Testing needed: node_access changes

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Testing needed: node_access changes

Dan Wilga-2
In an effort to remove the local changes to core in the node_access()
function in node.module, in r3000 I have made some big changes to the
way MM works. With any luck, you won't notice any difference, but it
does merit lots of testing:

- Use the system as a non-admin user. Do you see the
Edit/Delete/Revisions/Comments links in all the places where you
expect them to appear?

- Is it possible to hack the URL to edit/delete/etc. content that you
don't have permission to perform these operations upon?

- Do node-based links provided by other modules act incorrectly now,
such as not appearing when they should?

IMPORTANT: After installing this code (and running update.php if you
haven't recently), be sure to rebuild the menu tree. (URL:
devel/menu/reset)
--
Dan Wilga                                 [hidden email]
Web System Administrator/Programmer             http://www.amherst.edu
Amherst College                                      Tel: 413-542-2175
Amherst, MA  01002

---
You are currently subscribed to monster_menus as: [hidden email].
To unsubscribe click here: http://lists.middlebury.edu/u?id=685503.6b071f880fe6a965a128164e6d09ea81&n=T&l=monster_menus&o=425110
or send a blank email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Testing needed: node_access changes

McBride, Ian S.
This is a great update! I've done preliminary testing on all the default action elements. The correct interface links appear for a user at each of the five permissions levels, I was not able to browse to /settings, /delete or the like for nodes where I did not have the appropriate access, and I was not able to modify any of the forms I did have access to with Firebug to get them to point at different nodes where I did not have access.

Aside from the PHP strict notices and a couple places where MM/RSS Page assumes you have amherstprofile (which I'm compiling as that cleanup patch), the only issue I've encountered so far is that the "Add a user" textbox under permissions no longer fetches a list of users. I tried debugging this using debug_query in monster_menus.module where the query is compiled, but didn't see anything in the response body in Firebug, which I think (from the comments) is what you're using to debug those controls. Any ideas what might have happened here?

I'll look more closely tomorrow at interactions with other modules and retest the stuff I did today.

-----Original Message-----
From: Dan Wilga [mailto:[hidden email]]
Sent: Tuesday, June 16, 2009 2:52 PM
To: Monster Menus Development
Subject: Testing needed: node_access changes

In an effort to remove the local changes to core in the node_access()
function in node.module, in r3000 I have made some big changes to the
way MM works. With any luck, you won't notice any difference, but it
does merit lots of testing:

- Use the system as a non-admin user. Do you see the
Edit/Delete/Revisions/Comments links in all the places where you
expect them to appear?

- Is it possible to hack the URL to edit/delete/etc. content that you
don't have permission to perform these operations upon?

- Do node-based links provided by other modules act incorrectly now,
such as not appearing when they should?

IMPORTANT: After installing this code (and running update.php if you
haven't recently), be sure to rebuild the menu tree. (URL:
devel/menu/reset)
--
Dan Wilga                                 [hidden email]
Web System Administrator/Programmer             http://www.amherst.edu
Amherst College                                      Tel: 413-542-2175
Amherst, MA  01002

---
You are currently subscribed to monster_menus as: [hidden email].
To unsubscribe click here: http://lists.middlebury.edu/u?id=685439.7e7cbccf9bb225cf8471bffe1cb67503&n=T&l=monster_menus&o=425110
or send a blank email to [hidden email]

---
You are currently subscribed to monster_menus as: [hidden email].
To unsubscribe click here: http://lists.middlebury.edu/u?id=685503.6b071f880fe6a965a128164e6d09ea81&n=T&l=monster_menus&o=425154
or send a blank email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Testing needed: node_access changes

Dan Wilga-2
In reply to this post by Dan Wilga-2
At 4:57 PM -0400 6/16/09, McBride, Ian wrote:
>This is a great update! I've done preliminary testing on all the
>default action elements.

Glad to hear it's working well so far.

>the only issue I've encountered so far is that the "Add a user"
>textbox under permissions no longer fetches a list of users.

D'oh! I just found a bug which applied to the case where
amherstprofile isn't installed. It was using debug_query() instead of
db_query(). This is fixed in r3007.
--
Dan Wilga                                 [hidden email]
Web System Administrator/Programmer             http://www.amherst.edu
Amherst College                                      Tel: 413-542-2175
Amherst, MA  01002

---
You are currently subscribed to monster_menus as: [hidden email].
To unsubscribe click here: http://lists.middlebury.edu/u?id=685503.6b071f880fe6a965a128164e6d09ea81&n=T&l=monster_menus&o=425545
or send a blank email to [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Testing needed: node_access changes

Dan Wilga-2
In reply to this post by Dan Wilga-2
At 4:57 PM -0400 6/16/09, McBride, Ian wrote:
>This is a great update! I've done preliminary testing on all the
>default action elements. The correct interface links appear for a
>user at each of the five permissions levels, I was not able to
>browse to /settings, /delete or the like for nodes where I did not
>have the appropriate access, and I was not able to modify any of the
>forms I did have access to with Firebug to get them to point at
>different nodes where I did not have access.

Another thing to try is:

1. Create a node on a page. Figure out that page's mmtid (one way is
by not giving it an alias) and the nid of the node (you can find it
in the Edit link.)

2. Use PHPMyAdmin to go into mm_node2tree and remove the entry for
that node. Now, you can visit that node separately from any page,
using the URL: node/[nid].

3. Check permissions to see if they are still correct, and the
appropriate edit/delete/etc. links appear with the node.
--
Dan Wilga                                 [hidden email]
Web System Administrator/Programmer             http://www.amherst.edu
Amherst College                                      Tel: 413-542-2175
Amherst, MA  01002

---
You are currently subscribed to monster_menus as: [hidden email].
To unsubscribe click here: http://lists.middlebury.edu/u?id=685503.6b071f880fe6a965a128164e6d09ea81&n=T&l=monster_menus&o=425629
or send a blank email to [hidden email]
Loading...