"delete revisions" permission [#124076]

I'm on a project that needs delete revision permission for node authors. Right now this is only possible by giving them admin node permissions which is far more than needed. I would like to see node_revision_delete function to be accessible by node authors. This is the actual function in node.module:

function node_revision_delete($nid, $revision) {
  if (user_access('administer nodes')) {
    $node = node_load($nid);
    if (node_access('delete', $node)) {
     ...
      }
    }
  }

  drupal_access_denied();
}

wouldn't it be enough to delete the first 'if (user_access('administer nodes'))'?? Are there any other implications in core on doing this? Is there any especial reason to restrict this function to 'administer nodes' permission?

I enclose a patch for this without this restriction to administer nodes for thsi function.

Comment	File	Size	Author
#4	node_71.patch	4.84 KB	robertgarrigos
#4
#2	node_69.patch	1.06 KB	robertgarrigos
#2
#1	node_68.patch	1.05 KB	robertgarrigos
#1
	node_67.patch	2.18 KB	robertgarrigos

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

robertgarrigos CreditAttribution: robertgarrigos commented 2 March 2007 at 11:49

File	Size
node_68.patch	1.05 KB

wouldn't it be better to have a new 'delete revision' permission? This is the patch for it.

Comment #2

robertgarrigos CreditAttribution: robertgarrigos commented 2 March 2007 at 11:54

File	Size
node_69.patch	1.06 KB

even better with an 'administer revisions' one, so other modules working on revisions (ie: revision_moderation.module) only have to change their 'administer nodes' with an 'administer revisions'.

Comment #3

toemaz CreditAttribution: toemaz commented 2 March 2007 at 15:01

You have my support on this matter. The patch looks good.

We might have to work all together (diff & revision_moderation devs) to enhance the revision system in core. This is just one of several issues concerning the core revision system.

Comment #4

robertgarrigos CreditAttribution: robertgarrigos commented 7 March 2007 at 17:38

Version:

6.x-dev

» 5.1

File	Size
node_71.patch	4.84 KB

I'm changing this to the 5.1 version which is the one I'm using. This new patch adds some changes to the node_access() function in order to have a new delete permission.

Comment #5

robertgarrigos CreditAttribution: robertgarrigos commented 7 March 2007 at 18:25

Status:

Active

» Needs review

Comment #6

StevenPatz

he/him

English

Alexandria VA

CreditAttribution: StevenPatz commented 8 March 2007 at 14:22

Version:

5.1

» 6.x-dev

new features go in cvs

Comment #7

BioALIEN CreditAttribution: BioALIEN commented 8 March 2007 at 15:37

You also get my +1 for this. As toemaz pointed out, there are a few modules related to the revision system. Essentially some of these should be committed back into core because the current Drupal revision system sucks and is flawed in my opinion.

New patches need to go into HEAD then backported to 5.x and maybe 4.7.x.

Comment #8

robertgarrigos CreditAttribution: robertgarrigos commented 8 March 2007 at 18:05

you need to apply a patch to book.module also if you use revisions on book pages and this node patch

Comment #9

Leeteq CreditAttribution: Leeteq commented 17 June 2007 at 22:53

+1 for this

fyi - I mentioned this in the request for suggestions for v6 here:
http://drupal.org/node/148757#comment-243111

Comment #10

catch

he/him

English

CreditAttribution: catch commented 26 October 2007 at 14:41

Title:	access to delete revision	» "delete revisions" permission
Status:	Needs review	» Needs work

There are now seperate "delete [node]" permissions from "edit [node]" which I think this tried to introduce. This seems enough of a change to bump it a version, and needs a reroll anyway.