Needs to check that $node->uid or $author->uid is not blank in either/both grant hooks.

CommentFileSizeAuthor
#8 2011058-examples-node_access_author_grant-9.patch5.39 KBvlad.n
#8 2011058-examples-node_access_author_grant-8.patch3.79 KBvlad.n
#5 2011058-examples-node_access_author_grant-4.patch1.6 KBhefox
#3 2011058-examples-node_access_author_grant-2.patch1.53 KBhefox
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Mile23’s picture

Mile23
Primary language English
Location Seattle, WA
CreditAttribution: Mile23 commented

Thanks.

Have a patch?

hefox’s picture

hefox CreditAttribution: hefox commented

Not yet, corresponding core issue #2011066: example_author from hook_node_grants/hook_node_access_records grants all anon edit/delete to uid=0 nodes

hefox’s picture

hefox CreditAttribution: hefox commented
Status: Active » Needs review
FileSize
2011058-examples-node_access_author_grant-2.patch1.53 KB

Status: Needs review » Needs work

The last submitted patch, 2011058-examples-node_access_author_grant-2.patch, failed testing.

hefox’s picture

hefox CreditAttribution: hefox commented
Status: Needs work » Needs review
FileSize
2011058-examples-node_access_author_grant-4.patch1.6 KB
Mile23’s picture

Mile23
Primary language English
Location Seattle, WA
CreditAttribution: Mile23 commented

I'd wager that this lapse happened because there's no test of behavior for anonymous users.

Care to write one? :-)

Mile23’s picture

Mile23
Primary language English
Location Seattle, WA
CreditAttribution: Mile23 commented
Status: Needs review » Needs work
Issue tags: +Needs tests, +Novice

Just changing the status and tags.

And clarifying: The patch looks good, just needs a regression test. If anyone ever wanted to learn how to write a test, here's your chance. :-)

vlad.n’s picture

vlad.n CreditAttribution: vlad.n commented
Issue summary: View changes
FileSize
2011058-examples-node_access_author_grant-8.patch3.79 KB
2011058-examples-node_access_author_grant-9.patch5.39 KB

Added tests, verifying the access of an anonymous user to the private nodes with known or anonymous author. Testing the nodes that don't have an author was done using the nodes that were already made in the test and removing the author and moving back to the original auther after the test. I think that these test needs more refactoring.

vlad.n’s picture

vlad.n CreditAttribution: vlad.n commented
Status: Needs work » Needs review

The last submitted patch, 8: 2011058-examples-node_access_author_grant-8.patch, failed testing.

Mile23’s picture

Mile23
Primary language English
Location Seattle, WA
CreditAttribution: Mile23 commented

Great! Thanks hefox and vlad.n!

Committed: http://drupalcode.org/project/examples.git/commitdiff/b4960906e4384240c0...

Mile23’s picture

Mile23
Primary language English
Location Seattle, WA
CreditAttribution: Mile23 commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.