In node permissions, I've given role A access to create nodes of type B, which is content in group type C. In OG permissions, I've given the non-member role access to edit fields in type B. Users in role A, outside any group, get a blank node add form, because og_field_access_field_access() returns FALSE for these fields. I would expect it to return TRUE, since the user is a non-member and non-members explicitly have access to edit these fields.

Looking at the code, og_field_access_field_access() is only granting access on new nodes based on the user's groups, so non-member access is never checked at all. That seems like a bug.

Files: 
CommentFileSizeAuthor
#1 og-check_permissions_for_nonmembers-2064653-1.patch864 bytessreynen
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch og-check_permissions_for_nonmembers-2064653-1.patch. Unable to apply patch. See the log in the details link for more information. View

Comments

sreynen’s picture

Status: Active » Needs review
FileSize
864 bytes
FAILED: [[SimpleTest]]: [MySQL] Unable to apply patch og-check_permissions_for_nonmembers-2064653-1.patch. Unable to apply patch. See the log in the details link for more information. View

This patch checks for any non-member access to edit the field.

Status: Needs review » Needs work

The last submitted patch, og-check_permissions_for_nonmembers-2064653-1.patch, failed testing.

BeK27’s picture

Issue summary: View changes

If there are any more ideas on how to fix this bug please let's start discussing.