Closed (won't fix)
Project:
Forum Access
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
11 Apr 2010 at 21:16 UTC
Updated:
16 Mar 2012 at 16:58 UTC
The following situation produces incompatibility:
Third party module has
- Lower weight than forum_access - gets run before forum_access
- and implements hook_init
- and calls menu_get_item
This results in the situation, that menu_get_item fetches the router item and applies permission tests on _menu_translate and then _menu_check_access.
e.g. og.module makes exactly this with a weight of 0
As a result the dynamic (administer comments) permissions from forum are not yet getting applied to the user rules and an action like comment/delete/$cid will fail due to missing permissions (even if the user is moderator in that context)...
Comments
Comment #1
salvisI see the problem, but I don't see any solution...
As long as we have no tests (see #762270: WANTED: SimpleTests for Forum Access), it's very difficult to make non-trivial changes.
Comment #2
miro_dietikerThat's why i've added: #768266: menu_get_item shouldn't always check permissions
But this is a feature for the far future.
Meanwhile the issue was just reported for completeness to document research (wasted time ;-) ) and explain thoughts.
In general early modules (especially providing hook_init) should avoid those calls. Everything that modifies permissions must avoid it in any case.
This is the reason why we moved forum_access weight to 0, where its forum_access_init is getting called before e.g. og_init. This mechanism provides a clear reason for weight values.
Yes, tests would improve the situation a lot.
Comment #3
donquixote commentedSubscribe.
As a note, I posted two core issues related to this problem, see
#909178: Theme negotiation in menu_execute_active_handler()
#852562: Call a hook from menu_execute_active_handler, after the router item is found.
Maybe one could write a contrib hook_boot or hook_init module, that would run an alternative bootstrap with extra hooks and then exit() ? Just need to make sure to call exactly those missing methods of either hook that have not run yet.
Comment #4
salvisSee also #928160: Menu access checked before hook_init()???.
Comment #5
salvisI lost track of this and it's probably not of any interest anymore. Feel free to reopen if you want to pursue it further.
Forum Access for D7 uses Chain Menu Access API which should be more robust.