[development] problems with permissions on node

Jamie Holly hovercrafter at earthlink.net
Wed Nov 18 16:32:12 UTC 2009 

Don't forget to add a $ before your is_author, or it will continue to 
fail on anyone without the "edit any nodetype" permission.

Jamie Holly
http://www.intoxination.net 
http://www.hollyit.net



Lluís wrote:
> After some research I found the error was not using "break;"; so after
> checking update permission, delete permission was taking the lead.
>
>     case 'update':
>       $output = user_access('edit own nodetype', $account) && is_author ||
>         user_access('edit any nodetype', $account);
>       if ($output) return TRUE;
>       break; //  <----------
>
>
> On Wed, Nov 18, 2009 at 3:52 PM, Ken Rickard <agentrickard at gmail.com> wrote:
> > node_access() is not proper here, since hook_access() is called within
> > the node_access() stack (so calling it again creates a loop).
> >
> > The problem may be security. Read the node_access() function and note
> > that there 4 separate return statements (3 FALSE and a TRUE) before
> > hook_access() is invoked.
> >
> > Typically, this is a filter access problem, as the node body may be
> > using a filter not accessible to the user trying to edit the node.
> >
> > - Ken
> >
> > On Wed, Nov 18, 2009 at 9:18 AM, Svein-Tore With
> > <Svein-Tore.With at telemed.no> wrote:
> >> I think you need to add a "$" sign in line 7
> >>
> >> Cheers,
> >> Svein-Tore With (username falcon)
> >>
> >>> function nodetype_access($op, $node, $account) {
> >>>   $is_author = $account->uid == $node->uid;
> >>>   switch ($op) {
> >>>     case 'create':
> >>>       return user_access('create nodetype', $account);
> >>>     case 'update':
> >>>       $output = user_access('edit own nodetype', $account) && [HERE]is_author ||
> >>>         user_access('edit any nodetype', $account);
> >>>       if ($output) return TRUE;
> >>>     case 'delete':
> >>>       return user_access('delete own nodetype', $account) && $is_author ||
> >>>         user_access('delete any nodetype', $account);
> >>>   }
> >>> }
> >>
> >>
> >
> >
> >
> > --
> > Ken Rickard
> > agentrickard at gmail.com
> > http://ken.therickards.com
> >
>
>
>
>

More information about the development mailing list