On Thu, Mar 5, 2009 at 11:23 PM, Michael Harris
<[email protected]> wrote:
>
>>> 2. do the private posts plugin.
>
> Done.
Is this somewhere in -extras now? Were any updates made to it? Just curious.
Also, I think this doesn't work I think there is a bug in ACL that
prevents it. If this bug does exist (didn't have time to test before
I left) then it is blocking.
Basically, under these conditions:
1. A user has been granted read access to a token.
2. That token is applied to at least one post.
3. That token is not applied to at least one post that the user has access to.
4. The user does not have super_user or post_all (only post_entry
and/or post_page).
...the user won't be able to read posts that don't have that token.
To reproduce, create a user, add the private post plugin, make one
post private, give that user access to private posts, then log in as
that user and you won't be able to see posts that are NOT private.
I think. I probably should add this as a ticket, but I'm away and
both lazy to the point of not wanting to load Trac, and habitual to
the point of writing out a complete report here instead.
I won't be back from the Drupal madness until Saturday, and when I get
back I'm going to want to lay down for a while. I don't know how that
affects a 0.6 release, but if you want to look at it, see this line
posts.php:
$perm_where[] = '{posts}.content_type IN (' . implode(',',
$permitted_post_types) . ')';
Owen
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at http://groups.google.com/group/habari-dev
-~----------~----~----~----~------~----~------~--~---
