Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
All users with 'access projects' permission can currently view any project release node.
project_release_access() needs to check $node->status for the 'view' case.
Comment | File | Size | Author |
---|---|---|---|
#1 | project_release_respect_unpublished.patch.txt | 834 bytes | dww |
Comments
Comment #1
dwwactually, no. directly looking at node->status is the job of
node_access()
. ;) all we have to do is correctly return NULL if we're not sure if the user should see it or not.luckily,
project_project_access()
already gets this right, and we're just using the identical permission checks for the view case forproject_release_access()
. so, instead of duplicating the code, we just callproject_project_access()
directly, since it behaves exactly how we want. i think this is cleaner.(btw, this bug also exists in 4.7.x-2.x, so this patch should be backported).
Comment #2
dwwnow installed on s.d.o... seems to be working fine. however, please review/test as you see fit. ;)
thanks,
-derek
Comment #3
dwwafter confirmation from webernet in IRC, committed to HEAD and installed for real on s.d.o.
Comment #4
(not verified) CreditAttribution: commentedComment #5
dwwbackported to DRUPAL-4-7--2 before the 4.7.x-2.2 release.