we installed the announcements module and then later discovered that our organic groups (og) private content could be viewed by users in other groups. regardless of the content type.
We are using og to segment groups of users and keep their data private to their group. every user belongs to only 1 group and all data is group private in our scenario.
we discovered that announcements has a hook_node_access that grants access to nodes regardless of their content type.
closer inspection indicated that the permissions declared by announcements appeared to serve the same purpose as the standard node content type permissions (for our purposes at least).
our solution was to simply delete the hook_node_access and everything worked for us again. This may not be a universal solution since i believe the "access announcements" permissions does give more control than the core node content type permissions scheme since i do not think you can control view access by content type. i could be wrong here.
for some additional background info the FAQ module has a hook_node_access that is content type sensitive.
Fixed
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
No activities found.