I have problems Rebuilding content access permissions, using both your module and ABT.
I found that this module generates a node_access record for almost evey node, while only a fraction if my node have a node_access_userreference field. They are explicitly created in hook_node_access_records().
(Why) is that necessary?

Comments

danielb’s picture

danielb commented

I have problems Rebuilding content access permissions

"Problems" ?

using both your module and ABT

"ABT" ?

I found that this module generates a node_access record for almost evey node, while only a fraction if my node have a node_access_userreference field. They are explicitly created in hook_node_access_records().
(Why) is that necessary?

What do you mean by "only a fraction if my node have a node_access_userreference field"? Can you be more explicit in what leads you to this claim?

Also, provide me with an explanation of how you have configured your user reference fields, in the various content types.

This module certainly is not designed to create access records for unaffected nodes.

johnv’s picture

johnv
Primary language Dutch
commented
Title: too many node_access-records » Ttoo many node_access-records

Thanks for your quick response, I just realized I had to add some more information..
This is my problem: #1360896: Rebuild permissions generates Fatal error: spl_autoload(): Class Database could not be loaded in database.inc on line 2412
However, that does not occur when only NA_UR is enabled, but it did make me look at the node_access table better than before.
NA_UR works very fine after the updates from last summer.

I updated to latest version.
I have no other access-modules enabled.
I have a content type with 1 field relevant for NA_UR. These are the settings:

Grants for referenced users = View
Grants for author = Empty
Grants for all users = View
When to set grants =  When the user reference field is in use
VIEWS - NODES TO AFFECT = None

And this is what is generated - a line for each node:

nid  gid realm grant_view grant_update grant_delete.
10195	0	all	1	0	0
10196	0	all	1	0	0
10198	172	nodeaccess_userreference	1	0	0
10200	0	all	1	0	0
danielb’s picture

danielb commented

Whoa that's different, haven't heard of this before.

The lines in the database you see are not created by nodeaccess_userreference, but by Drupal core. They simply mean that everyone is allowed to view the node. Every node must have a node access record by the design of Drupal.

I don't think I can help you, I have never got that error before or even heard about it. It seems like one (or more) of your nodes is corrupted somehow?? The node access rebuild process loads every node on the site, so when that node is loaded something goes wrong.

You need to narrow down this problem a bit more, hack the file where the error is coming from and add a debug_backtrace() and try to figure out what happened.

johnv’s picture

johnv
Primary language Dutch
commented
Title: Ttoo many node_access-records » Too many node_access-records

This seems normal behaviour by node.module:
node_save() calls node_access_acquire_grants(). Here, a default value is inserted for every node that is not affected by a node_access-module.
node_access_rebuild() generates one (1) record in node_access table if no access-control module is implemented. array('nid' => 0, 'realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0,)

Just for confimration ad reassurance, if you have an installation with nodes that are not affected by any node-access module, are they still in youd node_access-table?

Thanks for your support.

function node_access_acquire_grants($node, $delete = TRUE) {
  $grants = module_invoke_all('node_access_records', $node);
  // Let modules alter the grants.
  drupal_alter('node_access_records', $grants, $node);
  // If no grants are set and the node is published, then use the default grant.
  if (empty($grants) && !empty($node->status)) {
    $grants[] = array('realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0);
  }
  else {

    // Retain grants by highest priority.
    $grant_by_priority = array();
    foreach ($grants as $g) {
      $grant_by_priority[intval($g['priority'])][] = $g;
    }
    krsort($grant_by_priority);
    $grants = array_shift($grant_by_priority);
  }
  node_access_write_grants($node, $grants, NULL, $delete);
}
danielb’s picture

danielb commented

Yes every node is in the node access table, even with no node_access modules

johnv’s picture

johnv
Primary language Dutch
commented

Yes every node is in the node access table

Nice, that is reassuring..

, even with no node_access modules

But that is not my experience...

danielb’s picture

danielb commented
Status: Active » Fixed

The only exception to the default node access record is nodes that are unpublished AFAIK.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.