Deprecated - Drupal core

I have been really delving into the core/modules access control lately. One thing seems clear: access control is an evolving, er.... mess?

For example, I set up a site using the project.module and am using OG. It turns out that no matter how you try to protect project nodes using OG, they become visible to anonymous users (virtually everyone in fact) so long as you have "access projects" checked for anon users. This is unlike "events" for example, where there is NO such setting under "access control" and all node_access table entries are respected.

Don't worry about the specifics. I'll take that up as an issue under project.module later. The point is that access control is in an inconsistent state. It's an interesting problem because it's clear that authors of code in Drupal+modules approach access control from two very different perspectives sometimes:

• Some of the code treats access control as a mechanism to control "what people see" in various lists, views, and menus. If links occur in the wild, they don't seem to be thinking about that too much.
• Other bits of code are concerned with true security, not only worrying about whether a node appears in lists (during SQL rewrites) but also the actual security of the node itself so that, even if referenced by unexpected links, the node will be protected according to node_access() AND user_access() restrictions.
  

I was having problems with my Drupal install not limiting revision capabilities to regular registered users even though said capabilities had been disabled via the Access Control section of the admin menu. So after checking the code in node.module I found that on line 882

$revisions_access = ((user_access('view revisions') || user_access('administer nodes')) ...

needed to be changed to:

$revisions_access = ((user_access('view revisions') && user_access('administer nodes')) ...

1/

When you use colspan and you allow sorting, the active column breaks. For instance:

$rows[] = array('cell 1', 'cell 2', 'cell 3', 'cell 4');
$rows[] = array('cell 5', array('data' => 'cell 6', 'colspan' => '2'), 'cell 8');
$rows[] = array('cell 9', 'cell 10', 'cell 11', 'cell 12');
return theme('table', array('row 1', 'row 2', array('data' => 'row 3', 'field' => '2', 'sort' => 'asc'), 'row 4'), $rows);

Although it's quite plain to see why this happens, it's obviously not nice looking...?

I've searched the forum here and also Google, but haven't really found an answer.

Using the news aggregator, when I have it display a feed within a column it only shows the links, which then lead to the page that shows the teaser as well. Is there a way to modify the module so that the block listing for a column displays all the info (caption, image, teaser) so the user does not have to go to another page?

I found this patch and it really helped !
http://drupal.org/node/70521#comment-120913

But unfortunatly only for my dev. local Windows/BigApache server. It is not working for my main Unix/Apache server (hosting company). I also found that this page is not working when using IIS.

I like the way Joomla's search box works and would like to implement that same, which means I need to add javascript to the search text box.

I had assume (to prove I tried) that the following would work, starting at line 1026 of search.module: