If a node is marked as private, and ownership is set to anonymous, the node becomes editable to anonymous users. This typically happens when deleting a user. Ideally, private nodes owned by anonymous should have no edit grants set.

CommentFileSizeAuthor
#2 1297216.2-anonymous-edit.patch1.07 KBdeviantintegral

Comments

deviantintegral’s picture

deviantintegral commented
Title: Don't allow nodes owned by Anonymous to be set as private » Don't allow nodes owned by Anonymous to be edited by anyone
deviantintegral’s picture

deviantintegral commented
Status: Active » Needs review
StatusFileSize
new 1297216.2-anonymous-edit.patch1.07 KB

Here's a patch. I'm on the fence as to if we should force a node access rebuild, or just document it.

deviantintegral’s picture

deviantintegral commented
Issue summary: View changes

It's not view grants, but edit grants that are the problem.

adamps’s picture

adamps commented
Issue summary: View changes
Status: Needs review » Fixed

Fixed in 7.x-2.0-beta1. Testing of that release would be welcome.

daggerhart’s picture

daggerhart commented

Tested and verified working correctly in version 7.x-2.0-beta1. Private nodes authored by anonymous can't be edited by anyone except user 1.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.