Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The "view protected content" permission is used to determine whether a visitor should be allowed to view a node without having to enter a password. Isn't that what "bypass password protection" is for? i.e. isn't "view protected content" just a duplicate of "bypass password protection"? If not, the help text needs to be improved to explain why there are two permissions for what suggests are the same thing?
Comments
Comment #1
GrimreaperHello,
"view protected content" allows you to access the password form to enter the password and then access the protected node.
Yes, that's not very intuitive.
Documentation: https://www.drupal.org/node/2176635
I could not update the link on the project page.
Comment #2
DamienMcKennaIsn't that what the "access protected content" field is for?
Comment #3
DamienMcKennaI noticed that granting the "view protected node" permission does indeed allow someone to view the node without having to enter the password. That does indeed seem to indicate that it is a duplicate of "bypass password protection" and should be dumped.
Comment #4
GrimreaperOups, sorry, I misread the permission and I responded too fast.
Comment #5
DamienMcKennaThis patch replaces use of the 'view protected content' permission with the 'bypass password protection' permission.
Comment #6
izus CreditAttribution: izus commentedHi,
Thanks for the patch, i agree with the suggestion.
but in order to make the update not breacking the already assigned permissions, we need a hook_update_N to update roles that have the 'view protected content' and assign them the 'bypass password protection one'
also we need to do/trigger/check for some database cleanup (to be sure the deleted permission does no more exist in role_permission table)
Comment #7
GrimreaperRebasing the patch.
Comment #8
GrimreaperHello,
Here is a patch with a hook_update_n to manage the deletion.
Comment #9
izus CreditAttribution: izus commentedHi,
thanks for the patch
here we should use user_role_grant_permissions as it takes also care of deleting some cache after the db request
Comment #10
GrimreaperThanks for the review.
Yes, I reinvented the wheel with my db operations. I also use user_role_revoke_permissions.
I wonder If we should not add a node_access_needs_rebuild() ?
Comment #12
izus CreditAttribution: izus commentedNo need of rebuild access as the two API functions delete the accss cache.
Thank you al for contribution
this is now merged.