Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I suspect that taxonomy_term_count_nodes function is not taking into account node_access when displaying counts for a certain term.
It displays a count that includes also nodes not accessible due to node_access restrictions.
This can generate some misundestadings, since other modules using this function could fail.
Matteo
Comment | File | Size | Author |
---|---|---|---|
#9 | taxonomy_term_count_450.patch | 1.3 KB | matteo |
#1 | taxonomy_term_count.patch | 1.33 KB | matteo |
Comments
Comment #1
matteo CreditAttribution: matteo commentedVerified and fixed wrong behaviour. Other modules could be affected if using taxonomy_termcount_nodes (for example, taxonomy_html).
Attached, you'll find the patch, which adds node_access_join_sql() and node_access_where_sql() to the query.
Matteo
Comment #2
moshe weitzman CreditAttribution: moshe weitzman commentedBeware of caching a result that is valid only for the current user. Honestly, I think we have to remove the caching on this function in order to not report incorrect counts.
Moving back ot Activge since the patch can't be committed as is.
Comment #3
matteo CreditAttribution: matteo commentedI understand, but it is confusing seeing count saying for example '4 nodes on this term' , but, when issuing a list, this list is empy, because these nodes are not visible to that user.
I tried running taxonomy_html with this patch on but, even if cache is enabled, it seems that results are not cached...
what is your proposal in general, in order to solve the problem, which occurs also in other modules (for example weblink) where all SQL selects must be rewritten in order to take care of node_access ??
Matteo
Comment #4
JonBob CreditAttribution: JonBob commentedAre you referring to the static variable? I don't think this is a problem, since such a "cache" only persists for the current PHP request, and thus for a single user. Only persistent database-backed caches should be an issue.
Comment #5
moshe weitzman CreditAttribution: moshe weitzman commentedoops - i withdraw my protest. setting this back to patch. a static variable only lasts for a given request.
Comment #6
matteo CreditAttribution: matteo commentedAny news on this fix ??
Has someone finished tests ? Can it be released ??
Matteo
Comment #7
Dries CreditAttribution: Dries commentedCommitted to HEAD and DRUPAL-4-5.
This needs to be tested but I'm afraid that joining against multiple node-level permission tables (or against a single node-level permission table with multiple entries per nid) skews the count unless you put a DISTINCT(nid) in these queries. Marking this active.
Comment #8
matteo CreditAttribution: matteo commentedYes, Dries, I just discovered the problem.
It absolutely needs to be fixed:
I specified DISTINCT(n.nid) in both queries:
And it seems working well.
Any other wants to test this fix ??
Matteo
Comment #9
matteo CreditAttribution: matteo commentedHere is the patch for 4.5.0, ready to be tested
Comment #10
Dries CreditAttribution: Dries commentedCommitted to HEAD and DRUPAL-4-5. Thanks matteo.
Comment #11
(not verified) CreditAttribution: commented