While looking through cod_session.module and template_preprocess_cod_session_calendar() I noticed that the room query doesn't use db_rewrite_sql(), meaning if og was in use or some other method for restricting access to content (other than published/unpublished) that the schedule would ignore it.

I think we should investigate how much we want to support multiple events and workflows of access-restriction and at the very least modify custom queries to be in db_rewrite_sql().

Comments

ezra-g’s picture

I agree - using db_rewrite_sql is the least we can do and we should do it.

ezra-g’s picture

I agree - using db_rewrite_sql is the least we can do and we should do it.

mrconnerton’s picture

Version: 6.x-1.x-dev » 7.x-2.x-dev
Issue summary: View changes

We should run some tests to see if this was taken care of yet or not. We are restricting on groups now but I'm not sure if all of the views/queries are hitting node access.