[menupath-raw] token fails if any enabled module implements hook_node_grants [#375424]

When a user that is NOT user 1 and does NOT have 'administer nodes' rights creates a new node, and one or more modules implement hook_node_grants (for example Workflow Access), and pathauto is configured to use the [menupath-raw] token, then the node_access table is checked to see if access to the node being created is permitted. At this point the row in node_access for the new node has not yet been created so the check fails. This causes pathauto to fail to generate a correct automatic alias for the node. If modules implementing hook_node_grants are disabled, then the node_access table is not checked and the [menupath-raw] token behaves normally.

It is not obvious how to fix this.

-- Walt

Comments

Comment #1

greggles

he/him

English

Denver, Colorado, USA

CreditAttribution: greggles commented 21 July 2009 at 16:24

It is not obvious how to fix this.

I agree ;)

So far the token system has generally ignored user access to information. It assumes that the module that consumes the tokens is doing the right thing. That's not really fair or valid, but it's what we've got. It may be that we should impersonate uid 1 while building the tokens so that Pathauto gets access to all of them. That feels hackish/dangerous, though.

Comment #2

roboneale CreditAttribution: roboneale commented 31 July 2009 at 11:42

This is causing a problem for me when using pathauto and the Private module. Is there a fix I can recommend to the Private module maintainer or does it need to be fixed in pathauto/token?

FYI - my problem is this:

If I create a node called 'node1' under menu a menu item called 'menu1' with the pathauto pattern [menupath-raw] I get the following url - /menu1-0
If I then resave the node I get the correct url - /menu1/node1

This can be resolved either by granting 'administer nodes' to the user role or disabling the Private module, neither of which is a desirable solution.

Thanks,
Rob