Not a bug Permission inconsistency

[Snog]

Affected version

2.0 Beta 3

If a forum has all of it's permissions set to "Yes" for the registered user group, except for "View node" which is set to "No", an automated thread can be made in that forum using the current user's information.

However, an attachment can not be made to that automated thread.

 

[Mike]

When you say "automated thread", I assume one you've created via a service. In which case, permissions are not generally involved in that.

How are you trying to add an attachment though? Permissions shouldn't be involved with that for the most part.

 

[Snog]

When you say "automated thread", I assume one you've created via a service. In which case, permissions are not generally involved in that.

How are you trying to add an attachment though? Permissions shouldn't be involved with that for the most part.

Yes, the thread is created via the creator service.

The attachment is via the helper_attach_upload template. You're able to upload the file, but then you immediately get this when the upload completes...


Give the group permission to view the forum, the error goes away and the attachment can be posted with the thread.

 

[Mike]

This is something you'll need to take steps to manually resolve. You wouldn't be able to create a thread (or a post) in that forum when done through the standard controller, so it doesn't make sense for attachments to be inserted. A lack of viewing permission will always supersede any other permissions (by virtue of the fact that it should be checked before verifying any further permissions against a piece of content).

You may need to implement either a custom attachment handler to fit your needs or point to a custom attachment uploader end point to change this behavior.

 

[Snog]

I was hoping not to bypass the normal permission system and the extra code.

But a quick handler does the trick.