summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Pott2014-12-23 09:37:57 (GMT)
committerAlex Pott2014-12-23 09:37:57 (GMT)
commit6a3b965c7dbe6d4d22cbdad4db2fd82b5e3903a0 (patch)
tree32bb9b59ac70743668a63831e5c0c86231a93998
parent5eee2e7e8807cb2fcab9c49bb80aae8aa92a2734 (diff)
Issue #2011066 by Grimreaper, esbandeira, joshi.rohit100, the_contributor: example_author from hook_node_grants/hook_node_access_records grants all anon edit/delete to uid=0 nodes
-rw-r--r--core/modules/node/node.api.php22
1 files changed, 13 insertions, 9 deletions
diff --git a/core/modules/node/node.api.php b/core/modules/node/node.api.php
index fd099a9..8110c83 100644
--- a/core/modules/node/node.api.php
+++ b/core/modules/node/node.api.php
@@ -83,7 +83,9 @@ function hook_node_grants(\Drupal\Core\Session\AccountInterface $account, $op) {
if ($account->hasPermission('access private content')) {
$grants['example'] = array(1);
}
- $grants['example_author'] = array($account->id());
+ if ($account->id()) {
+ $grants['example_author'] = array($account->id());
+ }
return $grants;
}
@@ -175,14 +177,16 @@ function hook_node_access_records(\Drupal\node\NodeInterface $node) {
// means there are many groups of just 1 user.
// Note that an author can always view his or her nodes, even if they
// have status unpublished.
- $grants[] = array(
- 'realm' => 'example_author',
- 'gid' => $node->getOwnerId(),
- 'grant_view' => 1,
- 'grant_update' => 1,
- 'grant_delete' => 1,
- 'langcode' => 'ca'
- );
+ if ($node->getOwnerId()) {
+ $grants[] = array(
+ 'realm' => 'example_author',
+ 'gid' => $node->getOwnerId(),
+ 'grant_view' => 1,
+ 'grant_update' => 1,
+ 'grant_delete' => 1,
+ 'langcode' => 'ca'
+ );
+ }
return $grants;
}