Does the er_check_edit_permissions function in form_logic.inc work?

[aturling]

In er_form_alter() (in form_logic.inc file) I noticed the call to the function er_check_edit_permissions():

https://github.com/EPSCoR/ERCore/blob/206230ac4b4f00460d7e694ae802bacf975d91d5/includes/form_logic.inc#L36-L54

From the comments, it seems to attempt to give edit permissions to the node creator, site admins, and anyone referenced in the field field_er_user_entity_reference. But it doesn't seem to be working?

Here's an example: I created this presentation on the dev site under my account and tagged Daisy Duck as a presenter (field_er_user_entity_reference field). But when I masquerade as Daisy, I get access denied:

http://dev-ercore.nmepscor.net/content/testing-edit-permissions http://dev-ercore.nmepscor.net/node/194/edit

[khuffman]

I just tested this on my test site here in RI and I confirm, it behaves the same way that you described.

I tried to test this on dev-ercore.nmepscor.net site, but I don't think I have the correct permissions to masquerade on dev-ercore.nmepscor.net site, because when I go to Daisy Ducks profile page and click the link "Masquerade as daisyd" it logs me out.

On 03/08/2018 06:30 PM, Amy Walsh wrote:

In er_form_alter() (in form_logic.inc file) I noticed the call to the function er_check_edit_permissions():

https://github.com/EPSCoR/ERCore/blob/206230ac4b4f00460d7e694ae802bacf975d91d5/includes/form_logic.inc#L36-L54

From the comments, it seems to attempt to give edit permissions to the node creator, site admins, and anyone referenced in the field field_er_user_entity_reference. But it doesn't seem to be working?

Here's an example: I created this presentation on the dev site under my account and tagged Daisy Duck as a presenter (field_er_user_entity_reference field). But when I masquerade as Daisy, I get access denied:

http://dev-ercore.nmepscor.net/content/testing-edit-permissions http://dev-ercore.nmepscor.net/node/194/edit

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/EPSCoR/ERCore/issues/71, or mute the thread https://github.com/notifications/unsubscribe-auth/AH7MkltaxQW05Vc0lmJc6b8TA_vSoO1qks5tcb74gaJpZM4SjhCO.

[khuffman]

Maybe dev-ercore.nmepscor.net site doesn't let me masquerade as Daisy because Daisy's status is set to "blocked"? I don't know..

On 03/08/2018 06:30 PM, Amy Walsh wrote:

In er_form_alter() (in form_logic.inc file) I noticed the call to the function er_check_edit_permissions():

https://github.com/EPSCoR/ERCore/blob/206230ac4b4f00460d7e694ae802bacf975d91d5/includes/form_logic.inc#L36-L54

From the comments, it seems to attempt to give edit permissions to the node creator, site admins, and anyone referenced in the field field_er_user_entity_reference. But it doesn't seem to be working?

Here's an example: I created this presentation on the dev site under my account and tagged Daisy Duck as a presenter (field_er_user_entity_reference field). But when I masquerade as Daisy, I get access denied:

http://dev-ercore.nmepscor.net/content/testing-edit-permissions http://dev-ercore.nmepscor.net/node/194/edit

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/EPSCoR/ERCore/issues/71, or mute the thread https://github.com/notifications/unsubscribe-auth/AH7MkltaxQW05Vc0lmJc6b8TA_vSoO1qks5tcb74gaJpZM4SjhCO.

[ercore]

Yes, as Kia pointed out, Daisy's status as "blocked" denied access to masquerade. I changed the status back to "Active", and masquerade now works.

[aturling]

Sorry that was a bad example, I didn't see that Daisy was blocked. Now that Daisy is unblocked she's still not granted edit permissions to the content she was tagged in. Is that a desired feature for ER Core? (the ability to edit content you entered yourself or you were tagged in?)

[ercore]

Yes, you can only edit what you have entered. Unless, you are an administrator or admin staff (you or Emily).