Hi there. I'm having a bizarre issue trying to deny post permissions to a forum for the "authenticated user" role, allowing only administrators to post announcements to this forum. As far as I can tell, everything is configured as it should, and normal users do indeed get a 403 when trying to access node/add/forum/xxx
where xxx is the TID, but the denied forum still shows up as an option in the dropdown on the node form, and submitting the form successfully creates the forum post as the normal user. I've attached a screenshot of the DNA block, with tooltip. It looks like the core node module is overriding the Forum Access perms.
I'm using Forum Access 7.x-1.2, ACL 7.x-1.0, and Chain Menu Access 7.x-2.0
I'm lost, can anyone help me? I'll happily provide more info if needed.
Comment | File | Size | Author |
---|---|---|---|
petulant_permissions_are_not_perpetually_pertinent.jpg | 143.02 KB | Ambient.Impact |
Comments
Comment #1
salvisThe DNA screenshot is correct — it does not take the forum_tid of the current node into account, only the content type.
However...
... is wrong.
My first guess is that your 'Test User' has a role (maybe even the 'authenticated user' role) that gives him Post access to that forum.
Do you have some other module installed that either does something to the forum drop-down list or to taxonomy in general?
Comment #2
Ambient.ImpactThanks for replying. You're absolutely right: I had a
hook_form_node_form_alter()
in my template.php that's rebuilding thewith values from
taxonomy_get_tree()
, which I assume is bypassing the permissions. Once I disabled the function, only the allowed forums were showing up.forum_access_access()
seems to be the way to go to check permissions. Thanks for nudging me in the right direction!