This is an awesome module and appears to be working great on my setup-it's exactly what I needed-

- the only problem I have is that if a user wants to hide his/her files but neglects to add himself/herself via the user search to the approved list, then he/she can never again access his/her files.

would it be tricky to code it so that the creator of a node always has the ability to see his/her own file?

Many Thanks! This is great stuff.

Comments

Anonymous’s picture

Anonymous (not verified) commented

access control modules aren't really meant for that type of thing. If you want to make sure users can always edit their own pages, give the user's role 'edit own pages' access in settings > access control. Drupal will grant them access before consulting any other modules.

mgalera’s picture

mgalera commented

I have problems too having the users to see their new created content.

I think the key is that nodeaccess_node_grants instructs node_load to add query conditions refering only to the user roles (that is, nodeaccess_rid realm), but none refering his uid.

Because of this, if a user has no roles that allow him to see the node, node_load returns 0 rows and, following the code in node.module, the hook_access for the type module is not executed and so the 'edit own content' access is not applied.

Adding nodeaccess_uid conditions via nodeaccess_node_grants has no efect because there is no nodeaccess_uid entry in node_access table. The only thing I can think of is adding a "user has all perms" into node_access when inserting a new node:

function nodeaccess_nodeapi(&$node, $op) {
  global $user;

  switch ($op) {
    case 'insert':
    $grants = $user->nodeaccess_defaults ? $user->nodeaccess_defaults : variable_get('nodeaccess_'. $node->type, array());

    /*** START HACK ***/
    $grants['uid'] = array();
    $grants['uid'][$user->uid] = array('0' => $user->uid, '1' => 'nodeaccess_uid', 'grant_view' => 1, 'grant_update' => 1, 'grant_delete' => 1);
    /*** END HACK ***/

    _nodeaccess_save_new($node->nid, $grants);
    break;
  case 'delete':
    db_query('DELETE FROM {node_access} WHERE nid=%d', $node->nid);
    break;
  }
}

This allows the users to see their new created content, but it does not honor the 'edit own content' entry in settings -> access control. A workaround could be to add a "allow user to edit own content" checkbox for every content type in the nodeaccess config page, but then it starts to feel a little clunky.

Anyway I feel like a better solution should exist. Any Idea?

Anonymous’s picture

Anonymous (not verified) commented
Status: Active » Fixed

latest version allows author permissions

dries’s picture

dries commented
Status: Fixed » Closed (fixed)