Attached is a modified workflow module that I have been using. The major benefits are:

  • fixes several security holes (including forging of the _workflow field) by eliminating hidden fields and checking all input
  • fixes bug 24487 by allowing manual specification of the first state (the one after (creation))
  • introduces node state history (the who and when of each transition, as per 16643) in DB only (no interface for viewing)
  • introduces per-role access control for each transition (as per 16643)
  • introduces setting/viewing of all transitions on one screen (click the workflow's 'edit' link for transitions)
  • cleans up DB definition
  • improves completeness and accuracy of some comments
  • makes code simpler and more more modular

It's heavily revised and I'm not sure if it follows the development path you have in mind, but I thought I'd share it as it's been very helpful for my particular needs.

You'll have to run the following MySQL DB queries (preserves all existing data, not tested with PostgreSQL):

ALTER TABLE workflow_transitions ADD `roles` varchar(60) default NULL;
ALTER TABLE workflow_node ADD `uid` int(10) unsigned NOT NULL default '0';
ALTER TABLE workflow_node ADD `start` timestamp(14);
ALTER TABLE workflow_node ADD PRIMARY KEY (`nid`,`sid`,`uid`,`start`);

and optionally:

ALTER TABLE workflow_states DROP weight;
ALTER TABLE workflow_node DROP KEY nid;

This modified module will work with Drupal 4.6.x. To get it to work with 4.7/HEAD you'll have to manually change the 5 lines noted at:

http://cvs.drupal.org/viewcvs/drupal/contributions/modules/workflow/work...

Note that line numbers will be different: 669 and 965 (instead of 569 and 1000) so don't try to apply the patch!

CommentFileSizeAuthor
#12 workflow_1.module34.1 KBAlex Reisner
#9 workflow_0.module33.13 KBAlex Reisner
workflow.module31.79 KBAlex Reisner

Comments

Alex Reisner’s picture

Alex Reisner commented
Title: Rewritten module: bugfixes and new features » SQL mistake

I grouped the above SQL queries above incorrectly. To use the new module you MUST run the following queries:

ALTER TABLE workflow_transitions ADD `roles` varchar(60) default NULL;
ALTER TABLE workflow_node ADD `uid` int(10) unsigned NOT NULL default '0';
ALTER TABLE workflow_node ADD `start` timestamp(14);
ALTER TABLE workflow_node ADD PRIMARY KEY (`nid`,`sid`,`uid`,`start`);
ALTER TABLE workflow_states DROP weight;

and this one is optional:

ALTER TABLE workflow_node DROP KEY nid;
jvandyk’s picture

jvandyk commented

Finally had a chance to look through your changes. Good clean coding. Note that else { begins on its own line.

Hope to test this soon.

daneel-1’s picture

daneel-1 commented

I'm using Drupal 4.6.3 and I'm thinking of using your tweaked workflow module. The problem is that version 4.5.0 requires actions module and this one has not been updated for Drupal 4.6.x. Is it OK to install actions-4.5.0 with your workflow module ?

jvandyk’s picture

jvandyk commented

There is no 4.50 version of actions. It is cvs only. But it should work with 4.6.

daneel-1’s picture

daneel-1 commented

I installed actions-cvs, then workflow-4.5.0, replaced workflow.module with your version and ran the five SQL instructions. But then when I went to admin/modules to activate it, I had the full source code of workflow.module displayed before the module administration page.

What's the problem ?

pbull’s picture

pbull commented

daneel -
Oddly enough, the attached module code seems to be an html document (even though it is a .module file, Firefox renders it as html). Try copying and pasting the text (not the html source) into a text file and save that as workflow.module. Worked fine for us.

-digibike

DrupalAtHawthorn’s picture

DrupalAtHawthorn commented

I followed the instructions for using the modified version of workflow.module and successfully added a workflow, but when I click "edit" (admin/workflow/edit/1), I get a blank page and the Apache error log shows:

PHP Fatal error: Call to undefined function: formproc_render_form() in /Volumes/ArachneD2/wwwroot/drupalroot/modules/workflow.module on line 512

I apologize if this is the wrong place to report this.

Tom

Drupal 4.6.3/Mac OS X 10.3.9/PHP Version 4.3.11/Apache/1.3.33 (Darwin)/MySQL v 4.0.18

jvandyk’s picture

jvandyk commented

Yeah, I'm working on that.

