Incorrect query condition in og_menu_access()

Same issue for me.

Thanks so much! I was just about to post this as an issue, but I didn't have the fix already like you did :) This should be committed... my users in testing couldn't list or edit their group menus, and that included user 1 (admin)!

Thanks for reporting, as I don't use the 2.x branch I had not noticed the issue myself.

7.x-2.5 with this fix is now pending release.

I may be having an issue with people without the Administer OG menus being able to edit OG menus for groups they're not a member of, now. Is it possible it's related to this fix? Unfortunately I had to patch a customized version of og_menu with the security patch, and tracking down what bug causes what is a little more difficult.

I can only recommend not using a customized version, and even better, update to 3.x branch, which is much better in many aspects.

Hmm "Administer menus and menu items" is turned on for this role. Does that override any group restrictions?

We're looking to update to the 3.x branch, but the OG module was also modded, so we have to make sure all the changes that were made, are either in the newer versions or we can tweak them for our usage. Mostly mods were made to handle workflow / revision / translation issues.

"Administer menus and menu items" indeed overrides group restrictions.

Never hack modules like that (for obvious reasons), you should use the API's to get the functionality you want.

Yeah, unfortunately it was another team that was hired to build this site that did it... we're "fixing" things :)
Thanks! I figured it was that permission, and why they set it I've no idea *facepalm*