I'm not sure if this is a bug or a feature. But I've run into a problem in that the admin user (uid 1) cannot use flags at all. I looked in the code and indeed there is no check for uid == 1. This however shouldnt even be required if the role of "Authenticated user" is set. But regardless of what roles are set, the admin can never actually use flags. If I try to print a flag link for example and view the page as the admin user, the link simply isnt there because the flag_flag_access() function is returning FALSE on these lines:

elseif ($flag->access_author == 'others' && $node->uid == $account->uid) {
    echo "hihi3";
      return FALSE;
    }

Note the hihi3. I named every single false and this is the one that came back. What exactly is this telling me? From what I can see it says that admin is associated with 'others' and that 'others' is also the node owner? The actual owner of the node is indeed uid 1. Where is this 'others' thing coming from and what is it's purpose? If we are the node owner, and uid 1, wouldnt it make sense to automatically return TRUE no matter what since admin is always allowed access to everything and should NEVER be denied access to anything at all? If it were me, I'd consider this a bug and patch it by adding a check for uid == 1 and return TRUE all the time. Why is this check not in the flag_flag_access() function? I suppose I could add a module that does this, but that goes against basic practices since I shouldnt need to allow admin for anything, it should just work out of the box that way and then a module can disallow access to it if they so please. This would have saved me an hour of debugging if it functioned this way instead.

Comments

crystaldawn’s picture

crystaldawn commented

Forgot to mention that any user OTHER than uid 1 works just fine. It's only the admin that doesnt and thats just completely backwards imho lol. I also tried setting the access using the hook_flag_access() call, but this did not work anyways. So that wasnt a solution and really shouldnt be a solution anyways although I would have expected it to work. It did work if I used flag_create_link(). But the view I am modifying still did not show the links like it should have which tells me that this is a deeper problem than just flag's implementation of hook_flag_access()

quicksketch’s picture

quicksketch
he/him
commented

wouldnt it make sense to automatically return TRUE no matter what since admin is always allowed access to everything and should NEVER be denied access to anything at all? If it were me, I'd consider this a bug and patch it by adding a check for uid == 1 and return TRUE all the time

I would assume that if you don't want users flagging their own content, you wouldn't ever want that to happen, even if they're user #1. This could be akin to preventing a user from flagging themselves as a friend, it just doesn't make any sense and shouldn't be allowed in any situation.

Note that if you allow users to flag their own content but you don't specify any roles, user #1 can still flag in that situation. Essentially user #1 is above all roles, but not above restrictions that affect all users regardless of role.

crystaldawn’s picture

crystaldawn commented

Ok so the problem is that selecting "Users may only flag content of others" also means that the admin cant flag their own content as well. In my particular use case, this is not what I wanted. So I created a new checkbox called "Allow admin (uid 1) to flag own content" and set the default to always on. I only wanted the admin to be able to flag their own content, and no one else. So the "Users may only flag content of others" was only doing part of it's job in my use case. Why? Because I like to be able to test things as the admin user and this option was causing me to have to keep 2 different browsers open while developing and me being of the male type am not that well ca-wardjin-ated. So my use case required this new option.

quicksketch’s picture

quicksketch
he/him
commented
Status: Active » Closed (works as designed)

I'd say this is working as intended. I don't think user #1 should have special permissions or options outside of what roles can provide.

michelle’s picture

michelle
she/her
Primary language English
Location Wisconsin, USA
commented

I'm not going to change your status but I think you should reconsider it. UID 1 bypassing permissions is well established in Drupal. In my case, I set a global flag so users could flag their own content. For UID 1 to not be able to go in and change a flag that was done in appropriately seems strange to me since normally UID 1 can do anything.

Moofie gave me the code to get around this but I think it makes sense to have it in the module by default.

Michelle

Marko B’s picture

Marko B commented

What is the statuse of this, can User 1 flag content now without problems?