Flexible revision permissions.

Thanks for your interest geoff!

"I want previous revisions of a node visible only to the author and administrator"

I think you're right.... I do not know of any permissions in drupal that offer granualarity by revision (or revision age) as well as by author (vs other users in the same role).
Permissions tend to be by role, by node type, by taxonomy (eg department) or by workflow state (or a combination) .

A "view archived revisions I created or edited" permission....
Hmm.... tough one...
Rik

Very logical feature indeed!
This wouldn't be very hard to implement: just ignore node module's "view revisions" permission. Instead override it and split to 2 small ones : "view any revisions" and "view own revisions". Then in access callback for "view own revisions" insert small check if $current_uid = $author_uid, voila. This is "plan minimum".
And "plan maximum" would be to implement revision access system, with table containing vid <-> uid relationships and such. So revision permissions would be per-uid-per-vid. Truly hardcore, isn't it ? :-D
I vote for "plan minimum"

Hmmm this is killer feature, indeed. Setting back to critical.

I made this as patch, testing it atm. For some reason I get unexpected behaviour..

@crea: I like the way you think!
@geoff: crea may be on to something useful here....
Rik

Ok, unexpected behavior was because of Panels messing with menu system. Nvm.
This patch adds 1 additional "view own content revisions" permissions, which acts on ALL revisions where node author is current user. Notice the name change, I did it to reserve "view own revisions" for future use of revision-author permission, i.e. we must distinguish between node author and revision author. This patch implements only node author permission hence the name.

Please review this. So with this patch one can give global "view revisions" permission to moderators only, and "view own content revisions" to authors.

I noticed there is $node->revision_uid too, so we have something like "revision author" concept. We can build on this, actually, without bringing any additional relationship tables, because most use cases are simple: we have several roles, like "moderator", "author of selected node" and "author" and the main goal is to split access between "author of selected ndoe" and "author" ones.
So logical advancement of this patch would be:

1. Evaluate needs for other node-author-only revision permissions

I'm not sure if we need it, because for other than "view" all revision operations depend on usual node permissions. But anyway, all ideas welcome.

2. Evaluate needs for other revision-author-only revision permissions.

When there are several authors working on single node, we could bring additional per-revision permissions, like to allow each author to view, edit, etc only on revisions where he is revision_author. So one could setup workflow where several authors work on single node, and only see their own revisions.
This would require additional rework of the module, though.

3. Implement what is needed

Thanks for your work in this area, crea
Looks promising. Will try it out as soon as I have time.
Rik

To the best of knowledge this patch solved the problem I was having and posted at:
"View Revisions" Permission does not descriminate by User Role
http://drupal.org/node/509552

Thanks for the patch Crea!
Steve

I'm not sure if it's my permission settings yet, or if it is the patch, but my authors do not get a button to view revisions anymore and they also are not seeing the "revisions pending" block.

The nice thing though is that revisions of published nodes are no longer visible to people who are not moderators or the author of the node.

I won't be able to work on this for the next few days, but I thought I should post this now since I found this problem and couldn't solve it right away.

Thanks again for your help!
Steve

wickwood, what did you mean by saying "but my authors do not get a button to view revisions anymore" ? Did you mean they can't even get button to view revisions of their own nodes ?

Hello Crea,

Yes, by saying "but my authors do not get a button to view revisions anymore", I do mean that "they can't even get button to view revisions of their own node?"

I woke up early today to work on this, because I got thinking that it must be a permission setting problem. But what I think happen is that my patched file got overwritten my the unpatched file when I was hastily moving things from my test server to the production server.

I probably should have waited to post until I had time to further research things, but as I'm going to be away from this for a few days, I thought I should post my experience in case it was an error with the patch. That was probably a wrong assumption.

I have not finished reviewing things here, and hope I can before I have to leave and will post back with the results as to what my actually problem is, beyond having to many things to do and not enough time to do any of them!

Steve

Hello Again Crea,

Well, as it turns out, I did overwrite my patched file on the production server.

However, it didn't fix my problem of having an author not get a button to view revisions of their own node. (I've checked both test and production server environments.)

Here are the permissions I have for my author for the revisioning module:
access 'Pending' tab - checked
edit revisions - checked
view own content revisions - checked

Moderators have these permissions for the revisioning module:
access 'Pending' tab - checked
edit revisions - checked
publish revisions - checked
unpublish current revision - checked
view own content revisions - checked

Moderators also have these permissions for the node module:
revert revisions - checked
view revisions - checked
(these are unchecked for moderators)

So when as an Author I go to 'Manage Content' and click on the 'I can edit' and 'In Draft', I see the node listed that was edited from a published node and saved 'In Draft' workflow state.

