I have installed this module and selected the content types that it needs to be applied. I edited an existing node and set the permission to Authenticated for easy testing. I then selected the the permission management within the view to be the VAPN module which I then applied the the roles of Anonymous and Authenticated within the view.
When I am viewing the page as an anonymous user the node is listed that should only be available for Authenticated users. Access is denied when trying to visit but I had expected the node to not be shown in the list. I had hoped that this module would not allow the node to be shown in views for those roles which are not allowed access.
Comments
Comment #2
rafuel92 CreditAttribution: rafuel92 as a volunteer and at Ibuildings commentedHello, thanks for the issue, this module uses standard hook_node_access (See here) so it should work, anyway i'll check this issue as soon as i can and let you know.
Comment #3
ash2303 CreditAttribution: ash2303 at Axelerant commentedViews does not follow view option of `hook_node_access`. Use `Nodeaccess` module if you want to control nodes listing in views as well. You can also use something as below for quick fix with VAPN:
It will automatically apply access to the views containing VAPN nodes. If you want to show all nodes in a view irrespective of VAPN permissions, just use `Disable Sql Rewrite` in Query settings.
Comment #4
rafuel92 CreditAttribution: rafuel92 as a volunteer and commentedwe may provide a configuration option into the vapn configuration to integrate the logic implemented in the pre render hook provided by @ash2303
Comment #5
HerrSerker CreditAttribution: HerrSerker commented#3 did it for me
Comment #6
greggmarshallActually hook_node_access() is skipped by Views, and other lists, by design Node access rights
Comment #7
Dajka CreditAttribution: Dajka commentedUpdate: This is still an issue. Also I tried to implement #3 and it gives an unexpected error by now.
Update#2: Found the issue! you have to include the following line before the code for #3 to work.
use \Drupal\views\ViewExecutable;
(Hopefully this saves some time for people like me :) )
Comment #8
tostinni CreditAttribution: tostinni at Agence Propal commentedThe solution proposed in #3 is fine but it has a problem regarding the fact that it arrives after the query has been run and thus can lead to incomplete pages of your view.
Let's supposed you have a 10 items pager, if vapn needs to exclude 2 of them you will have 8 items in your page and 2 empty spots that would be visible if you have a grid display.
So here is a solution altering the view query by adding a relationship with the vapn table and checking if the node vapn configuration match the current user or if it's null.
Comment #9
jjmackow CreditAttribution: jjmackow commented*3 is causing 500 errors with PHP 8.1 and 8.2. It had been working fine in PHP 7.4. What seems to be at issue is the if clause ...
and in particular, the first part ...
This issue comes when a user has 2 or more roles.
When the HTTP ERROR 500 occurs, this is written to the error log:
that particular line within the file is:
if (($context["row"] != twig_last($this->env, ($context["rows"] ?? null)))) {