User login

Access Control

Access Denied to User 1 in Open Atrium

Access denied on node creation form | Open Atrium Community
https://community.openatrium.com/node/1686

"Access Denied" to User 1 consistently | Open Atrium Community
https://community.openatrium.com/node/1766

Agaric wants CCK Field Permissions to have smarter defaults (let the world see!)

Enabling CCK Field Permissions (cck_field_perms in Drupal 5, part of CCK itself in Drupal 6) can create bugs on your if you aren't paying attention and cleaning up after it.

Some excerpts from IRC among people trying to figure out why an image on a news post simply wasn't showing up (for the user who posted it in this case, the authenticated role had editing but not viewing rights for the imagefield!).

Apache access control the Agaric way

[Note, this is outdated, now using Kerberos.]

Clients don't like their test site competing with their live, production site for Google results. Therefore, we have put our entire set of test sites behind a pop-up requiring basic Apache authentication.

For ongoing maintenance — adding new people to access the test environment behind the authorization wall — the operative command is:

Ask Agaric: Trying to deny access...

Hi there,

I am putting together a site that has very strict access requirements, there must be no access to content beyond the home page by anonymous users. To this end, I removed Anon. User 's access to Node Module content. This does the trick, no access to anonymous. However I was using 'node/1' as the home page which is now access denied :( Changing the access denied page to node/1 doesn't fix the issue either)

Figuring out User-based Node Access in Drupal (again), some notes

Simply looking at this function is one of the most useful things you can do to understand node access control in Drupal. From the 5.3 version of node.module

RE: Node access module (based on users listed in userreference fields)

I created a module (attached, in case you're curious) that's a user reference widget. When placed on a node type, it will hide itself and fill itself in from the URL with the person the request is being made of. When a node with the field on it is submitted, it emails the person.

What I need is a way to allow the user in the user reference field the same rights to the node as the author of the node. So for all access control, they should be treated the same.

Do you think that's something you can / want to do?

Thanks,

Michelle

Syndicate content