Index: modules/node/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.module,v
retrieving revision 1.1330
diff -u -p -r1.1330 node.module
--- modules/node/node.module	2 Dec 2010 23:58:21 -0000	1.1330
+++ modules/node/node.module	16 Dec 2010 16:43:24 -0000
@@ -3161,14 +3161,12 @@ function _node_query_node_access_alter($
     return;
   }
 
-  // Prevent duplicate records.
-  $query->distinct();
-
-  // Find all instances of the {node} table being joined -- could appear
-  // more than once in the query, and could be aliased. Join each one to
-  // the node_access table.
+  // Find all instances of the {node} table in the query -- could appear
+  // more than once in the query, and could be aliased. Add a subselect
+  // to each one to properly filter by node access rules.
 
   $tables = $query->getTables();
+
   $grants = node_access_grants($op, $account);
   if ($type == 'entity') {
     // The original query looked something like:
@@ -3192,18 +3190,12 @@ function _node_query_node_access_alter($
   }
   foreach ($tables as $nalias => $tableinfo) {
     $table = $tableinfo['table'];
-    if (!($table instanceof SelectQueryInterface) && $table == $base_table) {
-
-      // The node_access table has the access grants for any given node so JOIN
-      // it to the table containing the nid which can be either the node
-      // table or a field value table.
-      if ($type == 'node') {
-        $access_alias = $query->join('node_access', 'na', '%alias.nid = ' . $nalias . '.nid');
-      }
-      else {
-        $access_alias = $query->leftJoin('node_access', 'na', '%alias.nid = ' . $nalias . '.entity_id');
-        $base_alias = $nalias;
-      }
+    // Set a common alias for entities.
+    $base_alias = $nalias;
+    if (!($table instanceof SelectQueryInterface) && $base_table == 'node') {
+      // Set the subquery.
+      $subquery = db_select('node_access', 'na')
+       ->fields('na', array('nid'));
 
       $grant_conditions = db_or();
       // If any grant exists for the specified user, then user has access
@@ -3211,25 +3203,27 @@ function _node_query_node_access_alter($
       foreach ($grants as $realm => $gids) {
         foreach ($gids as $gid) {
           $grant_conditions->condition(db_and()
-            ->condition($access_alias . '.gid', $gid)
-            ->condition($access_alias . '.realm', $realm)
+            ->condition('na.gid', $gid)
+            ->condition('na.realm', $realm)
           );
         }
       }
 
+      // Attach conditions to the subquery.
       $count = count($grant_conditions->conditions());
       if ($type == 'node') {
         if ($count) {
-          $query->condition($grant_conditions);
+          $subquery->condition($grant_conditions);
         }
-        $query->condition($access_alias . '.grant_' . $op, 1, '>=');
+        $subquery->condition('na.grant_' . $op, 1, '>=');
       }
       else {
         if ($count) {
           $entity_conditions->condition($grant_conditions);
         }
-        $entity_conditions->condition($access_alias . '.grant_' . $op, 1, '>=');
+        $entity_conditions->condition('na.grant_' . $op, 1, '>=');
       }
+      $query->condition($nalias . '.nid', $subquery, 'IN');
     }
   }
 
@@ -3246,6 +3240,7 @@ function _node_query_node_access_alter($
     // Add the compiled set of rules to the query.
     $query->condition($or);
   }
+
 }
 
 /**