Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When a user with only permission to create limited node types goes to example.com/node/add, he is shown a list of all node types rather than just the ones he can create.
In the navigation block however, he can only see those types of nodes he can create. Sorry that came out kind of broken, but it's tough to describe. Basically, limited-permission users are given too many unusable options at /node/add
Comment | File | Size | Author |
---|---|---|---|
#1 | node_add.patch | 815 bytes | DriesK |
Comments
Comment #1
DriesK CreditAttribution: DriesK commentedThis is a bug that has been bothering me since long. However, the problem that you describe _only_ happens if the user has the 'administer nodes' permission (if you don't grant 'administer nodes' to the user's role, the page displays as expected).
The reason is the use of node_access(), which first checks 'administer nodes' (and returns TRUE) before checking any other permissions through hook_access. The attached patch calls hook_access() in node_add() instead of node_access().
Comment #2
morisy CreditAttribution: morisy commentedThanks! That's more a dumb mistake on my part than a bug, then ... but you're right, that is kind of annoying. Thanks for the patch.
Comment #3
simon rawson CreditAttribution: simon rawson commented+1 for this patch from me
it still applies to latest CVS.
Comment #4
JonBob CreditAttribution: JonBob commentedWorks like a charm for me.
Comment #5
moshe weitzman CreditAttribution: moshe weitzman commentedthis bug is obiovus on scratch.drupal.org if you aren't uid=1 :)
Comment #6
Dries CreditAttribution: Dries commentedCommitted. Thanks.
Comment #7
(not verified) CreditAttribution: commented