When I click on that node to view/edit it, I get to options 'View Current' and 'Edit Current'. There is no option to 'View Revisions'.

I'm also not getting the 'Revisions Alert' block for the Author anymore when they have revisions in draft mode that need their attention.

I've rebuilt my node permissions, but this has no effect.

So, definitely part of my problem was a stupid error on my part. But there is still something wrong, perhaps another stupid error on my part.

I'll have to work on this more later, but do you have any ideas as to what I should double check?

Thanks again for your help,
Steve

Ah there are probably parts of the module I forgot to change. Actually I don't use those "Manage Content" stuff at all :)
Since I published this patch there happened lot of changes, including next release, so this patch probably doesn't apply anyway.
I can reroll patch, but I need Rik's opinion first so if he's going to rework this patch himself I don't duplicate his effort. Setting to "needs work" for now.

That would explain it, and in my haste last week I also didn't notice this patch was against 6.x-2.5 and I applied it to 6.x-2.6.

I'm spending some time today to see if I can figure out what's going wrong. I don't know how to "roll patches" yet or use CVS system. That's another porject I really need to put sometime into.

Anyways, thanks for pushing the ball forward Crea!

Steve

Actually I guess this patch was not built against the stable 6.x-2.5 version, but one of the past Dev versions because the patch to function revisioning_perm() doesn't match 6.x-2.5 but does match 6.x-2.6.

Steve

I didn't mean this patch would behave different in 6.x-2.5 and 6.x-2.6. By rerolling I meant adapt it for latest dev version (if needed), PLUS add same permission check for "Manage content" stuff. Judging purely from your feedback that stuff still uses old global permission.

Hi guys,
Wow, I went away for a few days and you guys went gung-ho!
Time to assess the back-log!

@crea #15: if you're happy to re-roll a patch based on the latest development version (identical to latest release) and including everything you and Steve want change, then I'm happy to check that in as a development snapshot ASAP, for all to play with and as a base for the future.
That should address #509552: "View Revisions" Permission does not descriminate by User Role as well as #513078: Flexible revision permissions..

When reasonably stable, we can then throw in crea's Rules and Panel integrations, provided most of the code is in separate files, with not too many "hooks" into the main Revisioning module, which is what I believe crea has done or intends to do.

Let's keep up the good work!

Rik

Some bad news: there's problem with "I can edit", "I can blahblah" etc stuff. It's served by get_nodes() in Module Grants and it seems to duplicate Views functionality and I don't want to adapt my patch to fix it. I simply don't understand what it's doing in the module while it could be done with Views.
I think that piece of code must be removed in favour of Views integration. You can start by investigating what is possible with get_nodes() and not possible with Views and fixing that. Unfortunatly, I don't have time for that now, and I'm quite happy with the current state of the patch. So it's up to Rik to decide what to do next.

@Rik: It seems things are not so simple if we want new permission affect listings too, and it will take lot of time. Meanwhile I would be happy if you committed Rules integration patch first, not because of Rules integration itself but because of big code refactoring it contains. And I don't quite understand you mentioning "When reasonably stable". I think it can be put in development version in any state, dev versions are meant to be place for unstable and untested code so I think it's ok. As you released stable version, it's good time to finally start following common release cycle practice.

I've been studying the 2 modules most day to see how I might allow authors to view all revisions to their own nodes and not give them the ability to view all revisions for published nodes that they did not author unless they have the full 'view revisions' permission,

I have some ideas, but they haven't completely worked yet. Currently, all users now don't have access to node/%/revisions, which I know is a step backwards.

I don't know how to use CVS or role patches yet, and I'm going on vacation starting tomorrow for a week, so I'm attaching the .module files as .txt for both Revisioning and Module Grants modules for those of you who can create those patches so you can see what I've done and the direction I was heading in if you have an interest. Hopefully that will helpful to really solving this problem.

I may be totally off track with my efforts, but I hope it provides some inspiration.

Steve

P.S. Anyone know of a good tutorial for learning how implement and use CVS on a Mac? It's really something I know I have to learn if I'm going to be of use to others in module development. I hope to learn that in August.

Hi Steve,
We crossed mid-air...
I had a little time and have implemented crea's patch as mentioned in #8 of this thread.
Am about to check it in. This patch contains mods to revisioning.module only. Not sure yet, whether module_grants.module should be afffected too. We'll soon find out when we test-drive it.

I've called the new permission "view own revisions" rather than "view own content revisions", although as discussed above in this thread it really is a "view all revisions if initial creator of node".
You need to upgrade Module Grants as well because part of your symptoms are due to #526158: Revisions tab doesn't show when content only has one revision.

As for CVS on the Mac... Apparently CVS is no longer easily available by itself as a small downloadable unit. But if you're using Eclipse as your IDE, then you're done as it comes with a CVS plug-in built-in. And a PHP debugger.
That's what I'm using on my Mac (and at work, on Windows too).
NetBeans no doubt has similar options.

Enjoy your holiday!
Look forward to your analyses and input when you get back.

Rik

@crea #20
And I don't quite understand you mentioning "When reasonably stable". I think it can be put in development version in any state, dev versions are meant to be place for unstable and untested code so I think it's ok.

I agree... what I meant was let's not have three different but possibly interfering patches thrown into the mix at the same time, eg Rules integration, Views integration, Flexible permissions unless we can reasonably confident that their effects are orthogonal. Otherwise bug fixing becomes a pain.
Anyway the Flexible permissions is in now. I might spend some time on refactoring Revisioning, as you suggested in #516404: Module rework and Rules integration, separating those drupal_set_messages out from the functional operation, so that we get a cleaner base.

Rik

Fixed in devel, ready for testing.

I think "view own revisions" is quite misleading name, especially when there can be several authors working on single node: authors can have "own" revisions on "not own" content, and with "view own revisions" permission they may expect to access those revisions too while they won't be able to. Also this permissions allows authors to see not only their own revisions, but also revisions of other people, for example moderators.
I renamed it to "view own content revisions" for these reasons too. Why did you change it back ?

Unfortunatly in Drupal 6 we don't have separate permission descriptions yet (as we will in Drupal 7) so we need to choose most self-descriptive names we can.

Agree with you that permissions in D6 could be improved -- bring on D7
Agree also that "view own revisions" is ambiguous.
Don't agree that "view own content revisions" is more descriptive than "view own revisions". Revisions refer to content, so slipping in that extra word adds little in making it clearer to the layman. In fact depending on how you read it, it may make it worse, as to some "content revisions" could be interpreted as revisions of content as opposed to revisions of something else, say, "user profile revisions".

So if anyone can come up with a better term, I'm the first to put it in, otherwise it will be a matter of education, i.e. putting it in the documentation.

For those watching.... we're looking for a short phrase that conveys the meaning of "view all revisions stemming from to the initial draft I created". Maybe "view revisions of draft I created" although that's getting a bit long already....

Ok, maybe it was not the best name, however "view own revisions" is much worse. I explained one of the reasons why we shouldn't choose "view own revisions" name before: if at one moment you wanted to implement "own revisions" permission that will work on revisions where user was last person editing it, you would have problem cause most logical name would be already taken. So I was surprised that you ignored that point.

How about "view revisions of own content" ?

I reckon that's the best one so far :-)
Committed to repository. Will be available in dev. snapshots 23 July and later.

Hi geoff,
Thank you so much for your inspirational feedback!
I'm glad that we had the opportunity to act like good citizens of the open source community and contribute something back.
Most credit goes to crea, as he coded the feature you needed.
It is one that we hadn't thought of until you requested it and one that may benefit many others, so thank you for suggesting it.
I love your site and the honorable mission you've embarked on. Great that you're able to reach so many students with such a small but cost-effective outfit.
Very happy we were able to assist you in keeping up the good work.
Rik

Hello Rik and Crea,

I'm back from vacation and testing out the new dev versions of Revisioning and Module Grants. Thanks working on this, but unfortunately it's created a new problem for me. I'm not starting a new issue because I don't think the new problem is unrelated to this current work.

When reviewing published content, everything seems to work correctly. That is, authors and moderators can access and edit revisions as they should be able to, but non-authors who are allowed to contribute the same content types but do not have moderation permissions can not access the revisions.

Then I tried creating new content, and discovered that the contributing author does not get the option to edit.

I'm using 4 Workflow states to control moderation and publishing:
in draft - only the author can edit
in review - only moderators can edit
live, published - viewable to all, authors and moderators can make new revisions
Unpublished - only moderators can view and edit

And now when the node is in the 'In Draft' workflow state, the no one except the Grand-Super-User can access the content.

So I'm changing the status of this ticket back to 'needs review'.

