Moderator does not see fields added to content type.

Have you tried with AF disabled? AF doesn't deal with permissions and it seems that you should look that way.

Are you sure? Read the first part of my answer again. I am trying to help by isolating the problem because I am pretty sure this is not AF related issue.

Moderator function is part of Forum Access module and has nothing to do with AF.

princeofwales in #2:

It is interesting that the first response of most developers, like most public servants, is to point to another jurisdiction.

This comment moves your issue to the bottom of my stack, regardless of your royal descent.

I will take it up there.

troky already moved your issue to the right queue.

His response in #1 was 100% correct. Reducing the number of modules is the natural first step to narrow down every issue. This helps to ensure that we don't waste time and effort looking in the wrong place.

The module maintainers are here to maintain and support their modules because we want to be here, and many of us contribute countless hours of our free time. I don't think anyone here has any interest in shoving off responsibility. We're all working together to solve all issues within our reach in the most efficient way, and unless your competence level is such that you can help yourself, then you have to trust us that we'll help to the best of our abilities and capacity.

The issue you raised is definitely a Forum Access issue. FA hasn't learned yet how to provide access to fields beyond the basic node. I'm taking note of this, but I'm afraid there won't be a quick solution. This will take a lot of investigation, implementation, and testing.

We're not making any progress here, but it does not seem to be a hot issue either, or others would have chimed in here.

I've just run into the same problem. It is still just a test site, but it would be nice to have this fixed.

Do you use a contrib module for protecting your fields, or how do you do it?

I do use a custom module, but for a different content type. It has no effect on this.

The issue is with the function _forum_access_node_form in the file forum_access.node.inc.

I have not completely figured out the logic yet. If a moderator is involved, any form element with a key not found in:

$allowed_elements = variable_get('forum_access_allowed_node_edit_elements', array('nid', 'vid', 'uid', 'created', 'type', 'language', 'changed', 'title', 'shadow', 'forum_tid', 'additional_settings', 'revision_information', 'author', 'options', 'actions', 'body', 'taxonomy_forums', 'form_build_id', 'form_token', 'form_id', 'comment_settings', 'attachments'));

will have it's #access value set to FALSE, which hides it. The image and file fields are not included in the list, so they are hidden. If I trap the code and reset the #access to TRUE for the two form elements representing the two fields, then everything shows up.

I just have not yet figured out why when a moderator is involved, restrictions are made on what is shown. If no moderator is involved, then this code is skipped.

Thank you for your analysis — I hadn't thought of that! In fact I thought this was a completely different, much more difficult problem.

That code comes straight from the D6 version. There we implemented moderators by tricking Drupal into thinking that the user has the 'administer nodes' and 'administer comments' permissions. This had the effect that the author and timestamp fields would also be open for editing by moderators, which we clearly do not want.

We cannot know what other fields might have been added, and we choose to err on the safe side by listing those fields that we want to expose and hiding all others. Since this is a variable, you could add the additional fields that you want to expose to moderators. Can you try that, please?

We need to analyze whether we actually still need that code in the D7.

I've inserted an array_merge to merge in the two keys that represent the two fields that I have attached. It seems to work fine. The problem with this approach is that the code change depends on my field names.

I am using private files in my test. The permission to view this file is dependent on the user's 'view' permission of the node to which this field is attached. So if a user cannot view the post, then they also cannot view the private file. This is done outside of the code in question.

I'm not sure why this section (prior to the "special treatment" part) is even necessary. Non-moderators get full access to the form fields as long as they have edit permissions. Only moderators are being restricted. That just seems backwards! Could that section just be deleted? Then there would be no need to worry about what names fields are using.

I've commented out the statement that sets #access to false for form element keys not listed in the $allow_elements variable. I've not noticed any bad side effects yet.

Thank you for your patch and your testing.

I've done some clean-up and committed this to the -dev version (give it up to 12h to be repackaged).

Unfortunately, this will require another round of testing...