Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I experienced odd issues with content suddenly becoming un-viewable in the frontend. This content has a taxonomy term with permissions set against it, but for some reason these permissions were being cleared.
I tracked the issue down to saving a taxonomy term (not the one with the permissions assigned) - when doing this permissions_by_term_submit() updates associated node access with the permissions_by_term.node_access service.
The above service calls the NodeAccess class's rebuildByTid method. This method drops all node_access records associated with the term - but in the context of updating a term that is associated with a node but is not the term that determines permissions, all permissions are cleared but not rebuilt (as they're rebuilt in the context of the updated term, not the term providing permissions).
I have created a patch, which I will provide - the approach of the patch is to establish whether a) the term has any changed term permissions, or b) has existing term permissions, prior to updating the node access. If neither a or b is true, node access is not updated. This may not be the best approach but it works.
| Comment | File | Size | Author |
|---|---|---|---|
| #13 | 2854153-11.patch | 3.05 KB | jepster_ |
| #3 | 2893811.patch | 1.93 KB | brynj |
Comments
Comment #2
brynj commentedDo not use - contains debug info.
Comment #3
brynj commentedComment #4
brynj commentedComment #5
brynj commentedComment #6
jepster_Interesting. I will take a closer look on this issue asap.
Comment #7
brynj commentedGreat, thanks. If you need any further information or clarification, just let me know.
I'm using this module in a large scale project, controlling lots of content types between 40 or so roles, and only discovered this issue quite late into development - because of its' relative obscurity.
Comment #8
jepster_Edited: yes, I could reproduce it. If you edit a related term, which has "no" permissions given, then just all related node access records are being dropped.
Comment #9
jepster_I have modified your code a bit. The main bug was, that if there was no permission granted by the currently edited taxonomy term, just all node access records for a specific node have been dropped. So I have modified NodeAccess::rebuildByTid() and shortened it. Because if there have been any permissions submitted by the taxonomy edit form, the term rebuild happened twice.
Your code has just checked, if NodeAccess::rebuildByTid() must be called. It has checked it also a bit too much. Looping the returned array from AccessStorage::saveTermPermissions() is enough to check if any term permissions changes happened.
Please check my patch and let me know if it is RTBC from your side.
Comment #10
jepster_Comment #11
jepster_Please check the updated patch.
Comment #12
jepster_Comment #13
jepster_Comment #14
brynj commentedThanks Peter.
Yes, I was aware my rebuild checks might have been a bit overzealous - but given the original behaviour to always rebuild, I decided to play it safe by always rebuilding if permissions were present (whether changed or not), just in case of some edge case I might not be aware of. Good to know that's unnecessary.
I shall try your patch in the morning and report back.
Comment #15
brynj commentedI've reviewed your patch this morning, and I can confirm it works as intended in the context the reported issue. Thank you.
Comment #16
brynj commentedComment #17
jepster_Thanks! I will publish an new patch version asap.
Comment #19
jepster_The fix is part of release 8.x-1.20. Thanks again for reporting and patch providing!
Comment #20
brynj commentedGlad to help, and thanks for the credit!