Now I'm going to go into debugging mode, and see if I can't track down where the permission is being denied starting with uncommenting the drupal_set_message lines in Module Grants, because I know that will be your first suggestion Rik!

Thanks for the hard work on this, I know we are very close to having this work for me too!

Steve

P.S. At this point, I have no idea for a better name for the 'view revisions of own content'.
P.S.S. Thanks for the tips on the CVS Rik, I hope to work on that next week sometime.

I know this is again a very long post, and I hope you, especially Rik, find it useful.  My mind is spent now, and I'll pick up again tomorrow to see I can't help push this further to tracking down why my Authors can no longer access unpublished content with current dev versions of Revisioning and Module Grants.

Also, I'm still not sure if this should be a new thread or not.

Anyways, followin is my test and results:

1. As a contributing author, I created a new node of page content type and saved with 'in draft - only the author can edit' workflow state.
2. Upon saving I was taken to "View" the node.  I also had a tab for "Revisions" and the following drupal messages:
   

   Initial draft created, pending publication.
     Page Test page new revision has been created.

   'view' access=1 by workflow_access-grants: 'Test page new revision'
     'view' access=1 by workflow_access-grants: 'Test page new revision'
     op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
     'view' access=1 by workflow_access-grants: 'Test page new revision'
     'view' access=1 by workflow_access-grants: 'Test page new revision'

   I think it is intersting to note here that op='update' has no value here and creator is -1.  I'm still logged in as the author, so I would expect creator to be 1.

3. If I click on the the "Revisions" tab, I get a list with one revision, and the following drupal messages.

   Unpublished page Test page new revision has only one revision

   op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
         'view' access=1 by workflow_access-grants: 'Test page new revision'
         'view' access=1 by workflow_access-grants: 'Test page new revision'
         'view' access=1 by workflow_access-grants: 'Test page new revision'

   Again, op='update' has no value and creator is -1.

4. If I click on the one listed revision, I get 2 sub-tabs: "List  all revisions" and "View".  There should be an edit tab here, too but that does not show up. I also have 1 drupal message:
   

   op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
         'view' access=1 by workflow_access-grants: 'Test page new revision'
         'view' access=1 by workflow_access-grants: 'Test page new revision'

   Again, op='update' has no value and creator is -1.

5. If I click on "Manage Content" >> "I Created" >> "In Draft, Pending Publication", the node I'm testing is listed and this drupal message:
   

   op='view', is_published='-1', creator=8, modifier=-1, is_moderated='1', is_pending='1', max=1000, show_msg='1', order=
         'view' access=1 by workflow_access-grants: 'Test page new revision'
     op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

6. If I click on "Manage Content" >> "I last modified" >> "In Draft, Pending Publication", the node I'm testing is listed and this drupal message:
   

   op='view', is_published='-1', creator=-1, modifier=8, is_moderated='1', is_pending='1', max=1000, show_msg='1', order=
         'view' access=1 by workflow_access-grants: 'Test page new revision'
     op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

   For some reason on the first line the values for creator and modifier have reversed.

7. If I click on "Manage Content" >> "I can edit" >> "In Draft, Pending Publication", the node I'm testing is NOT listed and this drupal message:
   

       op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=1000, show_msg='1', order=
     op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

8. So at this point, me as the Author of this node do not have access to edit the node.  And since it is in the Workflow state 'in draft - only the author can edit' I cannot access it from a page moderator role either.  So, switch to User #1 that has all the permissions.  Now edit tab shows up between "View" and "Revisions".  And if I go to "Revisions".  While Viewing the node, I have this drupal message:
   

       
       op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

9. If I click on the "Edit Tab" I have this drupal message:
   op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
10. If I click on the "Revision Tab" I have 1 revision listed and these 2 drupal messages:

    Unpublished page Test page new revision has only one revision
    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

11. Upon clicking on the 1 revision for the node, I get the subtabs: "List all revisions", "View", "Edit", "Publish this" tabs and these 2 drupal messages:
    Displaying pending revision of page Test page new revision, last modified by Steve Wickham on 07/31/2009 - 7:40pm
op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
12. I now edit the node, and save, but leave it in the Workflow state 'in draft - only the author can edit' and I get these 2 drupal messages upon saving:
    

            Page Test page new revision has been updated.
          Displaying pending revision of page Test page new revision, last modified by gdems-admin on 07/31/2009 - 8:10pm

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

    I should have created a new revision automatically here, don't know why that didn't happen.

13. Now, I switch back to the author user.
14. I still don't have an edit tab between "View" and "Revisions".  On the View tab I have this drupal message:
    

    'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'

    Which is the same as when we orginally created the node.

