Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hello All,
I have encountered the following problem: after turning on the DA module, all content generated by Views got not visible for roles without permission "Bypass content access control ". Roles with granted this permission can see the page correctly.
My setup is:
- I use Panels to override the node view
- I have Quick tabs, where each tab contains View; the argument is passed through contexts
- then I have there few fields from the node put directly into Panels (no through Views)
The current behavior is:
- any content generated by Views on the page is not visible, or displaying the No result behavior (where set)
- the fields put into Panels directly through the Panels interface are visible, here everything works fine. So problem is only with Views.
I found that when I grant user "Bypass content access control" permission, the content from Views gets displayed correctly.
This behavior started after I turned on the DA module, before everything worked perfectly.
Did I miss something, maybe some permission setting? Can you please hint me to the right direction?
Note: I am using in my site also the field_permissions module. No other permissions-altering modules are in use.
Comments
Comment #1
sketman CreditAttribution: sketman commentedAnother observation: the problem described in post above is manifesting only in the new content, created after the DA module was turned on. The old content, created before DA module, gets displayed correctly for all users, even for those without granted "Bypass content access control" permission.
Comment #2
agentrickardI'm sorry, but it sounds like you enabled a module without understanding what it does. I suggest you disable it.
Enabling the "Bypass content access control" setting for non-admin users is a *serious security issue.* It will let any user edit any content, delete any content, or view any content.
Domain Access restricts *who* can *view* content based on the current domain. When you installed it, you should have been prompted that "Node access control needs to be rebuilt." When you do that, all of your content will be assigned to your default domain and should be available to all other domains as well.
If you haven't rebuilt access control yet, that's why none of the content would be visible.
When you create *new* content, you have to assign it to the proper domains. Please read the documentation.
http://drupal.org/documentation/modules/domain
Comment #3
sketman CreditAttribution: sketman commentedagentrickard,
thanks for your input. Your notes regarding security are all true; I ofcourse did not mean to grant "Bypass content access control" to non-admin users. Just wanted to describe the behavior of my site.
In the meantime I figured it out. The problem was in Views. I was having a single View with many displays, about 12, with different access permissions set displays. This caused the strange behavior on the site. When I separated the original large View and created sevaral smaller, it all started to work correctly.
Just noting, that before turned on the DA module, the large view worked correctly. So I am wondering whether there isnt any issue with passing multiple permission settings. Unfortunately I was not able to investigate this, because I am not a coder and this is far behyound my PHP abilities.
Thanks again.