Access Control

Access denied on node creation form | Open Atrium Community
https://community.openatrium.com/node/1686

"Access Denied" to User 1 consistently | Open Atrium Community
https://community.openatrium.com/node/1766

Enabling CCK Field Permissions (cck_field_perms in Drupal 5, part of CCK itself in Drupal 6) can create bugs on your if you aren't paying attention and cleaning up after it.

Some excerpts from IRC among people trying to figure out why an image on a news post simply wasn't showing up (for the user who posted it in this case, the authenticated role had editing but not viewing rights for the imagefield!).

[Note, this is outdated, now using Kerberos.]

Clients don't like their test site competing with their live, production site for Google results. Therefore, we have put our entire set of test sites behind a pop-up requiring basic Apache authentication.

For ongoing maintenance — adding new people to access the test environment behind the authorization wall — the operative command is:

Hi there,

I am putting together a site that has very strict access requirements, there must be no access to content beyond the home page by anonymous users. To this end, I removed Anon. User 's access to Node Module content. This does the trick, no access to anonymous. However I was using 'node/1' as the home page which is now access denied :( Changing the access denied page to node/1 doesn't fix the issue either)

Simply looking at this function is one of the most useful things you can do to understand node access control in Drupal. From the 5.3 version of node.module

Searching for this led Agaric to this long thread on Access Control Within A Specific Content Type?

which led to:

http://drupal.org/project/nodeaccess

I created a module (attached, in case you're curious) that's a user reference widget. When placed on a node type, it will hide itself and fill itself in from the URL with the person the request is being made of. When a node with the field on it is submitted, it emails the person.

What I need is a way to allow the user in the user reference field the same rights to the node as the author of the node. So for all access control, they should be treated the same.

Do you think that's something you can / want to do?

Thanks,

Michelle

Deep background: