|Created:||somebody at Mon, 12/31/2007 - 3:28pm|
|Status:||Open (General Task / Priority 1-High)|
|Case ID:||Drupal Module Issues and Modifications: 92-323|
|Last modified:||Tue, 01/22/2008 - 9:35pm|
I created a new group, USADance-LA, and posted to it an event and agenda item. These nodes were NOT marked "Public", however, anonymous users could access them.
Posted issue here: http://drupal.org/node/204597
I know that if a node belongs to a group, but has taxonomy that matches a user, the user will be given access. In the case of the node posted to the USADance-LA group, First Board Meeting , nothing was selected in the "Categories" boxes, so the permissions should have defaulted to the Group realm, which only allowed "og_subscriber" to access the node. However, as noted before, ALL users could access the node.
So, I decided to look at the node_access table. I found this for the node in question, 3648:
According to this previous issue, the gid represents the rid when the realm is term_access. So, my immediate question was "What is giving causing node to give the grant_view permission to roles 0 (which is non-existent) and 1 (anonymous user)?
I then looked at the term_access table:
Apparently, rids 0 and 1 were being granted permissions on group nodes as a result of the first two lines of this query. I noted that I do not have a tid (term ID) = 0. So, this either represents something other than an actual term, or it's a mistake.
I decided to delete these two rows from the term_access table. After deleting them, I ran the "Rebuild Permissions" tool here:
That got rid of the rows in the node_access table, and the node itself is no longer publically available.
I have Taxonomy Access Control installed. I have had this site for some time, and have moved it (exported/imported data) at least once. My guess is that somewhere along the process, these grants were somehow added to term_access. My guess is that I probably should remove all non-existent tids from the term_access table, but I'm not sure. Will have to post this question on the TAC board.
After I updated to Drupal 5.6, I noticed that I now have the same problem again. When I query the term_access table:
select * from term_access where tid = 0
I still see:
So, I'm entering:
delete from term_access where tid = 0 and rid = 1
And rebuilt node permissions: http://www.centralavedance.com/admin/content/node-settings/rebuild
That did it.
Nope. Now, authenticated users who are NOT a member of the group can still see Group content. That isn't good either. Think I need to delete the rid = 2 also:
delete from term_access where tid = 0 and rid = 2
Rebuilt node permissions in Post Settings .
Logged in as "usadancela" which is awaiting subscription approval in USA Dance LA group. Can NOT see the non-public group posts.
Approved "usadancela" for USA Dance LA group. As "usadancela", I can now see group content. Excellent!
Question: What keeps putting in those tid = 0 and rid = 1 & 2 term_access records?