[development] OG User Roles: user_access / node add / $user->roles

Ron Parker sysop at scbbs.com
Tue May 15 18:56:36 UTC 2007

A few weeks back I floated my og user roles module  idea on this list as 
instructed by CVS Admin.  This module (http://drupal.org/node/87679) is 
designed to assign roles to OG group members that are specific to the 
groups they are in.  The problem was that I had to patch the core 
user.module in order to get it to work.

After a couple of suggestions, I decided to formulate a proposal for a 
Drupal hook.  What I thought made the most sense was either a 
user_access hook or a $user->roles hook because what I wanted to do was 
add roles to the site wide roles returned by $user->roles.  user_access 
(which returns permissions allowed according to roles) is called by 
node_access which is what determines access on a node/add.

I recently proposed a $user->roles hook (http://drupal.org/node/143393), 
and someone pointed out that I could accomplish the same thing by using 
the existing hook_user "load" operation.  They were right.  I modified 
my module to add the appropriate roles to the user object using 
hook_user "load" and in testing, it appears that $user->roles now 
returns the OG group as well as the site wide roles when a user is in a 

However, on a group node add, for example, 
http://www.mysite.com/node/add/link?gids[]=29, my user gets an "Access 
denied" error.  I wrote a little debug program that writes out the 
values returned by my hook_user "load" addition, and every time it's 
called it returns the correct values.

node_access would be the access control for a group node add.  I have 
examined the code closely, and this is the only code that would be 
executed on a node "create":

  // Can't use node_invoke(), because the access hook takes the $op 
  // before the $node parameter.
  $module = node_get_types('module', $node);
  if ($module == 'node') {
    $module = 'node_content'; // Avoid function name collisions.
  $access = module_invoke($module, 'access', $op, $node);
  if (!is_null($access)) {
    return $access;

This code would then call "node_content_access" (hook_access for node), 
which would use "user_access" (thus calling global $user, thus invoking 
my modification) to determine access.

So, I'm at a complete loss as to why I would get an "Access denied" 
error for a group role.  I need some help!

The only thing I have noticed which seems to give me a clue is that when 
I load the "devel" module and give users access, everything works.  But, 
I can't figure out what the devel module is doing that would cause this.

Any hint, clue or anything would be appreciated.  Thanks!


Ron Parker
Software Creations               http://www.scbbs.com
Self-Administration Web Site     http://saw.scbbs.com
SDSS Subscription Mgmt Service   http://sdss.scbbs.com
Central Ave Dance Ensemble       http://www.centralavedance.com
R & B Salsa                      http://www.randbsalsa.com

More information about the development mailing list