Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Needs to check that $node->uid or $author->uid is not blank in either/both grant hooks.
Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Needs to check that $node->uid or $author->uid is not blank in either/both grant hooks.
Comments
Comment #1
mile23Thanks.
Have a patch?
Comment #2
hefox commentedNot yet, corresponding core issue #2011066: example_author from hook_node_grants/hook_node_access_records grants all anon edit/delete to uid=0 nodes
Comment #3
hefox commentedComment #5
hefox commentedComment #6
mile23I'd wager that this lapse happened because there's no test of behavior for anonymous users.
Care to write one? :-)
Comment #7
mile23Just changing the status and tags.
And clarifying: The patch looks good, just needs a regression test. If anyone ever wanted to learn how to write a test, here's your chance. :-)
Comment #8
vlad.n commentedAdded tests, verifying the access of an anonymous user to the private nodes with known or anonymous author. Testing the nodes that don't have an author was done using the nodes that were already made in the test and removing the author and moving back to the original auther after the test. I think that these test needs more refactoring.
Comment #9
vlad.n commentedComment #11
mile23Great! Thanks hefox and vlad.n!
Committed: http://drupalcode.org/project/examples.git/commitdiff/b4960906e4384240c0...
Comment #12
mile23