Module is working great. Love it.

On my installation, if I cycle through enabling/disabling the module the 'Anonymous user' and 'Authenticated user' are both removed from the 'role' table. This then means that no 'Anonymous user' can access content on the site, even if a new 'Anonymous user' is created through the GUI. Drupal expects an rid of 1, and a new 'Anonymous user' created with the GUI gets a random rid. And I do believe it expects 'Authenticated user' to have an rid of 2.

Perhaps the module needs to check for the existence of roles 1 & 2. Create them if needed. Change their rids if needed.

[code found here: http://api.drupal.org/api/function/system_install/6]


  // Sanity check to ensure the anonymous and authenticated role IDs are the 
  // same as the drupal defined constants. In certain situations, this will 
  // not be true
  if ($rid_anonymous != DRUPAL_ANONYMOUS_RID) {
    db_query("UPDATE {role} SET rid = %d WHERE rid = %d", DRUPAL_ANONYMOUS_RID, $rid_anonymous);
  }

  if ($rid_authenticated != DRUPAL_AUTHENTICATED_RID) {
    db_query("UPDATE {role} SET rid = %d WHERE rid = %d", DRUPAL_AUTHENTICATED_RID, $rid_authenticated);
  }

Sorry, I'm not quite up to the task.

cos

CommentFileSizeAuthor
#20 855608-delete.patch8.41 KBagentrickard
#19 855608-delete.patch5.86 KBagentrickard
#18 855608-delete.patch4.2 KBagentrickard
#17 855608-delete.patch4.25 KBagentrickard
#12 855608-delete.patch5.7 KBagentrickard
#11 855608-delete.patch5.14 KBagentrickard
#7 855608-delete.patch2.72 KBagentrickard
#6 855608-delete.patch2.82 KBagentrickard

Comments

cos’s picture

cos commented

Hmm. I guess that when it is disabled, the roles are blown up. So it wouldn't help if someone just disabled the module and never re-enabled it. Is there 'run this code upon disable' hook? That would work...

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

I don't understand.

cos’s picture

cos commented

On _my_ installation:

  1. Role rid 1 & 2 exist
  2. Install module
  3. Enable module (rid 1 & 2 still exist)
  4. Disable module
  5. Role rid 1 & 2 no longer exist
  6. Website will no longer accept visits from anonymous users
  7. Recreate the missing 'anonymous user' role using GUI
  8. Website still will not accept visits from anonymous users
  9. Use mysql to set the rid to 1 for 'anonymous user' role
  10. Website will now accept visits from anonymous users

Yeah, I figured you would never have experienced this. Probably _your_ installation works just mighty fine. That's why it's a 'bug'.

The way I solved my particular problem was by googling and finding the install script with the sanity check for anonymous user. For me it is no longer a 'problem' because I simply go in and tell mysql to add the users and change the rids.

But it took me hours to figure out. So to prevent another user from experiencing this, if there was a way to do a sanity check for the existence of the users with the correct rid when the module is disabled -- and fix it right then, why it could save someone else hours.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

I don't dispute it's a bug, I just needed a clearer explanation.

The solution is to alter secure_permissions_rebuild(), to ensure that it doesn't run when the module is disabled. This is a weakness in the D6 API which should not exist in the (native) D7 version.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

We should probably just put in a check to ensure that these two roles never get deleted.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Active » Needs review
StatusFileSize
new 855608-delete.patch2.82 KB

OK, this is a big problem, but it should be easily fixable. Looking at the code, it was never intended for the module to be disabled, which is just plain silly.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
StatusFileSize
new 855608-delete.patch2.72 KB

One of the sanity checks is in the wrong place.

cos’s picture

cos commented

Whoa!

Now I don't know what is going on.

It appears when I turn off other password modules, not just the secure permissions module, my rid 1&2 and all other roles get erased.

I'll check this out more...

cos’s picture

cos commented

No, that isn't happening. But I checked the secure permissions again.

  1. When I disable my 'secure permissions data' module - all roles above #2 get deleted (this is a pain, because it means you need to go reassign each user their roles [the rids all change when secure permissions rebuilds the roles from the data file])
  2. When I next disable my 'secure permissions' module - roles 1&2 get deleted
agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

#1 is expected behavior, though something we should probably remove.

#2 should not happen if you apply the patch. Did you?

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
StatusFileSize
new 855608-delete.patch5.14 KB

OK, dug into this some more, and there are issues with knowing when permissions are set in code. We can't rely on the role IDs, unfortunately, so we try to ensure that roles are never deleted when the data module is disabled.

This patch should correct the issue. Please apply and test. In this case, we totally disable loading from code if the data module is missing, which may not be necessary.

When reporting back, please note that you applied the patch.

See also #843120: Secure Permissions does not know that permissions have been exported, which makes export easier.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
StatusFileSize
new 855608-delete.patch5.7 KB

Removes a stray debug and fixes a logic error.

cos’s picture

cos commented

Works at my house.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Needs review » Reviewed & tested by the community
agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Reviewed & tested by the community » Fixed

Committed.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Version: 6.x-1.1 » 7.x-1.4
Status: Fixed » Patch (to be ported)

Needs a port to 7.x.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Patch (to be ported) » Needs review
StatusFileSize
new 855608-delete.patch4.25 KB

And the patch.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
StatusFileSize
new 855608-delete.patch4.2 KB

Updated to HEAD.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
StatusFileSize
new 855608-delete.patch5.86 KB

Fixed a bug. Removed the info string.

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Needs review » Fixed
StatusFileSize
new 855608-delete.patch8.41 KB

Fixed.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.