Contrib.social

Don't use link in message after node save if user doesn't have permissions

Open on Drupal.org β†’
Created on 4 April 2017, almost 8 years ago
Updated 25 July 2024, 6 months ago

Problem/Motivation

When user saves node then Drupal should check if user has access to it and then decide if the new node title in the message should be link or not.

Message with link

User doesn't have access to it

Steps to reproduce

  1. Drupal 11.x installation.
  2. Create content of type test.
  3. Make content type test unpublished by default.
  4. Create a role test_creator and give it access to create content of type test.
  5. Create a user qa with the role test_creator.
  6. Log in as user qa.
  7. Create a node of type test.
  8. After saving, you will see a message about the successful creation of a new node with a link to the new node, but when you go to it you will receive a 403 error.

Proposed resolution

Add a node access check.

πŸ› Bug report
Status

Needs work

Version

11.0 πŸ”₯

Component
Node systemΒ  β†’

Last updated 9 days ago

No maintainer
Created by

πŸ‡ͺπŸ‡ͺEstonia hkirsman

Live updates comments and jobs are added and updated live.
  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago β†’
    πŸ‡¬πŸ‡§United Kingdom Dubs

    Hi all,

    I'm reopening the issue because there are valid use cases, for example, in the case of content moderation an anonymous or authenticated user could create some content and then not have permissions to view the content. The above patch works in this situation.

    Logically, a link to view unpublished or draft content should not be provided as this will result in an access denied page for the visitor.

    Thanks for reading, and hopefully this patch can find it's way into the code base.

  • Status changed to Needs work over 1 year ago
  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Per #30 if this is going to be reopened steps to reproduce fully need to be included in issue summary.

  • First commit to issue fork.
  • Merge request !8877Issue #2866619 by kksandr: added link access check to the node form β†’ (Open) created by Unnamed author
  • Pipeline finished with Success
    7 months ago
    Total: 462s
    #231237
  • Status changed to Needs review 7 months ago
  • Comment 7 months ago β†’
    kksandr

    I updated the steps to reproduce the issue according to the updated test and opened a merge request with the fix.

  • Status changed to Needs work 6 months ago
  • Comment 6 months ago β†’
    needs-review-queue-bot

    The Needs Review Queue Bot β†’ tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

    This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

    Consult the Drupal Contributor Guide β†’ to find step-by-step guides for working with issues.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024