Re: Proposed user_access / $user->roles hook

Thread: Re: Proposed user_access / $user->roles hook

Search this list only Search all lists
Re: Proposed user_access / $user->roles hook
United States	2007-03-29 18:39:24

Steven Jones wrote: mail.gmail.com" type="cite">Actually having properly looked at node_access, indeed you can't do what you want without changes to core. That is, in fact, what I am proposing. A hook in user_access or even $user->roles which would allow a module to add roles, thus permissions, to a user in a particular environment -- in my case, within an OG group context. mail.gmail.com" type="cite">'create' operations are somewhat special and the only thing that gets to decide if a 'normal' user can create a node is the hook_access defined in the node's module (that is the module that allows the creation of that sort of node.) In the case I described, that would be node_access. With my modification, node_access is working properly as well. ; The problem is that somewhere in this process: node/add/<node type>?gids[]=<group nid>, something fails.  The only clue I have is that my debug of user_access reveals that the arg(0) context is lost. mail.gmail.com" type="cite"> Taxonomy Access controls creates by using db_rewrite_sql, but in my mind that is ugly. Fortunately, the taxonomy access I need is granted by role. ; So, if user_access / node_access are returning the correct roles, taxonomy works correctly automatically. That has been my experience so far. mail.gmail.com" type="cite">If any developers are still following this thread, would adding a invocation of nodeapi or something similar to node_access be permissable, as in this case at least, it would be very useful. FYI, on a totally separate project, I utilized the Extensible Node Access/Authorisation Capability patch: http://drupal.org/node/122173 which does exactly what you ask above: invokes nodeapi for access.  It works beautifully for everything EXCEPT lisitng, which requires node_db_rewrite_sql(). ; And, it does not deal with user_access permissions. ; So, even if I got it to return the correct permissions for a node create, I still have to deal with user_access and $user->;roles calls elsewhere. The OG module itself does 18 calls to user_access. What I'm saying is that if there were a way to have user_access invoke some sort of _access hook so that other modules could add permissions (or roles) to the ones it already creates, this would solve my problem. EXCEPT that I still can't figure out why the create isn't working by default now.

[1]

about | contact Other archives ( Real Estate discussion Medical topics )