Access to Janode is possible, although it is restricted by taxonomy access control.

Comments

AjK’s picture

AjK commented
Status: Active » Postponed (maintainer needs more info)

janode itself doesn't perform any direct access to the {node} table and therefore doesn't "wrap" any query statements in db_rewrite_sql(). It leaves access control to Drupal.

Can you provide more details (ie how to reproduce, etc).

richie’s picture

richie commented

Make a linknode (Janode) and assign it to 2 categories (taxonomy terms), one accessible for everyone and one restricted by taxonomy access control (show and list) for authenticated users only. This linknode will be not listed or shown in the public category listing for anonymous users, it's ok. Then access the linknode by its node number (node/n) as anonymous user. You'll see the node altough you shoud not.

Compare your hook_access implementation with those in node.module. It would be nice, if you could fix it. Thank you.

AjK’s picture

AjK commented
Status: Postponed (maintainer needs more info) » Needs review

Fixed in DRUPAL-5 and DRUPAL-4-7 by

http://drupal.org/cvs?commit=58708 and http://drupal.org/cvs?commit=58709

Please test and report back. If this solved it for you I will do a release and close this issue.

Thx, AjK

richie’s picture

richie commented

Bingo! Yes, it works as expected, now. Thank you very much.

AjK’s picture

AjK commented
Status: Needs review » Fixed
Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)