Example_author author never checks if user is set/not anonymous, so the grant is granted to any anonymous users, which is not quite the expected thing in most situations.
Should add checks for if ($node->uid) and if ($account->uid)
#2011058: If no author, node_access_example_author grant allows all anonyomous traffic to edit/delete node examples module issue
Beta phase evaluation
Issue category | Bug because the example is a bit confusing/insecure |
---|---|
Unfrozen changes | Unfrozen because it only changes documentation to be better |
Comments
Comment #1
esbandeira CreditAttribution: esbandeira commentedI'll work on this.
Comment #2
esbandeira CreditAttribution: esbandeira commentedPlease review, I've perform the maintenance needed in this code.
Regards
Eduardo.
Comment #2.0
esbandeira CreditAttribution: esbandeira commentedadding link to examples module issue
Comment #3
GrimreaperHello,
I remade a patch because the previous one was no more appliyable.
Is there something to test in the interface ?
Is there something to change in the documentation blocks ?
Else I see no problem.
Comment #5
GrimreaperShould be good now.
Comment #6
hefox CreditAttribution: hefox commentedshould this be $account->id()?
not familiar with account->id(), just guessing.
Comment #7
GrimreaperHello,
I just review and rebase the previous patch.
If you tell me that $account->id() exists and it is better, ok no problem I will remake a patch.
You guess right, I was not familiar with its :)
Comment #8
GrimreaperUsing $account->id() and $node->getOwnerId().
I don't know what I had in mind when I said "If you tell me that $account->id() exists" in the previous comment.
It was already in the code... Shame on me.
Comment #9
joshi.rohit100Created new patch as last patch failed to apply.
Please review.
Comment #10
jhedstromComment #11
adci_contributor CreditAttribution: adci_contributor commentedTrying to reroll
Comment #12
Wim LeersComment #13
jhedstromThis looks good.
I've also added a beta phase evaluation to the issue summary.
Comment #14
alexpottCommitted 6a3b965 and pushed to 8.0.x. Thanks!
Thanks for adding the beta evaluation for to the issue summary.
Comment #16
David_Rothstein CreditAttribution: David_Rothstein commentedLooks relevant for Drupal 7, I think, especially since the Examples module issue this grew out of was also for Drupal 7.
Comment #17
adci_contributor CreditAttribution: adci_contributor commentedTrying to backport