This might even be critical as it breaks a major part of aegir...
Views checks node access for nodes added via relations as well, so if a user does not have access to related nodes, the site will not show on the sites overview (the same happens with the platforms overview).
For instance for the sites list, I've figured out the user needs the 'view servers' and the 'administer platforms' permissions. For the Platforms list I did not yet find the right combination of permissions required.
This however is not a solution, as it would expose clients to more data than desirable.
This patch might be helpful #1349080-332: node_access filters out accessible nodes when node is left joined, but then we'd have to await the backport for D7.
This might be a result of SA-CONTRIB-2016-046
Comments
Comment #2
Neograph734Comment #3
Neograph734Comment #4
Neograph734Comment #5
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedThe patch from #1349080-332: node_access filters out accessible nodes when node is left joined looks definitely helpful here. We could add it to our makefile if needed.
With that patch I had no need to give a client user the 'view server' or 'administer platform' permissions to see the sites list.
The platforms list however I have also not found the right permissions to grant a client limited access.
Comment #6
kienan CreditAttribution: kienan commentedI didn't look back in the issue queue before creating a new issue, but #2883695 should address this
Comment #7
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedadding relation.
Comment #8
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedPlease re-open if #2883695: Users with the aegir client role not able to see their sites and platforms is not fixing it.