Content Not Viewable When ACL Disabled and Not Logged In [#150106]

Comment #1

drupnuts CreditAttribution: drupnuts commented 7 June 2007 at 16:07

I think I should elaborate and say that the content is just invisible. There are no 'access denied' errors, it just looks like the content doesn't exist at all.

Log in or register to post comments

Comment #2

Ainur CreditAttribution: Ainur commented 5 August 2007 at 21:58

I’ve made a test on my Drupal installation:
Installed both ACL and Forum Access modules, configured one form as follows:
Create/Read/Edit/Delete: authenticated only, none for anonymous and posted some topics.
Then disabled both of the modules, and created another topic in that forum.
The result was that I can’t access it as anonymous user I get Access Denied message, but I do can access’em as authenticated user.
Cache is disabled.

Log in or register to post comments

Comment #3

Ainur CreditAttribution: Ainur commented 5 August 2007 at 22:01

Forgot to mention that I get same behaviour with any other content type.

Log in or register to post comments

Comment #4

salvis

he/his

CreditAttribution: salvis commented 15 November 2007 at 22:59

After disabling ACL you should go to admin/content/node-settings and click on the [Rebuild permissions] button.

Log in or register to post comments

Comment #5

fago

German

Vienna

CreditAttribution: fago commented 16 November 2007 at 11:27

Version:	5.x-1.4	» 5.x-1.x-dev
Category:	support	» bug
Priority:	Critical	» Normal

hm, in content_access I've implemented a solution for that. Perhaps we should add to acl too:

in short:

/*
 * Implementation of hook_disable()
 */
function content_access_disable() {
  content_access_disabling(TRUE);
  node_access_rebuild();
}

/*
 * Remembers if we have disabled access
 */
function content_access_disabling($set = NULL) {
  static $disabling = FALSE;

  if (isset($set)) {
    $disabling = $set;
  }
  return $disabling;

/*
 * Implementation of hook_node_access_records()
 * @param $optimize If the grants should be returned optimized
 */
function content_access_node_access_records($node, $optimize = TRUE) {
  if (content_access_disabling()) {
    return;
  }
  ..

Log in or register to post comments

Comment #6

salvis

he/his

CreditAttribution: salvis commented 16 November 2007 at 17:50

I don't think calling node_access_rebuild() is a good idea, because it can take a very long time, and even fail with a timeout.

I've already written a disable hook that displays a message, asking the user to rebuild permissions, I just haven't had the time to commit it yet.

Why do you hook node_access_records?

Log in or register to post comments

Comment #7

salvis

he/his

CreditAttribution: salvis commented 17 November 2007 at 00:21

Status:

Active

» Fixed

Log in or register to post comments

Comment #8

fago

German

Vienna

CreditAttribution: fago commented 19 November 2007 at 12:15

http://api.drupal.org/api/function/node_configure_rebuild_confirm_submit/5

If you look at the code it does exactly the same.. Yes, it can timeout, this is a known and not fixed d5 bug.. :/ As I know this is only fixed in d6 by using the batching api.

Log in or register to post comments

Comment #9

salvis

he/his

CreditAttribution: salvis commented 20 November 2007 at 00:58

Yes, I know. But doing it automatically as part of disabling the module is sort of like a tipping truck that dumps its load whenever you turn off the engine. It's an unexpected side effect, and I don't think CA should do that.

The user may not necessarily want to rebuild permissions. And he's certainly not expecting that disabling a module could take a minute or two. That's why the [Rebuild permissions] button displays information and asks for confirmation before proceeding.