I'm not sure if this is a configuration problem on my end, something that didn't make it into the D7 version or just outside the context of this module, but I'm seeing a potential issue regarding editing unpublished content. The module is working great to allow users to view unpublished content, but that user is loosing the ability to edit a node they previously could.

For my use case, I'm using override node options to allow them to unpublish content they can edit. This leaves them in a position where they can lock themselves out. I'm also using tac_lite to determine whether users can edit tagged content, but this seems to be happening when a user owns the content also.

I know there are some issues regarding access grants and unpublished content, but since it seems to have been addressed in previous versions (#300967: Edit unpublished nodes) I thought I'd ask.

Thanks in advance.

Comments

entendu’s picture

Status: Active » Postponed (maintainer needs more info)

Thanks for the report. Could you provide a use case so I can duplicate? (eg, who authored the node, who's trying to edit it, etc)

seanbfuller’s picture

Status: Postponed (maintainer needs more info) » Active

I did some additional testing and it seems there might be an issue regarding how this module and tac_lite (and possibly other node access modules) work together for unpublished content.

I set up the following test, which seemed to work fine:

  1. On a new install (d7-1.0 standard), create a new user called editor, leaving this user with just the default authenticated user role.
  2. On the permissions page, give authenticated users the ability to create and edit their own articles.
  3. Log in with that editor user and create an article.
  4. With the admin account, unpublish that article.
  5. Try to view that article again and you get an access denied.
  6. Install the view_unpublished module (7.x-1.0 in my case, also rebuilding permissions) and give authenticated users the ability to view any unpublished content.
  7. Go back in with the editor user and confirm that this user can now both see and edit that unpublished node they created.

So based on that quick test and on its own, view_unpublished seems to be working great for editing unpublished nodes.

Next I tested with tac_lite in the picture. This gets a little involved, and I think that similar issues are discussed in the d6 issue in the link above. There's got to be easier tests to set up with other node access contribs, but this was mine based on a current project:

  1. Add a new vocabulary called "Location", with two terms: "Chicago" and "London."
  2. Add two new roles: "Chicago editor" and "London editor."
  3. Edit the "editor" user so that it is a "Chicago editor."
  4. Under structure, add a "term reference" field to the article content type which uses our "Location" vocabulary. Make it required.
  5. Install the tac_lite module (in my case 7.x-1.x-dev). Don't bother rebuilding permissions yet, as it will give you an error until the next step.
  6. Go to people > access by taxonomy and choose "Location" as a vocabulary to add control privacy.
  7. On the same settings page, set the number of schemes to 2. Save.
  8. For scheme 1, name it "view" and choose "view". In the forms below, give access to all terms for anonymous and authenticated users. Save.
  9. For scheme 2, name it "edit" and choose only edit. In the forms below, give admin access to all terms, Chicago editors access to Chicago and London editors to London.
  10. Go to the taxonomy access settings page again (under people) and resave to rebuild permissions.
  11. As admin, republish that original node we created (let's call it "editor test") and assign it to Chicago.
  12. You should be able to edit it as the test editor user.
  13. As admin, create a second article node (let's call it "admin test") and also assign that to Chicago. Our test editor user should be able to edit that also.
  14. As admin, unpublish both nodes.
  15. Confirm that our test editor user can both view and edit the unpublished node they created, but they can only view the one created by admin. Republishing that node will allow them to edit it again.

In my original post I noted that I was seeing the user could not edit his own post, which may have been me missing one of the many steps above and not rebuilding something along the way.

Hopefully that helps debug this. Apologies the length of this post. Flipping back to active just so you see the response.

entendu’s picture

Status: Active » Closed (works as designed)

Thanks for the response. Hopefully it will help someone else who's looking. Marking as designed just for bookkeeping.