Not to display nodes when no users are selected

I normally would use another module to set up default access, something like the "node access" module. Then I use this module to add-on extra node access. I think though now with the configuration to grant the access back to the author, this will happen automatically?

Reopening this issue, as more people are facing this problem recently, see e.g. #1032562: Does it work in D7?
February 7th, this patch has been committed, which might be related, and may have changed behaviour: #1043962: Allow anyone to view a node

This is my constellation for a user reference field, with NAUR as my only contrib access module:
Grants for referenced users : [x]View/[]Update/[]Delete
Grants for author : [x]View/[x]Update/[x]Delete
Grants for all users : []View
IMO only author has access if user-reference-field is empty and when 'Grants for all users' = empty.

If you think this issue Works As Designed, there might be some clarification of the helptexts:
- With 'Grants for all users' = X, the helptext is not clear who gets exactly granted: 'All users with any role' or 'All users with User roles that can be referenced'?
- The following helptexts are complex, and I don't understand what you exactly mean:
"These content access permissions will be granted to the authors of nodes affected by grants given to referenced users.
"These content access permissions will be granted to all users for nodes affected by grants given to referenced users.
Would this be clearer, whilst meaning the same?:
"These content access permissions will be granted to ... of nodes of this content type.

My earlier advice was wrong. The 'author' and 'all' grants are only added to nodes when users are selected, i.e. the module is affecting the node.

If you think this issue Works As Designed, there might be some clarification of the helptexts:
- With 'Grants for all users' = X, the helptext is not clear who gets exactly granted: 'All users with any role' or 'All users with User roles that can be referenced'?

All users means all users... everyone. Nothing to do with roles or anything. I don't really think I can clarify this by discrediting all possible misconceptions anyone might have.

- The following helptexts are complex, and I don't understand what you exactly mean:
"These content access permissions will be granted to the authors of nodes affected by grants given to referenced users.
"These content access permissions will be granted to all users for nodes affected by grants given to referenced users.
Would this be clearer, whilst meaning the same?:
"These content access permissions will be granted to ... of nodes of this content type.

No that doesn't mean the same thing. The grants apply to nodes with certain conditions, as stated, not all nodes of a particular content type.

A possible change I could do is to allow configuration of whether the 'author' grant applies even when the user reference field isn't being used. That would address the OP's config problem, but of course it's even more to think about when setting up a field.

These problems all come from misconceptions that this module (and others like it) are designed to deny access.

So "nodes affected by grants given to referenced users" are nodes of which acces is changed by this module?

Indeed, not everyone knows that access modules only give acces, and not deny access. However, The first node_access module that is activated in a system does deny access: core drupal does not have the permission 'view {content type}', only edit/delete {content type}. That's what this issue is about.

I am looking forward for your opinion after a few nights sleep :-)

Thinking of making it like this:

Grants for referenced users:
[-] View
[ ] Update
[ ] Delete
_{These content access permissions will be granted to users referenced in the field.}

Grants for author:
[-] View
[-] Update
[-] Delete
_{These content access permissions will be granted to the authors of nodes.}

Grants for all users:
[ ] View
_{These content access permissions will be granted to all users.}

When to set grants:
(o) When the user reference field is in use
( ) Always
_{Determines whether to set grants when the field is not in use.}

The new config item at the bottom would determine whether to go ahead with the "author" and "all" grants. And if that doesn't do enough we can always add persistent grants for User 1 (who can see it anyway) to force consistency.

I've committed that to git and it will appear in the next dev snapshot.

Suppose it should be backported too.

When you select
Grants for all users:
[x] View

it does this:
Grants for all users:
[x] View
[x] Update
[x] Delete

basically when the 'grants for all users' are set to 'view', it gives all users the ability to edit the content, regardless of them being referenced by the node.

wtf, there is no such setting, you might be thinking of author? Start a new issue if you can prove this module is doing something wrong, like with the Devel node access block.

Hi Daniel,

Yeah, I totally misunderstood the module functionality.

Anyways - great work!