Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi there,
I use the Domain module to target nodes to domains. The settings on Ad nodes however, are ignored by the module. All ads are displayed, whatever the Domain settings might be.
Comment | File | Size | Author |
---|---|---|---|
#10 | ad-6.x-2.2.1.ad.module.patch | 2.69 KB | ayalon |
#9 | ad-6.x-2.2.ad_.module.patch | 2.7 KB | ayalon |
#3 | AdDomain_patch_20090831_1.patch | 1.26 KB | nsciacca |
Comments
Comment #1
BarisW CreditAttribution: BarisW commentedHi guys, can someone help please? I really need to get this working ASAP.
Comment #2
BarisW CreditAttribution: BarisW commentedI think I found the error:
"All node listing queries are supposed to be wrapped in db_rewrite_sql() in order to enforce node access rules." [1]
Comment #3
nsciaccaThe problem with this is that the ad module makes no check when retrieving ads to whether or not the user has permission to view them. In addition, the ad_access function only checks to see if the user has permission to see ads or if they are an administrator. The fix would be 1) when gathering ads, make sure to check the node access, and 2) update ad_access for the $op = view to only return false if they don't have "show advertisements" permission - letting the node access module (which the domain access module integrates with) take care of the basic view permissions.
My setup
Drupal 6.13 - Ad 6.x-2.1 - Domain 6.x-2.0-rc9
I've attached patches for the files, but here's the code change for reference as well:
ad.module - line 561
adcache.inc - line 215
Comment #4
jmather CreditAttribution: jmather commentedI haven't tested this but I will 2nd the need for this....
Comment #5
Jeremy CreditAttribution: Jeremy commentedUpdating ticket status to reflect that there is a patch attached which needs review.
Comment #6
jmather CreditAttribution: jmather commentedI put this in our test environment with multiple domains and it appears the ad node respects the node access rules (at least the domain node access rules) with this patch in place.
+1
Comment #7
Jeremy CreditAttribution: Jeremy commentedSadly this fix will only work if no ad caching is enabled, which is pretty much required if you want good performance. When ads are displayed and an ad cache is used, Drupal is not bootstrapped and thus we're unable to invoke the _access hook.
I've gone ahead and cleaned up your patch for coding style and committed here, but I'll leave this issue open to continue thinking about a complete solution:
http://drupal.org/cvs?commit=292770
Comment #8
agentrickardDomain Blocks module might offer a better (cacheable) solution, but then you have to create an ad block per domain.
Comment #9
ayalon CreditAttribution: ayalon commentedThe posted solution in #3 is very bad and I recommend you not to use this solution.
In general, domain access and other node access modules work with SQL rewriting of Drupal queries. Because the ad module does db_query() calls without db_rewrite_sql(), the SQL statement cannot be rewritten and node access rules aren't respected.
The best solution adds the db_rewrite_sql() as proposed in #2 to all db_query() that are fetching nodes. Unfortunately this does not work, because the ad module stores all the nids in a separate table and queries the ads table without doing a join with the base table node. SQL rewriting does only work if the base table is node.
Example: aid = node ids
adcache.inc Line 219
No rewrite will happen if you change the statement like this:
Working solution
Base table is node, then make a JION to the ads table and the db_rewrite_sql() will work perfectly
Later in the code you have to change the line from aid to nid:
$ids[$ad->nid] = $ad->nid;
Attached you will find a patch against the latest version 2.2 that reverts the committed changes and implements a solution in the real Drupal way without a node_load() to check the permissions.
The best thing is, that it works with cache mode on, because it does not rely on _access hook.
I use this path on my live site. Please test it and commit it as soon as possible.
Comment #10
ayalon CreditAttribution: ayalon commentedThe patch above has one important typo:
$ids[$ad->aid] = $ad->nid; should be $ids[$ad->nid] = $ad->nid;
Attached you fill find a corrected patch.
Comment #11
ayalon CreditAttribution: ayalon commentedCan someone review this to commit this patch?
Comment #12
ayalon CreditAttribution: ayalon commentedAnyone?
Comment #13
agentrickardWell, the first change is missing the
$result =
, so this would fail.I don't use this module; I just maintain a node access module.
Comment #14
bba99 CreditAttribution: bba99 commentedIs this fix, or one like it, planned for the next release of the ad module?
Comment #15
amocsy CreditAttribution: amocsy commentedAd module do not know is_ad_owner if ad_owners is not enabled, thus you patch is making ad_owners a prerequisite for ad.module, which is fun, because ad_owners depends on ad.module, thus it's a prerequisite loop.
The use of is_ad_owner in ad.module itself makes ad_owners a required module instead of optional.
Not enabling ad_owners causes the following Fatal error: Call to undefined function is_ad_owner() in ...\sites\all\modules\ad\ad.module on line 570
Comment #16
litzastark CreditAttribution: litzastark commentedI've just discovered this problem on my site, and I'm surprised to see that it's been almost a year since there was any feedback on this issue. What's the status of the latest patch?