Alex Reisner’s picture

Alex Reisner commented
Title: SQL mistake » Expanded workflow module
StatusFileSize
new workflow_0.module33.13 KB

Attached is now a further enhanced module with the undefined function problem fixed. Sorry about the confusion.

maui1’s picture

maui1 commented

I just downloaded the new expanded workflow_0.module, made the database alterations, but got the following Parse Error:

Parse error: parse error, unexpected T_STRING in /home/webhealt/public_html/modules/workflow/workflow.module on line 26

Is this a problem or typo in the the module file?

This looks like a great development on the workflow module, and I am eager to implement it.

waldirlieb’s picture

waldirlieb commented
Title: Expanded workflow module » Workflow triggers only for Admin user (first site user)

I am currently using Drupal 4.6.3 with Taxonomy module patched and taxonomy_access also patched. I am using workflow version workflow_0.module. These combined with lots of other modules.

I have set up a workflow ( creation -> draft reviewed -> (published or rejected) ), assigning actions with transitions and editing the (permissions per role x states) with the new enhanced permission page.

I have also assigned the workflow to the content types Story and Forum Topic.

When I tested it with admin user (first created user of the site), creating new content (story, or Topic Forum), the workflow is triggered and this user can see (in edit node) the new select list with the states he can submit to.
But when I try to do the same thing with some other user (even if the user is member of administrator group), the node submit does not trigger the workflow, and the content is published.

This is a strange behavior, and any help would be much appreciated.

Do I need nodeperm_role module for this?

Tks.

Alex Reisner’s picture

Alex Reisner commented
Title: Workflow triggers only for Admin user (first site user) » Rewritten module: bugfixes and new features
StatusFileSize
new workflow_1.module34.1 KB

Yes, yes, it's a bug. Sorry about the sloppiness, but it's fixed in the attached file. However, there is also an additional warning on the transition edit page:

You MUST enable some transition from the (creation) state for every role!

This is the price for being able to choose the state after (creation). If you don't choose a state, all nodes created by that role will bypass the workflow. I'll try to find a solution to this.

waldirlieb’s picture

waldirlieb commented

Thanks for answering Alex. I have updated with this new file.
Before testing...
What do you mean by "You MUST enable some transition from the (creation) state for every role!"?

I´m sorry but I did not understand also
"This is the price for being able to choose the state after (creation). If you don't choose a state, all nodes created by that role will bypass the workflow. I'll try to find a solution to this".

Could you clear it out?

jvandyk’s picture

jvandyk commented

Committed new 4.7-compatible workflow.module to cvs.

Alex Reisner’s picture

Alex Reisner commented

waldirlieb,

What I mean is that, for each role that might create a node in a given workflow, that workflow must define a transition from the (creation) state to some other state. Otherwise, the node will escape the workflow entirely. For example, if you have a workflow with states:

  • (creation)
  • Pending Approval
  • Approved
  • Rejected

If you forget to enable the transition from (creation) to Pending Approval for, say, anonymous users, any nodes posted by anonymous users will bypass the workflow and be published.

The 4.6 workflow module doesn't have this problem, but neither does it allow you to define the state that comes after (creation).

mfredrickson’s picture

mfredrickson commented

Did this hit? Can we close it? It seems like the current CVS does all this.

brick’s picture

brick commented
Category: feature » bug

alex and jvandyk, i was excited to see this updated module, since our 4.5 file wasn't working so wonderfully with a 4.6.3 install. our sysadmin installed it and attempted to edit and save a node. the PHP error below showed up. i take this to mean that the workflow module posted is issuing HTTP headers although it should be called from within another page that already does so. can anyone fill me in further or suggest a remedy?

warning: Cannot modify header information - headers already sent by
(output started at
/groups/nws/public_html/modules/workflow/workflow.module:1085) in
/groups/nws/public_html/includes/common.inc on line 192.

thanks,
aaron.

sammys’s picture

sammys commented

Hi everyone,

I've started on a path to migrate E-commerce to use actions and workflows and am researching the two. Unfortunately i've hit a snag. First thing was PostgreSQL support. I've countered that part with the file and patch provided in http://drupal.org/node/61703. The other problem is that tab_roles from {workflows} is still used in the code when they are not in the schema supplied in workflow.install.

What is happening with this module and will it be tagged for 4.7 so we can get a stable 4.7 release for this module?

Cheers,

--
Sammy Spets
Synerger
http://www.synerger.com

moshe weitzman’s picture

moshe weitzman commented
Status: Active » Closed (fixed)

i think this can be closed. it is all implemented ... pleased put ecommerce bugs on new issue