Apologies for asking a question about a seemingly trivial task, but I have been trying to get this to work and I'm not sure what to try next.

What I'm trying to do: I would like to restrict 'view' access of nodes to the author of the node, with the option for the author to grant 'view' access to other users.

What I have done:

  1. Installed both 'Node access user reference' and 'References' modules.
  2. Enabled 'References', 'User Reference', and 'Node access user reference'.
  3. Rebuilt permissions
  4. For the specific content type (let's call it Private Content) where I want to restrict 'view' access to the author, I added a field called 'share', with field type 'User reference' and widget 'autocomplete text field' and hit save/next
  5. In the settings for this field in the 'NODE ACCESS USER REFERENCE' section, I have selected the following settings
    • Grants for referenced users: View
    • Grants for author: view, update, delete
    • Grants for all users:(view not selected)
    • When to set grants:always
  6. Rebuilt permissions

Shouldn't this restrict access to nodes of this Private content type to the author of the node? What am I missing? All test users can still view all Private nodes, even if they are not the author of the node.

Of potential importance: when I save changes to the Private Content content type Share field, I get the following error: Notice: Undefined index: args in _user_reference_view_settings_validate() (line 169 of [mysite's-local-path]\sites\all\modules\references\user_reference\user_reference.module). I see the following conversations about this error but none seem to be a fix for my overall problem:

Comments

danielb’s picture

danielb commented

The last bit you said about "of potential importance" etc... doesn't seem to have anything to do with this module.

Do me a favour and try to grant a referenced user the access to the node (as in... choose a user in the user reference field, and save the node). Does that then block all other users? If so, then I know what to do to fix it (the 'always' config option is new).

kbrinner’s picture

kbrinner
she/her
Location San Diego
commented

Thanks Daniel - I just included the of potential importance in case.

I used the user-reference field in the content type to grant access to another user to the node, and the node is now 'private' to only the author and the user who was given access, so that works. Seems like the 'always' config option isn't working correctly. Should have thought to try this first to give you more information!

Let me know if you want me to try anything else out - thanks for the great module.

danielb’s picture

danielb commented
Title: Unable to restrict 'view' permission of a node to the author of the node » The 'always' config option isn't working correctly
Version: 7.x-3.5 » 7.x-3.x-dev
Component: Documentation » Code
Category: support » bug
Status: Active » Needs review

I've committed a potential fix for this. It will appear in the next dev snapshot (check the date, it should be after this post). That should solve the problem, you might need to resave the relevant nodes or rebuild the content access permissions.

danielb’s picture

danielb commented
Status: Needs review » Fixed
kbrinner’s picture

kbrinner
she/her
Location San Diego
commented

Assuming 7.x-3.x-dev (dated 6/26/11) is the updated module. I did the following:

  1. updated to this version
  2. rebuilt content access permissions (was prompted to do this when I changed a setting in the 'privacy' field I am setting up)
  3. updated Drupal core to 7.2 (since there was a security update)
  4. ran update.php
  5. cleared cache 3 times (just to be on the safe side)

It doesn't appear to be making this content 'private' to only those users who either authored the content or are user-referenced within the content. This is still true when I select a user to 'share' the content - all other users can stlil view it. The settings for this field make it look like the content should be private, but it just doesn't seem to be working that way.

danielb’s picture

danielb commented
Status: Fixed » Active
danielb’s picture

danielb commented

So... what you're saying is nothing in this module works at all now?? Even the stuff that previously worked as you stated in #2 ?
Have you got any feedback from Devel Node Access?

kbrinner’s picture

kbrinner
she/her
Location San Diego
commented

Hi Daniel,
Sorry to give you a heart attack - I explained that very incorrectly. Currently the nodes are private to only the author and userreferenced user when a user is selected to 'share' the node, but if no users are selected to 'share' the node, the node is public to everyone, even when the 'When to set grants' option is set to 'Always'. It appears that the module is working the same way it was working before I updated the module.

danielb’s picture

danielb commented

Oh yeah the if statements are still messed up logically.... sorry bout that

danielb’s picture

danielb commented

I've updated the files again.

danielb’s picture

danielb commented
Status: Active » Needs review
kbrinner’s picture

kbrinner
she/her
Location San Diego
commented

Updated to the latest version of 7.x-3.x-dev, ran update.php (no updates pending), cleared cache several times, went into the content type that I want to make private and made a change to the 'Views - Nodes to Affect' settings so the permissions had to be rebuilt. It now is working! Thanks for your help.

danielb’s picture

danielb commented
Status: Needs review » Fixed

sweet

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.