Allow access to view unpublished revisions (and revision tab)

Revisions would be a little more complicated -- I'm kind of ambivalent on its usefulness vs. amount of effort. If some more people roll in and say they want it too, maybe a different story... anyone?

This would be a great feature if it is possible.

Is there a chance this functionality might make it in?

Here is a patch for views_unpublished with revision support.

I ran into problems while using this with the diff module and the revision moderation module so this patch also includes code to allow these modules to work together.

It could be done without the code relating to those modules but seeing as those modules have high usage it is probably best to keep it in.

It gives two new permissions for view unpublished revisions and revert unpublished revisions.
Instructions are included in the readme in case they're needed.

This patch also includes a few coding standards fixes.

The patch will apply to 5.x-1.x-dev and 5.x-1.0

I haven't looked into the d6 version but I'm sure this could be ported with out too much hassle if people want it.

Here is a new version of the patch in #3 that dynamically assigns the modules weight on install.

Bumping to 6.x branch as this is not yet supported.

This patch checks user permissions for node revisions, if a user has access to view, revert or delete revisions the access callback is altered to check if the user has access to view the node in an 'unpublished' state. No alterations are made to node revision access for users that do not have at least 'view revisions'.

[edit] : this patch will also allow users with 'view revisions' permission to view revision diffs, provideded by the diff module.

The patch in #6 does not respect a user's permission. I believe that what is happening is that the menu alter results are cached. Since admin is likely the last one to have caused a menu rebuild the access rules for admin are applied. Perhaps what should happen here is that hook_menu_alter changes the access callback to one of our own making.

Attached is a new patch that takes the approach of view_unpublished supplying its own access callback for node revisions. It only applies to viewing revisions at the moment. It certainly needs work and review, especially when it comes to also working with revert and delete permissions. There is also the issue of providing the revision information fieldset to users who do not have access to the "administer nodes" permission.

interested.
subscribing..

Testing patch in #8 now. Got one hunk fail in the hook_menu(). Easily patched by hand. Looking at the patch though it should be easy enough to build this in as a separate module if it's not accepted into this one.

Anyway... on with testing.

This appears to work as advertised. The attached patch is made against the 6.x-1.x branch from git so should patch without the failed hunk.

Clean up the patch a little bit and added support for diff module. I guessed that as this module modifies the core node access menu, it should modify other modules as well.

This should sort out #670852: Access Denied when viewing revisions for an unowned, unpublished node which is on the diff issue queue.

Just noting this is, for now, only to view revisions, not revert or delete as those needs further thinking as stated in 8.

this might be what I need.

Is this RTBC?

I appeared to be the only tester, but maybe you can review/test yourself?

attached is a new patch with an improved version, followed new commits done on #1180572: Access Denied due to incorrect menu "access callback"

There's an incomplete comment here, could you take a look?

+/**
+ * Support for integration of diff module
+ *
+ * See
+ */
+function _view_unpublished_diff_node_revision_access($node, $op = 'view') {

Also, is there any reason to save the old access_arguments?

+    foreach (array('node/%node/revisions/list', 'node/%node/revisions/view/%/%', 'node/%node/revisions/view/latest', 'node/%node/revisions/diff-inline') as $menu) {
+      $old_access_callback = $items[$menu]['access callback'];
+      $old_access_arguments = $items[$menu]['access arguments'];

I realize _view_unpublished_node_revision_access() is going to need an array, but the format is non-obvious because = $items[$menu]['access callback'] is actually creating an empty element, rather than assigning a value like it does higher up in the function.

I realize _view_unpublished_node_revision_access() is going to need an array, but the format is non-obvious because = $items[$menu]['access callback'] is actually creating an empty element, rather than assigning a value like it does higher up in the function.

Why an empty element? And if it is an empty element, then it will be passed as empty all over the code, so no harm in that I think, but not sure I understood you correctly.

I am trying to follow the same approach of with the node/%node/view , what is it that you see different?

I already fixed the comment.

Any update on this?

Would love to see a d7 version of this patch. Sadly I need to look for another solution in the meantime.

Thanks for all the work done so far.

Deprecating 6.x.

In that case, can someone confirm whether or not this is something that is still missing from the Drupal 7 version?