[development] OG User Roles: user_access / node add / $user->roles

Ron Parker sysop at scbbs.com
Mon May 21 22:39:57 UTC 2007 

Thanks so much for the reply.  Here's what I tried in hook_init:

function og_user_roles_init ()
{
    global $user;
    $roles = og_user_roles_all_roles($user); // This returns normal 
$user->roles and includes OG roles if any
    $user->roles = $roles;
    $displayRoles = implode(",", $roles);
    if ($user->uid) watchdog('og_user_roles', 'user roles = ' . 
$displayRoles); // Show this in log if it hits.
}

Here's what I tried in hook_user:

    // Add the group roles to $user->roles if this is a group
    // This should only be effective until the next global $user call
    if ($op == "load") {
        $roles = og_user_roles_all_roles($user); // This returns normal 
$user->roles and includes OG roles if any
        $user->roles = $roles;
    } // end $op load

I looked at the watchdog and my own debug file, and the correct roles 
are being returned each and every time. 

My guess is that $user->roles is doing what it should, but there is 
something else happening in the node/add
(http://www.mysite.com/ node/add/link?gids[]=29) process that doesn't 
depend upon $user->roles that is causing the access denied error.

Again, any clues would be much appreciated.

-ron

David Metzler wrote:

> I've run into similar problems with using user_load to alter  
> user_data.  User_load doesn't fire as often as you might think it  
> does due to some caching strategies.   To prove this, place a  
> drupal_set_message call in your user_load trap and see when it  
> fires.  It may not be firing on the page where you're getting the  
> access denied errors.
>
> To solve my problem I had to move user alteration into the init hook.
>
> It may be that there's core bug here, but I haven't yet tracked it  
> down since the init hook solved my problem.
>
> I never did find out why user_load wasn't firing.
> On May 15, 2007, at 11:56 AM, Ron Parker wrote:
>
>> A few weeks back I floated my og user roles module  idea on this  
>> list as instructed by CVS Admin.  This module (http://drupal.org/ 
>> node/87679) is designed to assign roles to OG group members that  are 
>> specific to the groups they are in.  The problem was that I had  to 
>> patch the core user.module in order to get it to work.
>>
>> After a couple of suggestions, I decided to formulate a proposal  for 
>> a Drupal hook.  What I thought made the most sense was either a  
>> user_access hook or a $user->roles hook because what I wanted to do  
>> was add roles to the site wide roles returned by $user->roles.   
>> user_access (which returns permissions allowed according to roles)  
>> is called by node_access which is what determines access on a node/ add.
>>
>> I recently proposed a $user->roles hook (http://drupal.org/node/ 
>> 143393), and someone pointed out that I could accomplish the same  
>> thing by using the existing hook_user "load" operation.  They were  
>> right.  I modified my module to add the appropriate roles to the  
>> user object using hook_user "load" and in testing, it appears that  
>> $user->roles now returns the OG group as well as the site wide  roles 
>> when a user is in a group.
>>
>> However, on a group node add, for example, http://www.mysite.com/ 
>> node/add/link?gids[]=29, my user gets an "Access denied" error.  I  
>> wrote a little debug program that writes out the values returned by  
>> my hook_user "load" addition, and every time it's called it returns  
>> the correct values.
>>
>> node_access would be the access control for a group node add.  I  
>> have examined the code closely, and this is the only code that  would 
>> be executed on a node "create":
>>
>>  // Can't use node_invoke(), because the access hook takes the $op  
>> parameter
>>  // before the $node parameter.
>>  $module = node_get_types('module', $node);
>>  if ($module == 'node') {
>>    $module = 'node_content'; // Avoid function name collisions.
>>  }
>>  $access = module_invoke($module, 'access', $op, $node);
>>  if (!is_null($access)) {
>>    return $access;
>>  }
>>
>> This code would then call "node_content_access" (hook_access for  
>> node), which would use "user_access" (thus calling global $user,  
>> thus invoking my modification) to determine access.
>>
>> So, I'm at a complete loss as to why I would get an "Access denied"  
>> error for a group role.  I need some help!
>>
>> The only thing I have noticed which seems to give me a clue is that  
>> when I load the "devel" module and give users access, everything  
>> works.  But, I can't figure out what the devel module is doing that  
>> would cause this.
>>
>> Any hint, clue or anything would be appreciated.  Thanks!
>>
>> -ron
>>
>> -- 
>> Ron Parker
>> Software Creations               http://www.scbbs.com
>> Self-Administration Web Site     http://saw.scbbs.com
>> SDSS Subscription Mgmt Service   http://sdss.scbbs.com
>> Central Ave Dance Ensemble       http://www.centralavedance.com
>> R & B Salsa                      http://www.randbsalsa.com
>>
>
>
> __________ NOD32 2277 (20070518) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>


-- 
Ron Parker
Software Creations               http://www.scbbs.com
Self-Administration Web Site     http://saw.scbbs.com
SDSS Subscription Mgmt Service   http://sdss.scbbs.com
Central Ave Dance Ensemble       http://www.centralavedance.com
R & B Salsa                      http://www.randbsalsa.com

More information about the development mailing list