Let me start off by saying I'm new to views2 and views_attach, so it's quite possible that I've just missed the proper way to configure something.

What I've done is add 2 node_content displays to a content type. The first view display is set to only allow access for anonymous, the second for authenticated users. Right now it looks like both get executed and rendered on the node page.

I did some digging, and I couldn't find a check against a user's roles anywhere, that views_attach isn't checking for this before executing and rendering. Is it as simple as if ($view->access($info['display'])) { ... } in views_attach_nodeapi()?

Thanks for any help!

CommentFileSizeAuthor
#5 myviewexportedhidden.txt17.61 KBiantresman
#2 496838_views_attach_access.patch1.27 KBkscheirer

Comments

kscheirer’s picture

kscheirer
Primary language English
Location Vallejo
commented
Status: Active » Closed (works as designed)

ok, In my testing when logged in as an anonymous user, I was still seeing node_attach displays that should have been assigned to authenticated roles. So I ended up with doubles - the display for an anonymous user as well as the display for an authenticated user.

adding a if ($view->access($info['display'])) { ... } in views_attach_nodeapi() did the trick for me - users without the right access permissions are denied.

kscheirer’s picture

kscheirer
Primary language English
Location Vallejo
commented
Status: Closed (works as designed) » Needs review
StatusFileSize
new 496838_views_attach_access.patch1.27 KB

this worked for me, not at all sure if this is the right place to call an access() check though.

eaton’s picture

eaton commented
Status: Needs review » Fixed

Committed, and also added the same code for the user/profile attachments. Thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

iantresman’s picture

iantresman commented
Status: Closed (fixed) » Active
StatusFileSize
new myviewexportedhidden.txt17.61 KB

I seem to have this exact same problem, though I am using Views 6.x-2.12 with Views Attach 6.x-2.2 (which seems to have the access code check added).

I have one View which has Access set to "Unrestricted", and the other View has Access set to a specific Role. But when I view my node as an anonymous user, both Views are shown. I can't see that I'm doing anything wrong. The node has no restrictions.

kscheirer’s picture

kscheirer
Primary language English
Location Vallejo
commented

are you logged in as user 1? or have the permission "access all views"? I could be wrong on the name of that permission, but there is one that will show you all views regardless of the access settings.

iantresman’s picture

iantresman commented

Doh! It was the "Access all views" in permissions that I had set for all roles, assuming it was required to see Views. It's not, and now all fixed. Many thanks.

kscheirer’s picture

kscheirer
Primary language English
Location Vallejo
commented
Status: Active » Closed (fixed)