15. After clicking on "Revisions" tab, I get 2 sub tabs, "List Revisions" and "view" and the following drupal message:
    

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
        'view' access=1 by workflow_access-grants: 'Test page new revision'
      'view' access=1 by workflow_access-grants: 'Test page new revision'

    Which is almost the same as the message in step #3.

16. So now, I switched back to Super-User #1, and edit the node and change Workflow state to 'in review - only moderators can edit' and I get these Drupal messages:
    

    Page Test page new revision has been updated.
          Displaying pending revision of page Test page new revision, last modified by gdems-admin on 07/31/2009 - 8:25p

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

    I don't know why when I edit this node from this user, I don't get new revisions made.
    

17. I now switch to a user with Page Moderator permissions.  Revisions Alert box says I have 1 revision pending, and as this user I do have an Edit Tab while viewing the node, and I also have the node listed when I go to "Manage Content" >> "I can edit" >> "In Draft, Pending Publication"  I get the following drupal message on the View page:
    

    'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
          'update' access=1 by workflow_access-grants: 'Test page new revision'
          'update' access=0 by workflow_access-grants: 'Albany Democratic Committee Picnic'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'update' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'

    I don't know why I get the one line with 'Albany Democratic Committee Picnic' when that node has nothing to do with this node.

18. I now edit the node as the moderator, change the workflow state back to "in draft - only the author can edit".  I get these 2 messages upon saving:
    

    'update' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
          'update' access=1 by workflow_access-grants: 'Test page new revision'
          'update' access=0 by workflow_access-grants: 'Albany Democratic Committee Picnic'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'update' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'

    Page Test page new revision has been updated.
    Displaying archived revision of page Test page new revision, last modified by gdems-admin on 07/31/2009 - 8:25pm

19. Now when I click on "Revisions" tab, I do get a list with 2 revisions.
20. I know switchback to the Author User, click on the new revision, and I still do not have the option to edit anywhere.  All I have is the 2 subtabs, "List All Revisions" and "View" and this drupal message:

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

21. So I now switched back to the moderator, and for some reason I have the edit option there.  Anyways,  I click edit, and discovered the workflow actually did not change.  Perhaps I didn't chagne the worklow state as i thought i did, but I'm pretty sure that I did.  So I change it again, save, and get this drupal message:
    

    'update' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
          'update' access=0 by workflow_access-grants: 'Test page new revision'
          'update' access=0 by workflow_access-grants: 'Test page new revision'
          'update' access=0 by workflow_access-grants: 'Albany Democratic Committee Picnic'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'update' access=0 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'

22. Now clicking on "revisions" tab, I see 3 revisions: The last 2 are inded listed as being in the "in draft - only the author can edit".  And if I go to "Manage Content" >> "I can edit" >> "In Draft, Pending Publication" there is nothing listed.
23. So now I switch back to the Author user, and I still have nothing listed under "Manage Content" >> "I can edit" >> "In Draft, Pending Publication" for the author either. The Drupal message is:
    

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=1000, show_msg='1', order=
          op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

24. There is also nothing listed under "Manage Content" >> "I Created" >> "In Draft, Pending Publication" and the drupal message here is:
    

    op='view', is_published='-1', creator=8, modifier=-1, is_moderated='1', is_pending='1', max=1000, show_msg='1', order=
      op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

25. Nothing is listed under "Manage Content" >> "I last modified" >> "In Draft, Pending Publication", but there shouldn't be since the last edit was by the Moderator.  The drupal message is:
    

    op='view', is_published='-1', creator=-1, modifier=8, is_moderated='1', is_pending='1', max=1000, show_msg='1', order=
          op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp D

26. So up to this point, the author has never had access to edit the node since they created it, but the moderator some how had access once to the node after making the second revision.  Now I will switch to the Super-User again and change the workflow state to Live.
27. After switching back to the Super User #1, and looking at the revisions for this test node, I noticed that the first revision is listed as archived and saved by the Super User.  This probably explains why the Author does not see the node listed under "Manage Content" >> "I Created" >> "In Draft, Pending Publication".  This may also explain why the Author cannot edit it.  There are also 2 other revisions listed as being in the "In Draft" Workflow state saved by the Moderator User.
28. As the Super User, I edit the last revision of the node and change the state to "live", and I get these 2 messages upon saving:
    

    Revision has been published.
          Revision has been published.
          Page Test page new revision has been updated.
          Displaying current, published revision of page Test page new revision, last modified by gdems-admin on 07/31/2009 - 9:01pm

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC

29. I now switch back to the Author User, and now I have these tabs: "View Current", "Edit Current" and "Revisions" and this drupal Message:
    

    'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'update' access=1 by workflow_access-grants: 'Test page new revision'

    So now that the node is Published, the orginial Author has access to edit!

