Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
It looks like the problem is caused in hook_node_grants. The granted permission for the given group is not being applied to the user when trying to access nodes. I will attach a patch once I get the thread started.
Comment | File | Size | Author |
---|---|---|---|
#10 | og_moderation-1616852-10.patch | 602 bytes | pgillis |
#9 | og_moderation-1616852-9.patch | 795 bytes | Jody Lynn |
#2 | og_moderation-hook_grants_issue-1616852-1.patch | 569 bytes | pgillis |
#1 | og_moderation-hook_grants_issue-1616852-1.patch | 569 bytes | pgillis |
Comments
Comment #1
pgillis CreditAttribution: pgillis commentedComment #2
pgillis CreditAttribution: pgillis commentedComment #3
shenzhuxi CreditAttribution: shenzhuxi commentedcommitted.
Comment #4
pgillis CreditAttribution: pgillis commentedHi,
Just wondering, comment #3 says the patch has been committed but when I check out the latest source I don't see the change. Do I need to be checking out a specific branch?
Comment #5
shenzhuxi CreditAttribution: shenzhuxi commentedSorry, I forget to push.
Committed to 7.x-2.x.
Comment #6
Marty2081 CreditAttribution: Marty2081 commentedI guess the same issue is in the 7.x-1.x branch, because I had the same issue there and I see the same code there. Are you going to apply the patch on that branch too?
Also I was wondering if
$grants['og_view_any_unpublished_' . $type . '_content'][] = array($gid);
should be:
$grants['og_view_any_unpublished_' . $type . '_content'][] = $gid;
?Comment #7
shenzhuxi CreditAttribution: shenzhuxi commented7.x-1.x was fixed.
There seems no bug reports for a while.
Comment #9
Jody LynnMarty2081 in #6 pointed out a major problem in the code which was not addressed.
The patch in #2 which was committed resulted in the implementation of hook_node_grants returning the wrong data structure. The hook must return an array of gids, not an array of arrays of gids.
I came upon this because the incorrect return value actually caused apachesolr search results to break and show no search results for users with og_moderation access.
But I am afraid that the error actually has also prevented users from accessing the content they should be able to access. I don't believe this is a security issue as I believe it could only prevent access, not give access.
Patch attached.
Comment #10
pgillis CreditAttribution: pgillis commentedHi Jody,
I have changed the way hook_node_grants is implemented because of performance issue Node access too slow when current user is member of large number of groups. I have attached a new patch against the latest code in git. Can you verify that this still works for your use case? Thanks.
Pete
Comment #11
pgillis CreditAttribution: pgillis commentedCommitted