Finer permission for revision edit
Dave Cohen - September 12, 2007 - 00:56
| Project: | Revision Moderation |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Jump to:
Description
In my case, I need users to be able to edit revisions, even if they do not have 'administer nodes' permission. The attached patch makes this possible. And its a reasonable change, considering my user can access the edit tab to edit the current revision. It's reasonable to let them edit the latest revision, too.
This work sponored by medem.com.
| Attachment | Size |
|---|---|
| revision_edit.diff | 540 bytes |
#1
I hope this will be implemented in the next stable release.
#2
How about testing it rather than hoping? ;)
#3
I implimented the code above as it seemed to do what i wanted. but was unable to see the block of Pending revisions
I set revision moderation for Content type X and granted my user edit content type X permisions and view revisions
I changed the last line of following code which then provided the block to this user based on view revisions rather than administer nodes
/**
* Implementation of hook_block().
*/
function revision_moderation_block($op = 'list', $delta = 0, $edit = array()) {
if ($op == 'list') {
$blocks[0]['info'] = t('Pending revisions');
return $blocks;
}
elseif ($op == 'view') {
$block = array();
if (user_access('administer nodes')) {
to
/**
* Implementation of hook_block().
*/
function revision_moderation_block($op = 'list', $delta = 0, $edit = array()) {
if ($op == 'list') {
$blocks[0]['info'] = t('Pending revisions');
return $blocks;
}
elseif ($op == 'view') {
$block = array();
if (user_access('view revisions')) {
I am not sure exactly if this is thr correct way of doing things as i am still getting to grips with permissions. If a users view revisions permission is applicable only to those edit content types that have permission granted it seems ok
#4
this is a feature request and should be rolled against the 6 branch now
#5
Subscribing. This is a must have for designing custom moderation processes, where only some roles (which shouldn't have the "administer nodes" permission) are able to edit pending revisions.
#6
We need this ability on D6 as well. Any idea how to adjust the latest '6.x-1.0-alpha1' version?
#7
Subscribe
#8
Well, after getting some time to look into this deeper. Turns out that the original requested change in 'revision_edit.diff' has been integrated into the 6.x 1.0-alpha1 release.
However, we were running up against two issues:
1. Only users with 'administer nodes' can choose whether or not to create new revisions. We wanted to restrict this capability to particular node types and roles. Reference this feature request / hack: http://drupal.org/node/376385.
2. Also, revision_moderation seems to let users modify revisions when they do not have rights to modify the node itself. We made the following change in 'revision_moderation_nodeapi'
from:
$access_update = user_access('revert revisions');to:
$access_update = user_access('administer nodes') || (user_access('revert revisions') && node_access('update', $node));