Commit 6a3b965c authored by alexpott's avatar alexpott

Issue #2011066 by Grimreaper, esbandeira, joshi.rohit100, the_contributor:...

Issue #2011066 by Grimreaper, esbandeira, joshi.rohit100, the_contributor: example_author from hook_node_grants/hook_node_access_records grants all anon edit/delete to uid=0 nodes
parent 5eee2e7e
...@@ -83,7 +83,9 @@ function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) { ...@@ -83,7 +83,9 @@ function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) {
if ($account->hasPermission('access private content')) { if ($account->hasPermission('access private content')) {
$grants['example'] = array(1); $grants['example'] = array(1);
} }
$grants['example_author'] = array($account->id()); if ($account->id()) {
$grants['example_author'] = array($account->id());
}
return $grants; return $grants;
} }
...@@ -175,14 +177,16 @@ function hook_node_access_records(\Drupal\node\NodeInterface $node) { ...@@ -175,14 +177,16 @@ function hook_node_access_records(\Drupal\node\NodeInterface $node) {
// means there are many groups of just 1 user. // means there are many groups of just 1 user.
// Note that an author can always view his or her nodes, even if they // Note that an author can always view his or her nodes, even if they
// have status unpublished. // have status unpublished.
$grants[] = array( if ($node->getOwnerId()) {
'realm' => 'example_author', $grants[] = array(
'gid' => $node->getOwnerId(), 'realm' => 'example_author',
'grant_view' => 1, 'gid' => $node->getOwnerId(),
'grant_update' => 1, 'grant_view' => 1,
'grant_delete' => 1, 'grant_update' => 1,
'langcode' => 'ca' 'grant_delete' => 1,
); 'langcode' => 'ca'
);
}
return $grants; return $grants;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment