 2006


Thanks for your comment.

Dave Cohen wrote:

>Keve,
>
>My understanding is that you should not write the rows which grant nothing, as 
>you state.  Regarding writing at least one row per node, even if it grants 
>nothing, I'm not sure.  If you find that useful for checking integrity then I 
>don't see it doing harm.
>  
>
I would like to write at least one line per node to be able to check 
integrity later.

I can think of one case:
It can happen, that admin disables the module at admin/modules page 
without deactivating it at TAC settings page.
Then admin enables module again. BUT while it was disabled, some new 
nodes could be added which does not appear in table node_access. To 
catch this kind of error and nid, it would be useful to write at least 
one line per node.

>What is the expected behavior when a node has no grants in the node_access 
>table?  I think either:
>
>a) noone is allowed to view that node.  Or,
>
>b) another module might write an entry to the node_access table.  That is, the 
>user has two access control modules installed.
>
>  
>
I know these could happen very rarely. So that adding at least one line 
per node to table node_access would not make the table much more robust.
What do you think?

Regards,
Keve

>On Saturday 18 March 2006 06:24 am, Keve wrote:
>  
>
>>Concerning taxonomy_access, there is an idea to remove (and not generate)
>>those lines in table 'node_access' where all three types of grants are
>>0.(grant_view = 0 and grant_upadet = 0 and grant_delete = 0). Because
>>actually only records which grants some permission affect node_access()
>>behaviour.
>>    
>>


More information about the development mailing list