Steps to recreate
1. Enable Node Authlink on view of selected node type
2. Enable comments on the same node type
3. Allow anonymous to view and post comments
4. Disallow anonymous to view selected content type
5. Visit node with selected content type through authlink and try to comment
Result
- You can see the node
- You can post the comment
- You can't see the posted comment
Probable cause
comment.module uses node_access validate access to selected node. node_access denies access to node in case ANY modules returns negative.
So it doesn't matter if Node Authlink allowed the view of node, while other modules (per content type access settings in my case) restricts the view of the node.
Suggested solution
Create module configuration option, to select between two modes:
- Allow (Node Authlink will allow access to the page and ignore if KEY is missing) - current behaviour
- Disallow (Node Authlink will disallow access to the page if key is missing and otherwise ignore)
Comments