403 And HTML Filters

Photo of Greg Harvey
Wed, 2008-11-12 18:18By greg

Here's a really nasty little gotcha! You have a load of content, all of the same type. You give a role permissions to edit any nodes of this content type, but it gets all weird. Some of the content they *can* edit. Some they cannot.

Node access!?! No. Much simpler than that.

Chances are you started creating content as the superuser. You then probably published your site and started asking other users, with a different role (say, editor) to edit that content. Trouble is, as superuser you used "Full HTML" as the filter on some, but not all, of your pages.

However, by default only the superuser can use the "Full HTML" filter. And how does this manifest? A 403 error for anyone who tries to edit content created using a filter they do not have permissions to use. Solution? Just allow them to use the "Full HTML" filter, or edit the content and set it to a filter they can use:

Moral of this story? Never, ever do anything you want other users to do in the future while logged in as the superuser. You will create problems for yourself later on. You really must login as a user with the role of the intended users who will do said action before you do it yourself, if you want to be sure it works and avoid gotchas like this!