0

My Drupal / ubercart install has a bizarre issue. Anonymous users can access an edit page /node/44/edit for s SINGLE node only - an ubercart product. I have created a new version of the node, which does not have the issue. The tabs (view / edit) are also available on the product page to anonymous users. The issue became clear when the page was edited by a spam bot.

Is there any way I can output the decision making process which Drupal makes to the screen? For example can I output the variables to the screen which Drupal uses to make the decision about whether the user has access to a given URL or not?

Thanks in advance.

CitrusTree
  • 184
  • 2
  • 10
  • 1
    Are you using a module that provides node_access rules? – Berdir Feb 07 '11 at 21:23
  • i have had this issue before too... if you're using something like node_access, you have to be careful. especially if you have the setting to let authors edit their own content. once a user is deleted, any nodes they authored revert back to uid=0 (anonymous). therefore, they are able to then edit that node. – mikesir87 Feb 08 '11 at 01:58
  • Thanks everyone for your help - these suggestions have been great in helping me to work it out. mikesir87, this was a good suggestion. I hadn't thought of checking the author of the node (doh!) and this indeed was blank (so anonynmous)! I have no idea how this happened as it was definitly created by a registered user, so need to find out what caused it now. No content editor that I know of has been removed, however I will check this. How do I find out if I am using node_access? I assume this means from the API as opposed to the nodeaccess module (I am not using the mod). Thanks again. – CitrusTree Feb 08 '11 at 15:01

2 Answers2

0

There may be a better way, but to start, you could create a custom module that implements hook_menu_alter, then dump the contents of the $items array, to see the access callback associated with /node/44/edit or /node/%/edit.

Matt V.
  • 9,703
  • 10
  • 35
  • 56
0

One thing to try would be to "rebuild node permissions" You do this from the admin/content/node-settings page. It might be as simple as the permissions being jacked up, which is rare but does happen sometimes.

mirzu
  • 1,831
  • 2
  • 13
  • 15