30. Now, when I click on the "Revisions" tab, I have 3 revisions listed 2 older ones listed as archived, and one current one listed as published.  I also have this message:
    

    'delete' access=0 by workflow_access-grants: 'Test page new revision'
          op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'
      'update' access=1 by workflow_access-grants: 'Test page new revision'

31. If I click on any of the revisions now as the Author, I get an option to Edit!!!
    When viewing the oldest revision, which is archived, I get this drupal message:

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
          'view' access=1 by workflow_access-grants: 'Test page new revision'
          'update' access=1 by workflow_access-grants: 'Test page new revision'
          'view' access=1 by workflow_access-grants: 'Test page new revision'

    When I view the 2nd oldest revision, which is also archived, I get this drupal message:

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
      'view' access=1 by workflow_access-grants: 'Test page new revision'
      'update' access=1 by workflow_access-grants: 'Test page new revision'
      'view' access=1 by workflow_access-grants: 'Test page new revision'

    And when I view the newest revision which is published, I get this Drupal message:

    op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
      'view' access=1 by workflow_access-grants: 'Test page new revision'
      'update' access=1 by workflow_access-grants: 'Test page new revision'
      'view' access=1 by workflow_access-grants: 'Test page new revision'

    Notice that all have 'upate' access = 1, which was not listed before.

So I don't know why it is, but it appears that the Author role now only has access to edit Revisions after the node has been published.

All the Best,
Steve

Wow Steve!
Welcome back! Hope you had a lovely break. And what a way to re-enter the stage!
Will need some time to digest this...

BTW... what version of Revisioning and Module Grants were you using in your experiments? I'd suggest you use the latest "official" versions, i.e. Revisioning 6.x-2.7 and Module Grants 6.x-2.6. The dev version of Revisioning was significantly modified to cater for the pending Rules integration and is not expected to be stable yet.

Re your point 28....
Are you saying that you get the "Revision has been published" message twice? That looks very similar to #536826: Messages are displayed twice...

Rik

Hello Rik,

Thanks for the welcome back, and I know that was an overwhelming post (many of mine are), but I hope that my completeness of documentation will help track down these subtle glitches.

At first I thought it was working just fine, but I was just looking at published nodes, because that's where my access problem was before. That is any author with access to revisions for a given node type could see all revisions for published nodes that they were not the author of. That seems to be fixed.

However, now the actual author of node does not have access to revisions of unpublished nodes.

My test were done with the latest dev versions of the modules, and I will install the stable versions today and rerun my tests.

I will also keep an eye open for the Messages displayed twice like in point 28 and #536826: Messages are displayed twice.... I didn't notice that until you pointed it out.

It's amazing how what would appear to be a simple, straight forward concept as revisioning and moderation can actually have so many complexities and nuances to it.

Thanks again for all you hard work on this, I don't know what I would do with out it!

Steve

Edited: nvm, i'll look into it deeper when I have time.

Hello Rik,

Just installed the stable 6.x-2.7 version of Revisioning and 6.x-2.6 version of Module Grants. I uncommented the 3 lines in Module Grants with drupal_set_message calls.

Created a new blog entry and saved it with "In Draft - Only Authors can edit" Workflow State.

Upon saving the blog node, I got these 2 messages:

'view' access=1 by workflow_access-grants: 'test blog revisioning 2.6'
'view' access=1 by workflow_access-grants: 'test blog revisioning 2.6'
op='update', is_published='-1', creator=-1, modifier=-1, is_moderated='1', is_pending='1', max=100, show_msg='', order=timestamp DESC
'view' access=1 by workflow_access-grants: 'test blog revisioning 2.6'
'view' access=1 by workflow_access-grants: 'test blog revisioning 2.6'

Displaying pending revision of blog test blog revisioning 2.6, 
last modified by Steve Wickham on 08/01/2009 - 1:00pm

But there is no option to Edit this newly created node by the author. Only have tabs for View and Revisions. Also the node is not listed under "Manage Content" >> "I can edit" >> "In draft/Pending publication".

I'm going to review my workflow settings now, but they should be correct because I didn't have this problem in previous versions.

Assuming that is correct, I'll start looking in the code again and see if I can't help you track down where things are breaking down.

