If I select multiple roles (terms) as to who has access, it is being treated as an AND.

How can we support setting content for roles A, B, or C without requiring that every user has all 3 roles?

Comments

kevinquillen created an issue. See original summary.

kevinquillen’s picture

For example, I want to grant view access to 4 roles, but NOT require every viewer to have all 4 roles, just be in one of those roles. That does not seem to work.

hobbsgoblin’s picture

Agree. The ability to select AND/OR should be added or the default should be set to OR.

stijndmd’s picture

I didn't bother with the option between AND / OR.
Here's a small patch that grants access and breaks the loop as soon as we find a role that is required for node access.

diff --git a/web/modules/contrib/permissions_by_term/src/AccessCheck.php b/web/modules/contrib/permissions_by_term/src/AccessCheck.php
index 9d045d81..7778ffd1 100644
--- a/web/modules/contrib/permissions_by_term/src/AccessCheck.php
+++ b/web/modules/contrib/permissions_by_term/src/AccessCheck.php
@@ -33,6 +33,11 @@ public function canUserAccessByNodeId($iNid, $uid = FALSE) {
             if (isset($aReferencedTerm['target_id']) && !$this->isAccessAllowedByDatabase($aReferencedTerm['target_id'], $uid)) {
               $access_allowed = FALSE;
             }
+            // From the moment we have one required role, grant access and stop looping.
+            else {
+              $access_allowed = TRUE;
+              break;
+            }
           }
         }
       }
Peter Majmesku’s picture

  1. I would rather agree for an option in a configuration entity with a checkbox. Like: "Allow access for users to nodes, which are assigned at least to one taxonomy term, for which the users have access. If this option is not checked, users must be allowed to access all terms related to the node to get access."
  2. The edit in AccessCheck.php is not enough. NodeAccess records must be also rebuild after the taxonomy term has been assigned/de-assigned from the node.
Peter Majmesku’s picture

Title: Does not support users with multiple roles. » Option for allowing access, if user has access to 1 node related taxonomy term
Category: Bug report » Feature request

  • Peter Majmesku committed b6875df on 8.x-1.x
    Issue #2895402: Option for allowing access, if user has access to 1 node...
Peter Majmesku’s picture

Status: Active » Fixed

I have added this feature into release 8.x-1.28. See more details here: https://www.drupal.org/project/permissions_by_term/releases/8.x-1.28.

Please test release 8.x-1.28 and re-open this issue, if you have any objections.

Thanks again for the feature request and the discussion.

stijndmd’s picture

Status: Fixed » Needs review

I have tried updating to 1.29 and it doesn't work.

Steps tot reproduce:

1) Create three user roles "One", "Two" and "Three"
2) Create a taxonomy "Permissions to view" with 3 terms "One", "Two" and "Three", linked to the corresponding roles
3) Create a content type with a term ref field to this new taxonomy
4) Create a node of the content type and for the term reference, choose two random options

1) With "Single Term Restriction" UNCHECKED
WHAT WE SEE: anonymous users have access
WHAT WE WANT: anon users should not have access, because they have none of the required roles

2) With "Single Term Restriction" CHECKED
WHAT WE SEE: user 1 doesn't have access anymore + anon users still have access
WHAT WE WANT: user 1 should always have access + anon users should not have access, because they have none of the required roles

Peter Majmesku’s picture

Status: Needs review » Needs work

Thanks for reporting. I have already started to work on this.

Peter Majmesku’s picture

Status: Needs work » Fixed

@stijndmd: I have fixed the access restriction logic in release 8.x-1.30. Afterwards I could not reproduce your issue anymore by the given scenario steps.

Please test and re-open this issue, if you have any further objections.

stijndmd’s picture

I just updated to the latest stable version (1.32) and the issue is fixed indeed.

mausolos’s picture

I don't think this is EXACTLY the same thing, but I wonder if solving mine would help with yours in some way (or vice-versa)?
Never mind, I don't seem to have any idea what I'm talking about today. Disregard.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.