Problem/Motivation

If a user who doesn't have "administer reminders" permission edits a node, you get a "You aren't allowed to do that" error.

Proposed resolution

If a user without privilege to enable or disable reminders creates a node, enablement should be set to default for the node.

If the user edits a node, enablement should just silently be left as is.

Remaining tasks

User interface changes

None

API changes

None

Comments

dwillcox’s picture

dwillcox commented

On further consideration, there's no need to check user authentication in _datereminder_form_submit_node() since that will only be invoked if datereminder_alter_node_form() decided it's OK to enable/disable reminders. If reminders are on for this node type and the user can edit the node, s/he can enable/disable reminders. (If, in the future, we want to restrict enable/disable reminder to a subset of those who can edit the node, that will still be handled in datereminder_alter_node_form().)

On the other hand, I decided it was property to add a validate callback to make sure the user doesn't try to set the enable flag to something silly.

dwillcox’s picture

dwillcox commented

Testing: There's no longer a test for user access at the offending point, so the message will no longer appear.

Also checked (by stomping on the value in a debugger) that trying to set an illegal value generates an error.

dwillcox’s picture

dwillcox commented

Another minor glitch found and fixed while investigating this... If user set state to DISABLE (meaning disable and delete any outstanding reminders for this node), the reminders would be saved, but enabled state wasn't changed in the database.

dwillcox’s picture

dwillcox commented
Status: Active » Closed (fixed)

Closing. Process is much simpler for a sandbox, isn't it?