I think we should call this The Drupal Dance: Take 2 steps forward, and 1 step back, side-track left and side-track right, and spin your wheels, and of you go...Take 2 steps forward...

Steve

My Workflow permissions look fine.

All of my Workflows only allow Author and Webmaster (Super User Role) to edit nodes when in the "In Draft" state.

So I'm moving on to look at the code and see if I can't figure out where this breaks.

Steve

I think I have found the problem. I had removed the permission 'View Revisions' from all users except moderators in order to prevent non-authors from viewing reivsions before, and this worked with the patch that Crea had made.

I still have some testing to do to make sure this is solves the problem I'm having of Authors not being able to view their own unpublished content completely, and that there are no other new problems.

I'll keep you updated.

Steve

Now that I have turned on the 'View Revisions' permission again, I'm back to the problem of having people who did not author the node being able to see all of the revisions for a given node. This is the problem I originally described in http://drupal.org/node/509552 and which I thought was duplicated by this thread. Since Crea posted the patch here, we closed that thread.

So perhaps I'm not understanding what was "fixed" here and perhaps my original thread needs to be reopened.

Darn, I thought I was stepping forward.

Steve

OK, so I turned off the "View Revisions' permission again for everyone except moderators.

Then, in Module Grants 6.x-2.7 starting at line 535 I changed the following

// If the node is NOT published and user does not have the "view revisions"
// permission, deny access, UNLESS it's the author viewing their only revision
if (!$node->status && 
    !user_access('view revisions', $account) && 
    !($op == 'view' && $account->uid == $node->uid && $account->uid > 0 && get_number_of_revisions($node->nid) == 1)) {
    return FALSE;
  }

to the following

// If the node is NOT published and user does not have the "view revisions"
// permission, deny access, 
// UNLESS it's the author and they have "view revisions of own content" permission
if (!$node->status && 
    !user_access('view revisions', $account) && 
    !($account->uid == $node->uid && $account->uid > 0 && user_access('view revisions of own content', $account))) {
    return FALSE;
  }

This prevents prevents people who are not authors from viewing any revisions unless they are the Author of the node or the Moderator of that node-type. Also, now the Author and Moderator are able to Edit the published and unpublished nodes.

My only problem now is that that unpublished nodes that are also controlled by TAC-lite are not showing up for the Author for any of the Tabs under "Manage Content" and are not being counted for the Alert Box. However the author does have the ability to edit the node revisions.

Also, I don't understand the reasoning of the original code, Rik. Why do you want to restrict Authors to viewing a node only if there is 1 revision?

OK, time for a break and then hopefully I can crack the remain issue with TAC-lie control.

Steve

Hi Steve,
You're really getting your hands dirty with this aren't you Steve?!

It looks like you've got most of it under control and have identified the culprit line, no 535.
Just quickly...

Re #44:
"Why do you want to restrict Authors to viewing a node only if there is 1 revision?"

The original line of code dates back to the time before "view revisions of own content" was introduced. What could happen was that an author created and saved new content, but were then unable to view their own initial draft because they didn't have "view revisions" permission. Hence the hack.

Your solution is much better and in the spirit of the new "view revisions of own content" permission.

By "Manage content" do you mean the doubly-tabbed page "Accessible content" ?

Sorry, don't have more time today. Good luck with the TAC side of things...
Rik

Hello Rik,

Yes, I do have dirty hands. This thing is really the last thing holding up the project I'm working on, so I have a real vested interest in seeing this work.

By "Manage content", I mean the pages accessed by "Manage Content" menu item, which takes you to the "/accessible-content" pages. I think that is what you mean by "doubly-tabbed page Accessible content".

So far the TAC side of things still has me baffled as I can view and edit the node as an author, but it doesn't show up on the "/accessible-content" pages. My testing has led me back to the same culprit line, no 535. Just now trying to figure why that is.

I think you are just starting your day as I'm ending mine here. Have a good one!

Steve

When I'm testing I put in my own 'drupal_set_message' calls, and I added the following just before line 525.

drupal_set_message("!node->status is ".!$node->status, 'warning');
drupal_set_message("!user_access for view revisions is ".!user_access('view revisions', $account), 'warning');
drupal_set_message("!(...view revisions of own content...) is ".!($account->uid == $node->uid && $account->uid > 0 && user_access('view revisions of own content', $account)), 'warning');
drupal_set_message("account->uid is ".$account->uid, 'warning');
drupal_set_message("node->uid is ".$node->uid, 'warning');
drupal_set_message("user_access for view revisions of own content is ".user_access('view revisions of own content', $account), 'warning');

I also added this code at the begining of the 'while statement' in the get_nodes function:

drupal_set_message("testing '$node->title' for access", 'warning');

so I can see which node is being tested as well.

