I have the following problem in Drupal 6 with CCK:
user1 creates node 1 in a custom CCK type
user2 creates node 2 in a custom CCK type
If user1 puts in address bar http://website_address?q=node/2 he can see the content of the node, even if I've given permissions only for own created content.
What can I do to give "permission denied" when trying to see nodes that are not created from the owner?
Ok,
i've found private module http://drupal.org/project/private that makes exactly what i need.
Related
I need to change the status of a node programmatically.
I changed the status field in the database to 0.
The node is unpublished.
The problem is that anonymous user can view the content
of the node, despite it's unpublished status ?
Check user permissions to disallow anonymous user to see unpublished content
Very odd problem occurs when I try to assign permissions to a single user by using the name picker. I have two users that has similar names: Jason Hillmer and Jason Hill.
When permission is assigned to Jason Hillmer everything is working as expected, but when trying to assign any permission to Jason Hill it fails saying: "The user does not exist or is not unique.". I've checked into the database from which SharePoint 2010 sources the users and they are totally different, with different emails, last names, usernames and so on.
Actually I don't have any way to grant access to Jason Hill into SharePoint website.
Does anybody know how to solve this problem? Is there a way to trick the system? And I would like to know WHY this problem occurs when we have two totally different users, even if they have similar names...
Regards,
Martin
Generally when you receive the "does not exist or is not unique" message, you can click the underlined name to see available options and choose the correct user.
Another way to accomplish the same would be to type in the user's email address or login instead of their "friendly" display name, since those unique values should resolve to the correct account immediately.
I have a project where I need a member group called Staff Admin (slightly less privileges than Super Admin) to be able to public entry data on behalf of a site Member via a Safecracker form. Now I am able to successfully set an 'author_id' on the form (using a hidden input) and a user logged in under the Super Admin group can successfully publish the new entry and have the specified author_id set on the entry.
The problem is that even though I have the 'Staff Admin' group settings allow to edit and change authors on entries, I'm unable to do it on a Safecracker form and the specified 'author_id' is ignored and I'm getting an error triggered for 'invalid_author' (The selected author is invalid.)
Think the line in the Api_channel_entries.php is around 1246 (under EE 2.4) where it’s looking to authenticate against Super Admin group only as the exception:
if ($data['author_id'] != $this->EE->session->userdata('member_id') && $this->EE->session->userdata('group_id') != 1)
Any ideas how I might circumvent this problem I have?
That error is being triggered because the author ID that you're trying to reassign the entry to is not one of the designated valid authors for the channel. To fix this you'll need to edit the member group (of the user you're trying to assign the entry to) and enable the 'Include Members in PUBLISH page multi-author list?' setting.
You may also need to enable that setting for each individual user via Member Administration > Edit Member > Member Preferences > "Include user in PUBLISH page multi-author list?"
I have a CCK content type Event which has a privacy text field to describe if its a 'public' or 'private'. I'm also using the RSVP module so users can invite their friends to an event they have created.
I need to be able to block access to an Event node if its private and the user attempting to view the node has not been invited.
I thought this would be easy enough by implementing hook_access which would check if the privacy field is private. If it is I would make a quick database call to check if the user has been invited. If not return false and block node access.
Imagine my horror when I discovered that this hook cannot be used for CCK content types and only works for content types the node module owns.
Can anyone point me in the right direction to do some custom node access validation 'the drupal way' when using CCK content types. Using drupal 6 by the way.
maybe you'll be lucky with the content access - module.
I didn't try it yet, but it seems to be the solution to your problem.
I have set permission to allow anonymous user to create page.
but when the anonymous user submmited the page, drupal 6 responded "page not found".
i have checked drupal backend, there was no page created.
so my question is, which permisson option i have to set to allow
anonymous user to create a page.
I had the same problem right now and it drove me crazy! After a bit researching I did a try rebuilding permissions at /admin/content/node-settings after remembering that this solved such issues related to node access for me before.
I am a senior developer and Drupal developer for about 4 years and until now I don't know why this happens. Who knows a clarification to all of this please please share..
http://drupal.org/user/642644
Anonymous users can create content if you give them permissions in the back end. Go to yoursite.com/admin/user/permissions and make scroll down to the "Node Module". Make sure you have "access content" and any relevant "create **foo** content" boxes checked (where **foo** is the content type you want them to be able to create) for anonymous users.
This will grant anonymous users permission to create content of type **foo**, and view any content created.
Your "Access Denied" problem may be caused by anonymous users being able to create content, but not access it. This would be the case if you have granted "create **foo** content" permissions to the anonymous user, but have not given them "access content" permissions. Can you see the content while you are logged in as an admin?
Not super familiar with the tech you're using but can a registered user create a page? If not, the problem probably is because of something else. :)