Jump to content

Debugging access issues


MarkE
 Share

Recommended Posts

I am having a real head-scratch over an access issue. I have defined a role 'webmaster' which has all permissions assigned to it. However, whenever I assign this role to a user, none of the pages in the tree are editable. Users assigned lesser roles (with access to specific templates only) can edit the relevant pages, but if I add 'webmaster' to their roles, they no longer have edit access. Inspecting the templates shows that 'webmaster' has view, edit, create and add rights to all of them. The access overview module shows green ticks for webmaster everywhere.

Any ideas how I go about debugging this (or, better still, what might be causing it?)

Link to comment
Share on other sites

Additional info:

Here's an odd thing. I have a template "Membership" and roles "membership-secretary" and "webmaster" which both have page-edit permissions for that template. If I give a user the webmaster role, or both roles, then they cannot edit a Membership page. If I give the user both roles and REMOVE the page-edit permission for webmaster from the template, then the user CAN edit the page. Uhhh!!? (NB they can't edit it if they only have webmaster with no page-edit!)

I have another role "treasurer" which also has page-edit permission for Membership. If I give the user both membership-secretary and treasurer roles but not webmaster, the they can edit a Membership page. If I add webmaster to their roles (with page-edit permission for Membership) then they can no longer edit the page, but they can again if I remove the page-edit permission from webmaster.

I do have one or two functions which reference webmaster (to treat it the same as superuser for some purposes). I have double-checked all that code, but just to be certain the problem didn't lie there, I changed the role "webmaster" to  "web-master" without amending the php. The problem remained exactly as described. So the issue lies somewhere in the database, but I have no idea where to look. I did the obvious and went through all the webmaster permissions and checked that all the permissions were there and that there were no revocations. In any case, why would adding a page-edit permission have the effect of blocking it?

As a final throw of the dice, I created a new role "webmaster" (leaving the old one as web-master) with all page-edit permissions and the problem occurred with that too.

Completely stumped at the moment!

Link to comment
Share on other sites

SORTED!

Tripped up by page-edit-created:

"This permission is a bit unique in that it actually reduces access (to roles that have it) rather than adding access. " (my emphasis)

You can say that again - it's completely unique and a real gotcha! I blithely went assigning all permissions to my webmaster role without realising that assigning this one actually effectively removed page-edit from most pages. This is really counter-intuitive. Why do it this way? The natural approach seems to me not to assign page-edit permission and then assign page-edit-created as an additional permission.

To prevent me forgetting this (as if...), I have added a note to the title of the permission. It might be helpful to add something in the default title.

Edited by MarkE
Additional info
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...