From 859e045db6ead718e54bb66c3866ae7c3bf6d11a Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 6 Jan 2006 16:21:34 +0000
Subject: [PATCH] - Patch #42955 by Cvbge: critical bugfix: users can't create
 new content.

---
 modules/node.module      | 11 +++++++----
 modules/node/node.module | 11 +++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/modules/node.module b/modules/node.module
index 685509cf36d..3c7283b0e3f 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -2167,8 +2167,10 @@ function node_form_alter($form_id, &$form) {
  *   - "view"
  *   - "update"
  *   - "delete"
+ *   - "create"
  * @param $node
- *   The node object (or node array) on which the operation is to be performed.
+ *   The node object (or node array) on which the operation is to be performed, 
+ *   or node type (e.g. 'forum') for "create" operation.
  * @param $uid
  *   The user ID on which the operation is to be performed.
  * @return
@@ -2176,8 +2178,9 @@ function node_form_alter($form_id, &$form) {
  */
 function node_access($op, $node = NULL, $uid = NULL) {
   // Convert the node to an object if necessary:
-  $node = (object)$node;
-
+  if ($op != 'create') {
+    $node = (object)$node;
+  }
   // If the node is in a restricted format, disallow editing.
   if ($op == 'update' && !filter_access($node->format)) {
     return FALSE;
@@ -2200,7 +2203,7 @@ function node_access($op, $node = NULL, $uid = NULL) {
 
   // If the module did not override the access rights, use those set in the
   // node_access table.
-  if ($node->nid && $node->status) {
+  if ($op != 'create' && $node->nid && $node->status) {
     $grants = array();
     foreach (node_access_grants($op, $uid) as $realm => $gids) {
       foreach ($gids as $gid) {
diff --git a/modules/node/node.module b/modules/node/node.module
index 685509cf36d..3c7283b0e3f 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -2167,8 +2167,10 @@ function node_form_alter($form_id, &$form) {
  *   - "view"
  *   - "update"
  *   - "delete"
+ *   - "create"
  * @param $node
- *   The node object (or node array) on which the operation is to be performed.
+ *   The node object (or node array) on which the operation is to be performed, 
+ *   or node type (e.g. 'forum') for "create" operation.
  * @param $uid
  *   The user ID on which the operation is to be performed.
  * @return
@@ -2176,8 +2178,9 @@ function node_form_alter($form_id, &$form) {
  */
 function node_access($op, $node = NULL, $uid = NULL) {
   // Convert the node to an object if necessary:
-  $node = (object)$node;
-
+  if ($op != 'create') {
+    $node = (object)$node;
+  }
   // If the node is in a restricted format, disallow editing.
   if ($op == 'update' && !filter_access($node->format)) {
     return FALSE;
@@ -2200,7 +2203,7 @@ function node_access($op, $node = NULL, $uid = NULL) {
 
   // If the module did not override the access rights, use those set in the
   // node_access table.
-  if ($node->nid && $node->status) {
+  if ($op != 'create' && $node->nid && $node->status) {
     $grants = array();
     foreach (node_access_grants($op, $uid) as $realm => $gids) {
       foreach ($gids as $gid) {