Hi,

I posted a similar note on general forum and got no help. Someone suggested I post it here. I am really hoping that you can help as I am in desperate need of this ...

I run a small nonprofit that takes in submissions from student writers. We have a group of college students revieiwing the content, offering comment and sending them an e-mail to have them look at the comments. The submission, meanwhile, may or may not ever be published. I need the authors to have the ability to view/edit their own submission and to see the comment that is attached to it. Presently, this cannot be done.

The submissions are made through a simple content type I created called 'entry.' It is patterned after the story.module. All authenticated users have the ability to create an 'entry.' All entries when submitted are held in moderation and are not published until approved; as I said some content does not get approved (based on quality not content). I have given all authenticated users access control to edit own entries. I am using modr8 module and have set up workflow/actions that allow college mentors to post their comment and workflow/action sends automated message to author with a node link to original 'entry' and comment.

HOWEVER, authors get "access denied" when they use link to get to the 'entry' with comment that they created.

It appears modr8 overrules simple content "edit own entry" access controls. Is there a way within modr8 that allows author to view/edit his or her piece and thus see the comments?

This is very important.

Thanks
geoff gevalt
www.youngwritersproject.org

Comments

pwolanin’s picture

pwolanin commented
Status: Active » Fixed

The 4.7.x version of moder8 does not have any access control code, so this is not a modr8 issue. However, since I'm such a nice guy, I'll try to help anyway.

The problem may be that you are setting the nodes to be unpublished by default. I think in Drupal 4.7.x an author cannot see his own posts if they are unpublished. This feature was changed in 5.x.

see:

http://api.drupal.org/api/4.7/function/node_access

and compare to:

http://api.drupal.org/api/5/function/node_access

the key code change is at the end:

  // Let authors view their own nodes.
  if ($op == 'view' && $user->uid == $node->uid && $user->uid != 0) {
    return TRUE;
  }

You should be able to circumvent this problem by changing your implementation of hook_access()

try something like:


function entry_access($op, $node) {
  global $user;

  // Let authors view their own nodes.
  if ($op == 'view' && $user->uid == $node->uid && $user->uid != 0) {
    return TRUE;
  } 

  if ($op == 'create') {
    return user_access('create stories');
  }

  if ($op == 'update' || $op == 'delete') {
    if (user_access('edit own stories') && ($user->uid == $node->uid)) {
      return TRUE;
    }
  }
}
pwolanin’s picture

pwolanin commented

oops- obviously in that last sample code, change all instances of "story" to "entry"- or do whatever matches your current implementation with the addition of the code allowing users to always view their own posts. I just cut-n-pasted story_access()

ggevalt’s picture

ggevalt commented

You ARE a nice guy.
Thanks so much and I will try that out this evening and let you know how I fare.
Thanks again and know you are helping a good cause -- helping kids to write better.
cheers
geoff gevalt
www.youngwritersproject.org

ggevalt’s picture

ggevalt commented

Well this is the reason why I have stuck with Drupal and why I am so supportive of this CMS and why I am so appreciative of all the efforts behind it.

Your coding works perfectly. I did several different types of tests with it and it seems to do EXACTLY what I need it to and not a moment too soon.

Peter, I greatly appreciate what you've done. Thanks so much.

geoff gevalt
www.youngwritersproject.org

pwolanin’s picture

pwolanin commented

I'm glad to know it worked.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)