grants_form empty, Undefined index: values in nodeaccess_grants_form()

I noticed the same here and I believe the problem is in the nodeaccess_get_grants() function.

  $query = db_select('nodeaccess', 'na');
  $query->join('role', 'r', 'r.rid = na.gid');
  $query->join('nodeaccess_role_alias', 'nra', 'nra.rid = r.rid');
  $query->fields('r', array('rid', 'name'));
  $query->fields('na', array('grant_view', 'grant_update', 'grant_delete'));
  $query->condition('na.realm', 'nodeaccess_rid', '=');
  $query->condition('na.nid', $node->nid, '=');
  $query->orderBy('nra.weight');
  $query->orderBy('nra.name');

This query only returns existing roles access, we are missing the roles without access that are used to construct the table.

I can see a few things wrong on this query but I could not make it work in this style...

In the attached patch, I am simply using the query from the previous module version and it works well.

  $result = db_query("SELECT r.rid, nra.name, na.grant_view, na.grant_update, na.grant_delete
      FROM {role} r
      LEFT JOIN {nodeaccess_role_alias} nra ON r.rid = nra.rid
      LEFT JOIN {node_access} na ON r.rid = na.gid AND na.realm = :realm AND na.nid = :nid
      ORDER BY nra.weight, nra.name", array(':realm' => 'nodeaccess_rid', ':nid' => $node->nid));

Is there some advantages to use one style of query versus another in this case? More performance? Or is it a personal preference?

As for the undefined index notice itself, I suggest we use :

  if (!empty($form_state['values'])) {
    $form_values = $form_state['values'];
  }

  if (empty($form_values)) {

Thank you.

I believe the priority of this bug report should be set to major.

Please set it back to normal if this is not the case.

Thank you.

@Chase Did you test your patch? I just did and it fails to return the current access status for the roles.

If I may ask, why would we prefer this style of query which was introduced only in version 1.6?

What's wrong with the previous query which was working perfectly? Do we absolutely need to convert it to the other style?

Personally, I will always prefer the one that is working! ;-)

Anyway, my proposed patch is working for anybody looking for a quick fix.

And maybe the maintainer can decide what to do to fix this for good?

I also looked into potential issues for the other callers of nodeaccess_get_grants() and we are all good in that regard in my opinion.

Thank you.

Ok then, in the meantime, I suggest we hide the non-working patch to speed up the process. Thank you for your time.

> If I may ask, why would we prefer this style of query which was introduced only in version 1.6?

I'm guessing this style of query was used for "compatibility issues with SQL queries regarding PostgreSQL"

However I don't know enough about PostgreSQL to determine if the change to nodeaccess_get_grants() was truly necessary.

Ok I finally got the query working using the same style as in 1.6! :-)

New patch attached needs review.

Thank you!

After some more testing, I realized this was still working only for nodes with custom permissions already set.

As it turns out, the first "one line" query was always working simply because it was looking in the right table not because of its style! :-)

We have to look into node_access table instead of the nodeaccess table used in the new query with the db_select.

Also, the conditions have to be inside the leftjoin, if not, we get an undesired where clause like this:

SELECT r.rid AS rid, nra.name AS name, na.grant_view AS grant_view, na.grant_update AS grant_update, na.grant_delete AS grant_delete
FROM 
role r
LEFT OUTER JOIN nodeaccess_role_alias nra ON nra.rid = r.rid
LEFT OUTER JOIN node_access na ON r.rid = na.gid
WHERE  (na.realm = :db_condition_placeholder_0) AND (na.nid = :db_condition_placeholder_1) 
ORDER BY nra.weight ASC, nra.name ASC

And we want this to get the same results as the original query:

SELECT r.rid AS rid, nra.name AS name, na.grant_view AS grant_view, na.grant_update AS grant_update, na.grant_delete AS grant_delete
FROM 
role r
LEFT OUTER JOIN nodeaccess_role_alias nra ON nra.rid = r.rid
LEFT OUTER JOIN node_access na ON na.gid = r.rid AND na.realm = :realm AND na.nid = :nid
ORDER BY nra.weight ASC, nra.name ASC

New patch attached, needs review.

Thank you!

Patch looks good.

Thank you!

patch #12 works great. Thanks!

Role alias is optional, role form is not displaying due to the missing $grant->name. Attached patch resolve the case without alias.

BTW, shouldn't alias be check_plain'ed in all places?

#16 solved the problem for me. Thanks @ckng!

@ckng You are absolutely right. I did not notice this since the

if ($grant->name) {

is also removed in the patch for issue #2140819.

RTBC
Thank you

#16 worked for me too

#16 works for me also.

After I applied #16 all existing roles added prior to the nodeaccess 1.6 update show in the nodeaccess_grants_form. However, If you add a new role after the update it doesn't appear.

In addition, if you search for an individual user you get the error:

Notice: Undefined index: uid in nodeaccess_grants_form() (line 239 of /home/lucaster/public_html/drupal/sites/all/modules/nodeaccess/nodeaccess.module).
Warning: array_keys() expects parameter 1 to be array, null given in nodeaccess_grants_form() (line 239 of /home/lucaster/public_html/drupal/sites/all/modules/nodeaccess/nodeaccess.module).

@phil@pdale.net Yes, there are many bugs to fix in version 1.6, please see : #3033025: Nodeaccess: Multiple issues with version 1.6

Hi, we just updated to Nodeaccess 1.6 (core 7.64) and now we can't add new content: we get "Undefined index...line 223" whenever we click the "Grant" tab, so pages can't be made public (anonymous can view). I assume the issue you're working on here is the root cause, is that right? Is there a workaround? Perhaps configure Nodeaccess to make all new pages public by default? Or should we just wait for the new version? Thanks!

#16 worked great for us -- and actually, even when I added a role to "allowed roles", it was reflected on the "grants" tab of individual nodes.

@phil@pdale.net Just a thought -- did you check whether the role you enabled via "allowed roles" was also enabled for the content type of the node you're looking at? (i.e. /admin/config/people/nodeaccess#edit-department-landing where "department-landing" is your ctype machine name)

#16 did work us. Tested and working for our site.

Thank you LeDucDuBleuet and ckng.

#16 worked when it was empty, but then I added another role and the list doesn't update.

#16 worked for me too, thanks for the patch, but I am having the same issue mentioned on comment #27

For the "added another role and the list doesn't update" problem in #27: see #3032449: Change to nodeaccess_get_role_aliases() prevents adding new allowed roles