the node create access check should use node_access rather than user_access (so it works with custom node type modules that implement their own permissions)

CommentFileSizeAuthor
#2 mail2og-fixes_create_permission_check-965200-2.patch817 byteselplatt
mail2og-node-access.patch785 bytesmfb

Comments

rumburak’s picture

rumburak commented

I did not try personally the patch above, but I encountered an error in node_access. Practically the node_access function returns ALWAYS false for the create operation, even if the user has the permissions to create the node of the specified content. This is at least the case for content type created with CCK... The only case the function returns TRUE is if the user has the "administer nodes" permission. Possibly a problem of the CCK/drupal???

elplatt’s picture

elplatt commented
StatusFileSize
new mail2og-fixes_create_permission_check-965200-2.patch817 bytes

node_access() was replaced with user_access() in 8d52b4f8. I'm having a related problem, namely that non-cck defined types (such as blog) do not follow the 'create foo content' pattern for permissions. The best solution would be to fix cck to respond correctly to user_access('create'), but that might not be practical. I propose combining both access functions. It potentially checks two separate permissions (ick!) but the user will not be able to post unless one of those permissions has been enabled, so I think it should be fine as a practical solution for now. Patch submitted.

jludwig’s picture

jludwig commented
Issue summary: View changes
Status: Needs review » Fixed

This module is unsupported now, but I went ahead and committed this into the latest 6-1.x branch since I was there anyway. It looks good. Thanks.

  • elplatt authored 9413a7a on 6.x-1.x 
    Issue #965200 by mfb, elplatt: Fix node create access check

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.