Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By omeriqbal on
Greetings All!
We wanted to have the ability for our users to post a question so that it would go in a question queue and then, as someone answers the question, it will be published to our system.
One way I thought of it, without making any major changes, was to create a new content type: Question. And then I allowed anonymous to create this content type with the thinking that anonymous can create the content, an admin can look at the question, update the content to add a response and then publish it.
So I updated the permissions to allow anonymous user to create a question.
All good so far - except that when anonymous creates a question, he gets an Access Denied and that he's unauthorized to view the page. However, at the same time, the user also gets a confirmation that the quesiton has been created and when admin looks at the content, it in fact is created.
How can the 'access denied' message be changed or avoided?
To try it out, go to "faithplatform.com" and click "Ask a question" on the left hand menu.
Thanks
Comments
Funny, I created node/11,
Funny, I created node/11, then I am getting an "access denied" for viewing it but I still can edit it using node/11/edit.
My guess is that you have some access control module installed, which doesn't give permission to the author to "view" the node (core Dupal alone doesn't have separate "view" permissions only for some content).
In which case, find that module and configure its "view" permissions for anonymous users.
---- Edit to add:
By the way, I can also edit nodes created by previous users, such as node/10/edit and node/9/edit. If you haven't given anonymous users "edit any" permission for that type, but only "edit own", then maybe it happens because the anonynous user is always "user 0", the author of all of them. So, you may not want to allow them to "edit own".
No view permissions for questions
Thanks for your help. I don't have anything installed. I just installed the 'views module', but I haven't configured it or started using it. I only have whatever is installed with Drupal core, and just disabled a number of them to verify, but the same result.
Right now, I have allowed anonymous to edit and delete own question for testing, but will disable it on production site. Even with this enabled, it gives an access denied which doesn't make sense.
The only 'view' permissions exist in 'revisions' and 'statistics counter'. I enabled it for 'revisions' as well. There're none for question or any other content type or module.
Any other ideas, help would be great. The other option would be to replace the Access Denied string for a new question created in the theme, but I want to do that as last resort. (And it seems that this access denied is coming from Drupal_ method and not from theme_ method so I may not be able to replace it either.)
I could be wrong.
I could be wrong but, as I have always understood it, a node who's status is "unpublished" is not viewable by anyone who does not have the "administer nodes" permission.
So, even though it seems weird, you can give create and edit rights to anonymous users for a content type but they still can't "view" it because it is unpublished.
I would strongly advise against giving anonymous users the "administer nodes" permission.
Possible solution.
Maybe instead of having the node status be "unpublished" putting it in the moderation queue would be the best idea. There are some modules out there to help deal with moderated content also.
gforce301 is right, a
gforce301 is right, a content type "unpublished" by default can also cause this. If this is the case, no access control module is to blame.
But making it "unpublished" implies that you wanted this to happen, that you wanted to make the question inaccessible until answered by someone with admin nodes permission.
Thanks - it worked
Thanks folks. You are right. I turned it to published by default and it worked just fine.
Solves my issue. Since the question is not promoted to the front page, it can be published, and won't automatically be linked to. The anonymous user can look at it by pointing directly to it - that is a non-issue. It will just show up as an unattended question.
Thanks!
This is by design but should be done differently IMHO
Yes I believe that access should be denied for anonymous users after submission however the message that is given is deceiving and should be different. Instead of the standard access denied it should state that the item is now in queue for moderation rather than acting like it was rejected.
I use views to create my page so unchecking promote to the front page doesn't help in my case.
Is there anyway to modify the access denied message to say it has been set aside for moderation? This is very important for my guest book content type I created for my friends movie.
Same problem here
I have exactly the same problem.
I want to let anonymous users create article but then have them unpublished as the new content needs to be approved first before being published.
Has anybody found a solution to this "feature"?
One alternative, without
One alternative, without unpublishing, is to use the modr8 module (http://drupal.org/project/modr8) to moderate those posts. That is not an access control module, it does not make the moderated posts inaccessible, but prevents them from being listed anywhere, unless you are a moderator.
There is also the revision_moderation module (http://drupal.org/project/revision_moderation), which keeps the current approved revision of a post published if someone edits it, until the new revision is approved by a moderator.
Another way, again without unpublishing, is to install an access control module which has separate "view" permissions per user role for that content type ("view own", "view any" or none), such as the content_access, or nodeaccess, or node_privacy_byrole modules (choose only one), so that only a moderator user role can read the posts or see them listed.
There may be other ways, with unpublishing the posts, by using triggers and actions (see http://drupal.org/node/199254), or the more flexible rules module (http://drupal.org/project/rules).
Thanks
Many thanks...as I can see, plenty of options to chose from! Really appreciated your support.