Hello,

I am usgin tac_light on my site to create a restricted area only visible to one user group (the board). Beside the board and normal authenticated users I also have editors who are responsible for creating all the content and have all the necessary privileges.

I set up tac_light with a taxonomy Privacy with only one entry: "board only" , so whatever content would be flagged with "board only" would only be visible to the board.

Everything works fine, authenticated users are blocked from that content, board members have access. All the content that is not flagged at all, is available to everybody as usual. The only problem is that the editors still see the pages, without having a "board" role... What is overriding this access restriction?

Thank you very much for your help.

Chris

Comments

Dave Cohen’s picture

Dave Cohen commented

The first thing to check is whether they have 'administer_tac_lite' permission. Users with that permission are not restricted by tac_lite from any content.

You asked, "What is overriding this access restriction?" It is important to understand that tac_lite does not restrict access to anything; rather, it grants access. There is a subtle but important difference. They way Drupal access control is supposed to work is that no module grants access to a node unless they know the user has permission. But any number of modules could grant the access. So in your case, most likely tac_lite is not granting access to those nodes but some other module is. Tac_lite does not, should not, and cannot prevent other modules from granting access to nodes that are tagged with privacy terms.

Most likely, editors have some permission like 'view such-and-such content' that is granting access to the node. That is, some module is returning TRUE when it's hook_access is being called. Or you could check your node_access database table to see if any other module is writing to it (look for realms other than 'tac_lite').

cfrb’s picture

cfrb commented

Ah, that makes it much clearer.

The module actually granting access to the node was node itself as my editors had administer nodes privileges... After removing these, it worked fine.

Thank you!

Chris

cfrb’s picture

cfrb commented
Status: Active » Closed (fixed)

closed the issue...