I've read through your README.txt file but I'm pulling my hair out trying to figure out how to restrict node editing permissions to users.

For example, I have a micro site called NAME.website.com which has an assigned user named "User 1" (assigned with permissions through a role called "Administrator").

"User 1" can edit NAME.website.com like they should, however if User 1 lands on a different subdomain, say NAMETWO.website.com, User 1 can edit this site as well.

In my permissions I have the Administrator role assigned to:
[x] edit domain nodes
[x] publish from assigned domain
[x] edit own TYPE content

edit any TYPE content is NOT checked!

In the domain settings I have checked:
[x] Enforce rules on administrators

Alas, users can still edit content of domains they are not assigned to.

What else should I be looking for/what am I over-looking? Any ideas? Help would be greatly appreciated -- this module is crucial to a 70 microsite Drupal install. It's been a great module to work with and has excellent documentation, however, I can't find the solution to this problem.

Thanks for your help.

Comments

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Active » Closed (works as designed)

These rules only apply to Viewing content, not editing content, because of how node_access() and db_rewrite_sql() work in Drupal core.

There is no way to stop user 1 from editing all content. (Except not to act as user 1 during normal site operations.)

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Closed (works as designed) » Postponed (maintainer needs more info)

Excuse me, your use of "user 1" was poor. UID 1 has super-user permissions in Drupal.

If you are talking about a different admin user account, remove the "administer nodes" permission and/or any "edit all X" or "edit own X" permissions.

The rest of the post stands. So the question is: what "node" module permissions does this user have?

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented

See also the documentation and troubleshooting here:

http://drupal.org/node/1103562 (esp. Advanced Usage) and http://drupal.org/node/1096982.

I also suggest you use Devel Node Access to determine which module is granting permission to edit.

HelloStephanie’s picture

HelloStephanie commented

Oops. Yeah, I didn't mean UID 1 -- that was dumb of me :x

Node module permissions are as follows:
[x] access content
[x] administer nodes
[x] delete revisions
[x] revert revisions
[x] view revisions

agentrickard’s picture

agentrickard
he/him
Primary language English
Location Georgia (US)
commented
Status: Postponed (maintainer needs more info) » Closed (works as designed)

Right 'administer nodes' is the problem. See http://api.drupal.org/api/drupal/modules--node--node.module/function/nod....

If you give users that permission, I can't stop them from editing anything.

  if (user_access('administer nodes', $account)) {
    return TRUE;
  }
HelloStephanie’s picture

HelloStephanie commented

I unchecked administer nodes AND removed permissions to edit any/own TYPE x ... still have the problem where a user from one domain can edit any other domain.