Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Currently the module doesn't respect user permissions at all. Some ideas:
1. The module should have a 'participate in user-to-user recommendation' permission, which excludes some users in the computation.
2. The module should check whether users have access to the content type using db_rewrite_sql().
Comments
Comment #1
jm.federico CreditAttribution: jm.federico commentedThere is a fix to check whether user has access to node or not.
Committed to dev branch.
Comment #2
danithaca CreditAttribution: danithaca commentedawesome! D7 might have some nice API to do it too.
Comment #3
jm.federico CreditAttribution: jm.federico commentedI think I'll be pushing the dev to a stable version soon. The security check is worth it.
Comment #4
danithaca CreditAttribution: danithaca commented@jm.federico: great! thanks.
Comment #5
mrfelton CreditAttribution: mrfelton commentedUsing this on D7, and only user 1 can see any recommendations.
Comment #6
danithaca CreditAttribution: danithaca commentedWhen I do the recommendation computation, I have to consider all items. Permission checking can happen when displaying the recommended items. This is already taken care of in the 6.x-2.0 release or the D7 release via Views support.
@mrfelton: I'm not sure why only 1 user can see recommendations. Perhaps you need many users before the system can generate recommendations.
Mark the status as "closed". Feel free to reopen it if people don't agree.