Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Only the root (uid=1) user can publish using the blogapi. Every other user I've tried gets this error:
You do not have permission to create the type of post you wanted to create
same error in ecto, w.bloggar and performancing.
Error occurs with different node types (eg. blog entry, story).
I've made sure the users have the following permissions:
edit own blog
create stories
edit own stories
In blogapi.module, the pertinent block seems to be line 222:
if (!node_access('create', $node)) {
return blogapi_error(t('You do not have permission to create the type of post you wanted to create.'));
}
What does node_access('create', $node)
mean?
Comment | File | Size | Author |
---|---|---|---|
#11 | 56016.patch.txt | 582 bytes | dopry |
#4 | 56016.patch | 610 bytes | samc |
Comments
Comment #1
samc CreditAttribution: samc commentedHmmm. I've been using w.bloggar pretty regularly without seeing this problem, but I may be on a slightly different version.
Have you enabled the node types on the blogapi settings page? Are you using MovableType for the XML-RPC engine?
The node_access function is described here: http://api.drupal.org/api/HEAD/function/node_access.
Comment #2
smokey-1 CreditAttribution: smokey-1 commentedI haven't tried blogapi.module on any other drupal version (only 4.7-beta6), so I guess I'll try it a different version.
And yes, I have the content types selected on the blogapi configuration page. I thought it might have just been a blog entry problem, so I tried the other content types... no luck.
On the plus side, when I enable the other content types on the blogapi config page, I can see the different "blogs" from the external client. Incidentally, the other functions seem to be working fine -- ie. from the weblog client, I can see previous posts, different content types as separate "blogs". Just fails when posting as a non-root user.
I'll test it on a 4.6 installation.
Comment #3
smokey-1 CreditAttribution: smokey-1 commentedAre you using MovableType for the XML-RPC engine?
BTW, I've read about this requirement somewhere else on the internet.... What's the reasoning behind this requirement? (Is there already a page/thread about this somewhere you can point me to?)
Thanks!
Comment #4
samc CreditAttribution: samc commentedOk. I've created a fresh install and confirmed this issue on HEAD. Turns out there is a bug in line 222 that is not seen if the user in question has "administer nodes" permission. (Which is why I hadn't seen it before.)
should read
I've attached a patch and updated the issue status accordingly.
Note that once you get past here, you'll likely run into this issue (#53834), caused by a bug in the same code. If you do, there's a patch to apply. (If you don't, let me know!)
Comment #5
smokey-1 CreditAttribution: smokey-1 commentedWorks beautifully!
Thanks Sam!
Comment #6
smokey-1 CreditAttribution: smokey-1 commentedBTW... No, I don't see this error.
Comment #7
merlinofchaos CreditAttribution: merlinofchaos commentedNot sure about #53834, but this is obviously a bug now that it's pointed out. And this is an obvious fix.
Comment #8
merlinofchaos CreditAttribution: merlinofchaos commentedActually killes points out to me that node_access('create',) takes a different parameter, and this may not be RTBC.
Comment #9
scroogie CreditAttribution: scroogie commentedWhat different parameter?
Imho it takes a string, an array of nodes or a single node object. If the parameter is a string, its value is used as a type, if its an array, its values are used as node objects. If its an object, it is used as a node object.
Comment #10
dopry CreditAttribution: dopry commentednode_access expects the node type on op create, not a node array. Its only documented in hook_access though...
Comment #11
dopry CreditAttribution: dopry commentedWell here is an update version.. to make node_access happy....
Comment #12
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedapplied
Comment #13
samc CreditAttribution: samc commentedNot fully understanding the issue w/ the type. Is there an easy explanation?
Is the implication that the docs for node_access are incorrect?
Is the $node parameter in the function poorly named?
Comment #14
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedthe docs are quite right:
* @param $op
* The operation to be performed on the node. Possible values are:
* - "view"
* - "update"
* - "delete"
* - "create"
* @param $node
* The node object (or node array) on which the operation is to be performed,
* or node type (e.g. 'forum') for "create" operation.
Comment #15
(not verified) CreditAttribution: commented