search

Gizra / og

https://www.drupal.org/project/og
92 stars 133 forks source link

og_get_groups_by_user($anonymous_user, ...) returns the current user's groups instead of anonymous's #245

Open fdeimos opened 7 years ago

fdeimos commented 7 years ago

https://github.com/Gizra/og/blob/7.x-2.x/og.module#L3562 Second param for entity_metadata_wrapper is UID, not account entity. For anonymous user UID is 0. As result, 'data' property for $wrapper is FALSE, but there should be anonymous user object. When $og_memberships = $wrapper->{'og_membership__' . OG_STATE_ACTIVE}->value(); is called (next line in code) then after a few steps og_get_entity_groups() is called and $entity param is FALSE. So, it takes current user. https://github.com/Gizra/og/blob/7.x-2.x/og.module#L2305-L2307

amitaibu commented 7 years ago

Sounds indeed like a bug. In general there can't be groups for anon users

fdeimos commented 7 years ago

I discovered this issue with Search API module usage. When SearchApiAlterNodeAccess::alterItems() is called it performs the following node_access() checking:

public function alterItems(array &$items) {
    static $account;

    if (!isset($account)) {
      // Load the anonymous user.
      $account = drupal_anonymous_user();
    }

    foreach ($items as $id => $item) {
      $node = $this->getNode($item);
      // Check whether all users have access to the node.
      if (!node_access('view', $node, $account)) {
        ...
      }
      else {
        ...
      }
    }
  }

http://cgit.drupalcode.org/search_api/tree/includes/callback_node_access.inc#n40 I'll create PR soon.

fdeimos commented 7 years ago

Here is PR with fix. https://github.com/Gizra/og/pull/246