[development] problems with permissions on node
Ken Rickard
agentrickard at gmail.com
Wed Nov 18 14:52:55 UTC 2009
node_access() is not proper here, since hook_access() is called within
the node_access() stack (so calling it again creates a loop).
The problem may be security. Read the node_access() function and note
that there 4 separate return statements (3 FALSE and a TRUE) before
hook_access() is invoked.
Typically, this is a filter access problem, as the node body may be
using a filter not accessible to the user trying to edit the node.
- Ken
On Wed, Nov 18, 2009 at 9:18 AM, Svein-Tore With
<Svein-Tore.With at telemed.no> wrote:
> I think you need to add a "$" sign in line 7
>
> Cheers,
> Svein-Tore With (username falcon)
>
>> function nodetype_access($op, $node, $account) {
>> $is_author = $account->uid == $node->uid;
>> switch ($op) {
>> case 'create':
>> return user_access('create nodetype', $account);
>> case 'update':
>> $output = user_access('edit own nodetype', $account) && [HERE]is_author ||
>> user_access('edit any nodetype', $account);
>> if ($output) return TRUE;
>> case 'delete':
>> return user_access('delete own nodetype', $account) && $is_author ||
>> user_access('delete any nodetype', $account);
>> }
>> }
>
>
--
Ken Rickard
agentrickard at gmail.com
http://ken.therickards.com
More information about the development
mailing list