When creating access rules in the user.module, the edit screen (admin/access/rules/edit/) does not reflect the actual setting stored in the database and will always be 0 (Deny). Editing an existing access rule will therefore flip from Allow to Deny when one doesn't pay attention. This can potentially lock the drupal system.
Here is a code snippet from the user.module:user_admin_access_form function with the suggested change. I simply passed the $edit['status'] value to the #default_value which fixes the mis-beavior
function _user_admin_access_form($edit) {
$form['status'] = array(
'#type' => 'radios',
'#title' => t('Access type'),
'#default_value' => $edit['status'],
'#options' => array('1' => t('Allow'), '0' => t('Deny')),
);
<snip>
| Comment | File | Size | Author |
|---|---|---|---|
| #6 | drupal5.user.module_0.patch | 542 bytes | jhm |
| #4 | drupal5.user.module.patch | 542 bytes | jhm |
| #2 | drupal4.user.module.patch | 528 bytes | jhm |
Comments
Comment #1
jhm commentedforgot to provide my environment:
Mac OS X 10.4.8
Apache1.3
PHP5.2.0
drupal.4.7.4 & drupal.5.0.beta1
Comment #2
jhm commentedI uploaded a patch
Comment #3
edmund.kwok commentedIssue also exists in 5.0, changing version to get more attention.
Patch for 4.7 fixes the problem, please submit a patch for 5.0.
Comment #4
jhm commentedHere is the patch against drupal5.0.beta1
Comment #5
edmund.kwok commentedLooks like the diff was reversed :p
Comment #6
jhm commentedOoops. here is the correct version
Comment #7
edmund.kwok commentedTested, and fixes the problem. RTBC
Comment #8
dries commentedCommitted to CVS HEAD. Needs to be backported, I think.
Comment #9
killes@www.drop.org commenteddone
Comment #10
(not verified) commented