It looks like the problem is caused in hook_node_grants. The granted permission for the given group is not being applied to the user when trying to access nodes. I will attach a patch once I get the thread started.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

pgillis’s picture

Status: Active » Needs review
FileSize
569 bytes
pgillis’s picture

shenzhuxi’s picture

Status: Needs review » Reviewed & tested by the community

committed.

pgillis’s picture

Hi,

Just wondering, comment #3 says the patch has been committed but when I check out the latest source I don't see the change. Do I need to be checking out a specific branch?

shenzhuxi’s picture

Sorry, I forget to push.
Committed to 7.x-2.x.

Marty2081’s picture

I guess the same issue is in the 7.x-1.x branch, because I had the same issue there and I see the same code there. Are you going to apply the patch on that branch too?

Also I was wondering if
$grants['og_view_any_unpublished_' . $type . '_content'][] = array($gid);

should be:
$grants['og_view_any_unpublished_' . $type . '_content'][] = $gid;?

shenzhuxi’s picture

Status: Reviewed & tested by the community » Fixed

7.x-1.x was fixed.
There seems no bug reports for a while.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Jody Lynn’s picture

Assigned: pgillis » Unassigned
Status: Closed (fixed) » Needs review
FileSize
795 bytes

Marty2081 in #6 pointed out a major problem in the code which was not addressed.

The patch in #2 which was committed resulted in the implementation of hook_node_grants returning the wrong data structure. The hook must return an array of gids, not an array of arrays of gids.

I came upon this because the incorrect return value actually caused apachesolr search results to break and show no search results for users with og_moderation access.

But I am afraid that the error actually has also prevented users from accessing the content they should be able to access. I don't believe this is a security issue as I believe it could only prevent access, not give access.

Patch attached.

pgillis’s picture

Assigned: Unassigned » pgillis
FileSize
602 bytes

Hi Jody,

I have changed the way hook_node_grants is implemented because of performance issue Node access too slow when current user is member of large number of groups. I have attached a new patch against the latest code in git. Can you verify that this still works for your use case? Thanks.

Pete

pgillis’s picture

Status: Needs review » Fixed

Committed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.