Anyways, the node that I thought was not showing up do to TAC-lite, is being killed because account->uid is 8 and node->uid is 7. uid 8 is the author, uid 7 is the moderator.

The node table shows uid for the node to be 8, and the node_revisions table shows 3 revisions with uid of 1, 7, 7 (oldest to newest).

I believe that the uid in the node_revisions table should reflect the uid of the user that made the revision, and if this is true, some how the node I was having problems with got screwed up in this table. So I changed the UID for the last revision to be 8 for the author, and then it properly showed up in the lists on the "/accessible-content" pages and in the alert box.

What I don't understand is why it was still showing up for editing and viewing when I went to the node directly.

To test further, I created a new test node that used TAC-lite and Workflows, and this worked correctly going back and forth between Author and Moderator and was not accessible to non-authors and non-moderators, as it should be. Also the list of revisions was not accessible to non-authors and non-moderators.

I think the changes that I made in the code as out lined in #44 fixes things for me now. I'll double check things tomorrow when I have more brain power. This Drupal Dance can really wear you out!

Steve

P.S. One of the things I don't fully understand too is why the get_nodes and module_grants_node_access functions get accessed so many times when evaluating a single node and the lists on the "/accessible-content" pages. This may be why messages to end users get duplicated sometimes.

Hi Steve,
Well when the music to the Drupal Dance stops I hope we're still standing!
And yes, since we work at opposite times of the day, this means that this issue is being attended to 24 hours a day. How's that for support?
So it sounds you got hit by a red herring with that corrupted piece of content and unfortunately found yourself wasting time on it... But I understand that with your patch we are very close to a solution.
Great stuff!
Rik

PS: to answer your PS... I can understand that module_grants_node_access is called multiple times when accessing a single node.... it's because this is an overriding hook that gets called every time any module wants to inquire about access to a node, e.g. Workflow, TAC(-Lite), Revisioning as well as modules you and I weren't even aware off!

Good Evening/Good Morning Rik,

It is pretty cool that we are working on this at at opposite times of the day and it really does help move it along faster than if we had to work on it at the same.

I definitely got thrown a red herring with the corrupted node. Not sure how that happened, but with all the changes and tests it's not surprising and I'm glad I found it relatively quickly.

Your answer to my PS is what I thought was happening, I just couldn't track down all the times it was being called. Guess it really doesn't matter actually at this point.

I did some more tests last night before finally going to bed, and did not find any problems. If anything else creeps up, I'll start a new ticket as this one is so long and complex now. But I'll let you decided if the status of this ticket is "fixed" now or should stay in "needs review".

Thanks for your help, as always,
Steve

Hi Steve,
I have committed your mod into the repository. Should be available as dev. snapshot soon.
As well as checking for "view revisions of own content", I kept the original check, as Module Grants may be used without Revisioning and it wouldn't be right if an author couldn't view the content (that is the single revision) they just created!
Rik

That makes sense to me. So far, I have not run into any other problems. Will be reviewing things again this afternoon with my client, so if anything will go wrong, it will happen when I'm showing it to them I'm sure!

Steve

ugh.. i was so excited when i got to the bottom of this amazing thread because i thought for sure my problem had been solved.

i believe i have a nearly identical setup and requirements as indicated in #14 but i'm still getting the "no edit" tab problem indicated in #40

i'm running:
module_grants-6.x-2.x-dev
revisioning-6.x-2.x-dev
workflow-6.x-1.x-dev

node permissions:
author has create article (no revert revisions and no view revisions)
moderator has create article, revert revisions, view revisions

revisioning permissions:
author has access 'Pending' tab, edit revisions, view revisions of own content
moderator has access 'Pending' tab, edit revisions, view revisions of own content, publish revisions

workflow moves from
1.creation
2.draft (per workflow_access only author has view/edit/delete)
3.editing (per workflow_access author has view, moderator has view/edit/delete)
4.published

if an author creates a new node and saves it he then has access to the view/revisions/workflow tabs for the node but NO edit tab.

If i then give author node permissions: "view revisions" the edit tab reappears but these users can now see all revisions on the site (undesired)

help! - really unsure about what to try next - any thoughts??

Please open different issue for your problem. This issue related to patch that was committed long time ago.