From 6a3b965c7dbe6d4d22cbdad4db2fd82b5e3903a0 Mon Sep 17 00:00:00 2001 From: Alex Pott Date: Tue, 23 Dec 2014 10:37:57 +0100 Subject: [PATCH] Issue #2011066 by Grimreaper, esbandeira, joshi.rohit100, the_contributor: example_author from hook_node_grants/hook_node_access_records grants all anon edit/delete to uid=0 nodes --- core/modules/node/node.api.php | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/core/modules/node/node.api.php b/core/modules/node/node.api.php index fd099a95b3..8110c8309b 100644 --- a/core/modules/node/node.api.php +++ b/core/modules/node/node.api.php @@ -83,7 +83,9 @@ function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) { if ($account->hasPermission('access private content')) { $grants['example'] = array(1); } - $grants['example_author'] = array($account->id()); + if ($account->id()) { + $grants['example_author'] = array($account->id()); + } return $grants; } @@ -175,14 +177,16 @@ function hook_node_access_records(\Drupal\node\NodeInterface $node) { // means there are many groups of just 1 user. // Note that an author can always view his or her nodes, even if they // have status unpublished. - $grants[] = array( - 'realm' => 'example_author', - 'gid' => $node->getOwnerId(), - 'grant_view' => 1, - 'grant_update' => 1, - 'grant_delete' => 1, - 'langcode' => 'ca' - ); + if ($node->getOwnerId()) { + $grants[] = array( + 'realm' => 'example_author', + 'gid' => $node->getOwnerId(), + 'grant_view' => 1, + 'grant_update' => 1, + 'grant_delete' => 1, + 'langcode' => 'ca' + ); + } return $grants; } -- GitLab