Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The patch in issue 2894728 broke the view any unpublished group permission because it passes the node ID of the node being viewed to og_user_access() but og_user_access takes an argument of the GROUP node id.
Updated patch attached that gets the groups of the node being viewed and passes them to og_user_access()
Comment | File | Size | Author |
---|---|---|---|
#2 | view_any_unpublished-2901558-2.patch | 898 bytes | jastraat |
Comments
Comment #2
jastraat CreditAttribution: jastraat at Technivant commentedComment #3
jastraat CreditAttribution: jastraat at Technivant commented@joelpittet - given that the current dev version has broken some key functionality, I hope you will review this soon.
Comment #4
joelpittetThanks, could you provide the simplest steps to reproduce the bug, so we can create an automated test together?
Comment #5
jastraat CreditAttribution: jastraat at Technivant commentedCreate a piece of unpublished content in a group. (not the group itself; it has to be group content)
Create a group level user in that same group and give them the 'view any unpublished [whatever content type you used in the first step]' permission.
Check that the group level user cannot see the unpublished node. (They should be able to.)
Comment #6
jastraat CreditAttribution: jastraat at Technivant commented@joelpittet
This was a bug introduced by the patch in 2894728 which had no tests associated with it. Given that this actually removes a key piece of functionality from the module, it seems that at a minimum, you should revert the patch from that earlier ticket.
Comment #7
jastraat CreditAttribution: jastraat at Technivant commentedIncreasing priority since the current dev version broke a key part of the module's functionality.
Comment #9
shenzhuxi CreditAttribution: shenzhuxi commentedCommitted. Thanks.