http://api.drupal.org/api/function/node_access_write_grants says
Modules which utilize node_access can use this function when doing mass updates due to widespread permission changes.
So, apparently, node_access_write_grants() may be called by contrib modules, right?
However, if grants are collected by node_access_acquire_grants() (for example from node_access_rebuild()), then node_access_acquire_grants() calls node_access_write_grants() only for the grants with the highest priority. No other grants are written.
This means, modules that call node_access_write_grants() directly, may write grants that would not be written during a node_access_rebuild(), and we get an inconsistent {node_access} table.
Do we have a problem here, or what am I missing?
Comment | File | Size | Author |
---|---|---|---|
#13 | node_access_write_grants-rename.237634.13.patch | 2.2 KB | salvis |
Comments
Comment #1
ainigma32 CreditAttribution: ainigma32 commentedGood question! I couldn't say without diving into it but maybe someone with a bit more Drupal mileage would like to comment?
- Arie
Comment #2
salvisActually, that was a rhetorical question. We do have a problem with modules calling node_access_write_grants() directly.
I just don't know what to do about it. Forbid calling that function? Turn it into a NOP (no operation) and risk breaking node access modules that may seem to work correctly in simple scenarios (only one NA module)?
Change node_access_write_grants() so that it ignores the grants that are passed in and does a node_access_acquire_grants() instead?
Who has the authority to decide how to pursue this?
Comment #3
ainigma32 CreditAttribution: ainigma32 commentedI'm going to assume that wasn't rhetorical ;-)
AFAIK anyone can write a patch and present it to the community. The patch is then reviewed and tested by the community.
The final decision to commit a patch to core is the branche maintainer. For 7.x that would be webchick aka Angie Byron for 6.x I think it's Gabor Hojtsy (but I'm not sure about that)
So you could write a patch implementing this part of the API the way you think it should be done. If enough people agree with you it might make it into 7.x and then - if needed - you can back port to 6.x .
Before writing a patch I would suggest you state your case on IRC and/or the developers mailing list. They may have a solution to your problem you haven't thought of (yet)
Good luck!
- Arie
Comment #4
ainigma32 CreditAttribution: ainigma32 commented@salvis: any luck on IRC or the mailing list(s) ?
- Arie
Comment #5
salvisNot yet, but I'm working on it...
The API documentation is ambiguous:
http://api.drupal.org/api/function/node_access_acquire_grants/6
"This function is the only function that should write to the node_access table."
http://api.drupal.org/api/function/node_access_write_grants/6
"Modules which utilize node_access can use this function when doing mass updates due to widespread permission changes."
I think node_access_write_grants() should really be _node_access_write_grants(), i.e. private.
Comment #6
ainigma32 CreditAttribution: ainigma32 commented@salvis: Sorry to keep nagging you ;-) Did you manage to make any progress?
- Arie
Comment #7
salvis@ainigma32: I've updated the D6 versions of my node access modules (Forum Access and Image Gallery Access) to not use node_access_write_grants() anymore. This comes at a price: Updating FA or IGA settings requires iterating over all nodes in the forum or gallery, and this can be done safely only using the batch system.
I don't know whether other NA modules still use node_access_write_grants(). I do know that some use node_access_acquire_grants() without the batch system, and this may time out, resulting in inconsistent node access data...
Comment #8
dpearcefl CreditAttribution: dpearcefl commentedIs this still an issue in modern Drupal?
Comment #9
salvisYes, certainly.
Comment #10
dpearcefl CreditAttribution: dpearcefl commentedCould you please state how to recreate the problem? Have you tried to duplicate this problem in Drupal 7 or 8?
Please help me understand how this is a problem. If you can state a chain of events, the expected result and the actual result, maybe we can help.
Comment #11
salvisThe problem is that the module writing its grants with nawg() will always get them written. However, when rebuilding permissions, core will collect grants from all NA modules via naag() and only the ones with the highest priority win. This may result in different data and thus in unreliable node access. Very very bad!
Comment #12
dpearcefl CreditAttribution: dpearcefl commentedI agree. However, unless someone can write a patch to fix this problem, likely nothing will happen to this issue.
Have you tried to see if this condition exists in D7?
Comment #13
salvisOk, here's a patch for D8.
Comment #14
dpearcefl CreditAttribution: dpearcefl commentedThanks for the patch!
Comment #15
catchMakes lots of sense but not actually a functional bug.
While we can't commit the API change to D7, we could document this as deprecated there so tagging for backport (for documentation only).
Comment #16
webchickYikes, yeah this is spooky. :\
Committed and pushed #13 to 8.x, and the documentation in #13 to 7.x. Thanks!
This change needs to be documented in the 8.x to 7.x module upgrade guide: http://drupal.org/node/1152742
Comment #17
Tor Arne Thune CreditAttribution: Tor Arne Thune commentedMade an initial addition to the 7.x to 8.x module upgrade guide, but it probably needs a rewrite from a more technical person. The explanation is basically the one from #11.
Comment #18
catchThat looks fine to me, the documentation only really needs to say "we renamed it, don't use it, use this other function you should've been using all the time anyway", and it does that well.
Comment #19
salvisThanks! 1V already added the upgrade guide entry.
(Our messages crossed.)
Comment #20
tstoecklerThe documentation part that was committed was a bit weird. The documentation now reads (in both D7 and D8):
It seems like the former sentence should be removed or at least reworded.
Marking normal so it doesn't mess up the major threshold.
Comment #21
webchickLOL.
Sorry, my bad. I clearly should not commit my own half-baked patches. :P~
Comment #22
xjm(Merging "node system" and "node.module" components for 8.x; disregard.)