It seems like simple access now gives everyone who has view permissions edit and delete rights, even though those options are unchecked. This is what I find in the database:

nid gid realm grant_view grant_update grant_delete
83 7 simple_access 1 0 0
83 0 simple_access_author 1 1 1

It seems like the author is 'anonymous' (even though the page was made by a real logged in person). Maybe that doesn't get passed through?

I'll see if I can find something myself tomorrow, but this is how far I got today.

jonne

Comments

gordon’s picture

gordon commented
Status: Active » Fixed

Fixed in dev

jonne.freebase’s picture

jonne.freebase commented

Thanks for the quick fix :)

I'll let you know if I find any more issues.

Jonne

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

  • Commit 52fc549 on 5.x-2.x, 6.x-2.x, master, 8.x-3.x by gordon: 
    * Fix bug where if the node is owned by user 0 everyone is given access...