Skip to main content

Why can't A Drupal user edit a node they created?

Why can't a Drupal user edit a node they created?

Symptoms: An authorized Drupal user loses "edit" access to nodes they've created, even if they have appropriate node (or other module) access permissions. Or, user cannot edit a node that should be editable by them, based on access control or node access settings. No errors or warnings are presented to the user. Nothing in the Drupal watchdog log.

Possible Cause: The user does not have permission to use the input filter currently assigned to the node. (An administrator or other privileged user may have changed the input filter settings, or, input filter permissions may have been changed to exclude the node author since the node was created. As a result, the user never had, or no longer has permission to use the input filter associated with the node.)

This excerpt from Drupal node.module node_access() function tells the tale:


function node_access($op, $node = NULL, $uid = NULL) {
  // Convert the node to an object if necessary:
  if ($op != 'create') {
    $node = (object)$node;
  }

  // If the node is in a restricted format, disallow editing.
  if ($op == 'update' && !filter_access($node->format)) {
    return FALSE;
  }

So, if a node is created by a user with an input filter that was accessible at the time (a necessity, actually), and the admin or some other privileged user later removes access to that filter for the node author (or edits the node and selects an input filter that the node owner/creator cannot access), then the user will not be able to edit the node.

No warnings, no watchdog entries, nothing. An associated custom module (if any) hook_access is NOT called with $op='update'. The user just won't see the edit tab, or if the user tries to edit the node by visiting node/x/edit, user will see "access denied" messages.

Solution/workaround: Restore permission for the user to access the filter used when the content was first created (or last edited) OR, have a user (admin) who has access to the filters associated with the node edit the node and set the filter to one that the node creator/owner has access to. This will restore the update permission.

Here's a quick SQL query that shows content created using the non-default filter and the user ids who created/own them.

SELECT nid, uid, title, format FROM {node_revisions} WHERE format <> {default_filter_id} AND uid <> 1;

Proposal for Drupal Core mod: At a minimum, the caller of the node_access() function could create a watchdog entry when it disabled the 'edit' tab based on filter_access() returning FALSE. An example enhancement:


// If the node is in a restricted format, disallow editing.
if ($op == 'update' && !filter_access($node->format)) {
  watchdog('node_access', "update access rejected for node $node->nid user lacks access to node's current input filter ($node->format)");
return FALSE;
}

Also, when an admin changes filter access permissions, it might be nice to let them know that this may cause users to lose edit access to some or all existing content.

Status: Drupal issue #91663 created

Thank you!!!

Thank you for this information!!! I was all confused in my Drupal because none of my users could edit any of their content and I had no idea why, but then when I gave them "administer filters" permission, they were magically able to edit their pages again. Thank you!!!

Dangerous

Assigning 'administer filters' permission is a dangerous solution - it means that your users can change filter settings. I recommend that you give the users access to the filters used in the specific content, or changing the input filter for the content in question to one that is accessible to the particular users.

still an issue with Drupal 5.1

I thought you might want to know this is still an issue, at least up to version 5.1. Thanks a lot for posting about it because you saved me a lot of troubleshooting time! I suspect it would have taken me a while to figure out the root cause. Luckily it was only a couple dozen pages, so it wasn't too hard to go back and fix manually.

Yes, it appears to be the case

I submitted an issue on the drupal.org site, and it's still open as far as I can see. I've just updated the issue to suggest a solution. I'll try to come up with a patch.

Thank you so much,

You provided the right solution to a problem I've been trying to solve for a long time!

Awesome Post

I just saved myself a ton of headaches with this solution that I was pounding my head against the wall on. Thank you so much. Still an issue up to 5.7

Yes, it puzzles me why it's not been fixed...

as far as I can see it's still a problem in 6.x, scheduled for a fix in D7...

Wow, thank you

I've been caught by this twice. Once when I changed the input filter for a particular node (and then found this post), and once when I changed the default filter selection.

The second time, it was part of a big series of site configuration changes, and suddenly none of my users could edit content. It took me an hour before I ended up looking through a diff of MySQL dumps to realize that this was what caused it.

thank you!

This was EXACTLY what I was looking for. You showed up on the first page for the google search "drupal 6 cannot edit event".

Thank you!!!

I cannot tell you how much I appreciate your post on this problem. I'm not sure if/when I would have figured it out on my own. Thank you!!

Thank you

Hi, thank you for this discovery. I just had this problem and didnt figure it out :)