Allow modr8 to publish nodes when approving

I'm a little ambivalent about this, since not displaying unpublished nodes to moderators could also be considered a security issue. Currently, those with just the moderator permission cannot actually view the full node if it is unpublished, right.

In the 5.x version of Modr8, it implements hook_db_rewrite_sql() so posts in moderation will NOT show up on the front page, etc unless you're a moderator or the author of the post. Try it out. It's not really access control (anyone can still navigate to it if they know the URL), but rather exclusion from listing.

In Drupal 4.7 the question of whether or not to display a post in moderation was implemented in core and varied by module, so setting to unpublished was more sensible.

I think in 4.7, it was sort of left-over from 4.5 or 4.6 where there was some other moderation core in code.

so in 4.7, the various core modules handle moderation inconsistently. The powers that be decided in 5.x to leave the column in the table, but remove all other moderation-related code from core.

As far as your other comment, if you look at the SQL unpublished nodes will not even show up in the queue (right?). Again, since only users will 'administer node' permission can view unpublished content, I think that if you really think this is important, then the block and other form code need to special case users with 'administer nodes'.

doh! You're right- the queries don't match up in the block and the administration page.

I must have missed that in the 4.7 -> 5.0 upgrade. In the upgrade I added db_rewrite_sql() so that this module would respect access control.

Ok, attached patch is a first step to at least make these queries consistent. I'll commit as soon as I test ti.

After that, you could add a patch for the admin setting and setting status, and for splitting out the queries so that those with 'administer nodes' will see unpublished nodes in the block/queue.

setting back to active (so I can see it)

Yes I'm on the DRUPAL-5 branch- the query is done in .module and then passed to a function in the .inc file.

Note also a missing ; in the patch- a working version will be in CVS in 500 ms.

Your idea may be valuable if your site has a complex workflow (e.g. you're using some other module to set the content to be published on a certain date.) Otherwise, the 5.x version of modr8 itself *should* be doing a good enough job of hiding the content, so you can set your to be published by default.

Sorry to be late in this discussion, but I still think this whole 'node-needs-to-be-published-to-be-moderated-but-still-viewable-if-you-know-theURL' setup is quite confusing. It took me quite a while to realize this, while I think a more natual (at least to me) way is nodes-only-get-published-after-approval. I even almost submitted a bug report when I found a node is still viewable while in moderation, until I saw this line on the project page:"This is NOT an access control module..."

I agree with pwolanin's comment that moderators being able to view unpublished nodes may be an security(un-wanted access) problem. But I think we need a better solution than the current one. My initial suggesion of the workflow setup is:
1) node set to unpublished by default
2) a user writes a post then he/she could decide whether save a draft (simple save) or submit to moderation queue
3) only nodes submitted to mod queue are viewable to moderators
4) When a node is approved, it gets published, then can be viewed publicly
5) If a post is rejected, moderator could either delete it directly (this permission should be configurable by admin), or simply mark the node as 'rejected' but not deleted, so the author could refine and re-submit.

Forgive me if it's off-topic or any of the above functions are already available in HEAD, it's all based on a 4.7 version I tried out a few weeks ago
Thanks!

In 4.7 the restrictions on listing moderated nodes all falls to core or each contrib code (though I suppose I could backport the hook_db_rewrite_sql()). Please try out the 5.x version - I've been adding lots more features than the 4.7.x.

I'm also open to the idea of adding a "publish when approved" option for the 4.7.x version (but not the 5.x, as per above).

thanks for the quick reply, I am cheking out HEAD and will report back.

Actually, thinking about this more, the most logical solution for the 5.x version might be to show unpublished nodes in the queue if the user has "administer nodes" permission, and then make it so that approval can publish in both 4.7.x and 5.x.

Note that since in 5.x only users with "administer nodes" would see the unpublished items in the queue, users with only the "moderate content" permission will still not be able to publish unpublished nodes (by design).

+1 for dami's point of view

I do not see the draft status as a requirement though: one could simply expect that his users would make drafts in a simple text editor (Notepad/Textedit/gedit). But of course, this would make the modr8 module a more complete module IMO. Although it's quite some more work as well, since another table would be required to mark a node being in the "draft" state. Alternatively, we could alter the node table, but that might be against the Drupal module policy?

For now I'll keep set my nodes to published by default, the site isn't live yet anyways.

until I get around to implementing #19.

Would this be satisfying?

With this patch, users with the 'administer nodes' permission can see unpublished nodes in the moderation queue, and approving a node publishes it. The behavior remains unchanged for users without the 'administer nodes' permission.

That sounds like the right behavior - I'll have to check the patch code.

patch code looks good, except $is_published and $publish should be assigned a default value of ''

committed attached patch. Thanks David.- there will be a 5.x-2.3 release soon with this added