More node permissions ("view unpublished nodes", "edit any node")

seems reasonable to me. anyone else?

I'm generally in favor of more finely grained permissions in general. However, I'm not sure if I like the "edit any node" set.

The "view unpublished nodes" permission and its kin, I like essentially as is.

However, I'm not sure if I see "edit any node" as the right way to break the permissions down. If you're trying to differentiate "edit node content" from "edit node metadata", why not break it down that way? I can see a case to allow certain classes of moderator to be able to publish/unpublish nodes, but not actually change the content. That would be the opposite of what you're doing in this patch, but there's no coverage there. I'd rather see "edit node" broken into "edit node content" and "edit node information", with "administer nodes" automatically implying both.

Does that make sense to anyone besides me? :-)

I think 'editing' and 'administering' are fair ways to put the distinction you're talking about. For a general user, editing a node involves altering its contents. 'Administering' involves publishing and unpublishing, altering comment statuses, deleting, etc. Referring to 'meta-data' and 'content' results in a new set of Drupal terminology that isn't used elsewhere in the system.

+1 for the patch and the permissions it proposes.

Even in the current permissions setup, having descriptions on permissions would be helpful. :-)

hehe. Hey, I think it's a good idea, too, but no one has set that patch ready to commit. If you think it is, please do so. Otherwise the Big People(tm) won't look at it, as they're busy elsewhere.

I am curious about this too. Currently, I can set a role so edit certain nodes, like a book page. But if the workflow sets it to 'unpublish', this person can't view the node ("Access Denied"), but they can edit it (example: node/29/edit).

So unless someone has the administer Nodes permission they can't see unpublished nodes, even if they are allowed to edit them.

I would die if this could be solved. Does the view module enable this???

Thanks

Big +1 on the view unpublished nodes permission. Just what I need.

Patch fails to apply with 4.7.2

Great work Timcn. Thank you.

It solved the issue I was having with unpublished user nodes. Now users can view and edit their unpublished nodes.

Node lists would show nodes you don't have access to; there is no way this permission could be used in SQL queries. The only way to fix this, is to use the query rewrite mechanism. Actually, we're moving towards eliminating the "$op == 'view'"-part of the _access hooks.

I'm tempted to mark this "won't fix".

Needs to be coordinated with http://drupal.org/node/72343 , to some degree.

I like the sugggestion in #2, since there is an unfilled need for this in 4.7 I'm trying to address with a separate module for 4.7.

Is there any issue open about changing the "$op == 'view'"-part of the _access hooks?

i'm a bit wary of adding more permissions like this since they make it impossible to control access via node access API. the return TRUE clause avoids all the calls to node_access table. for example, in order to do a workflow or private forum, admin has to disable all of these permissions. not a big deal, but it is confusing for admins i think.

what is the current way to view and edit your own created nodes while they await moderation?