Setting access using this module supersedes grants via people/permissions for unpublished pages

Created on 9 July 2020, over 4 years ago

Updated 16 May 2024, 7 months ago

This may affect all scenarios, but at least for unpublished pages this module grants permissions that exceed those granted in people/permissions.

To test, ensure that the settings in people/permissions only grant view access for unpublished pages to admin users. Then, go to an unpublished page and set View Access per Node values to allow Anonymous and Authenticated users. The unpublished page will now be visible to all users.

I'm not sure if this is the intent, but it seems problematic at best. Historically, modules controlling access permissions could only further restrict access to a node from what was configured in people/permissions, not grant permissions outside of that scope.

🐛 Bug report

Status

RTBC

Version

1.4

Component

Code

Created by

🇺🇸United States tclnj

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

First commit to issue fork.
@emclaughlin opened merge request.
Status changed to Needs review almost 2 years ago6:03pm 10 February 2023
Comment almost 2 years ago →
🇺🇸United States emclaughlin
I added a merge request that both checks for the node being published and grants access in a more concise way.
Status changed to RTBC 7 months ago9:41am 16 May 2024
Comment 7 months ago →
🇮🇳India Vishal Choudhary Dharmshala
#2 comment working fine if user unpublished the any content which is configured by view access per node permission. And edit any content and unpublished the node and also set the view access per node user permission set like anonymous and authenticated role.
Need to Move RTBC
Thanks All the Contributors!

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024