| Project: | Publish Content |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | malaussene |
| Status: | closed (fixed) |
Issue Summary
I ran into an issue when implementing the content publish module on a site running workflow, workflow access, and module grants. The issue seems to be caused by the permissions being implemented with a access callback in the hook_menu_alter. Changing it to a hook_access call allows publish content to play nicely workflow access and based on my limited testing it didn't break any of its existing functionality. Can someone test and confirm the attached patch?
The exact scenario I was having issues with are as follows:
1. Create a content type 'event'
2. Create a content type 'video'
3. Enable the following modules: workflow, workflow access, module grants, publish content
4. Create a role 'event publisher', 'event author', and 'video admin'
5. Create an event workflow according to http://drupal.org/node/408052
6. When setting up the workflow, make sure 'event publisher' and 'event author' can view events in draft state
7. Grant 'publish video content' and 'publish own video content' to role 'video admin'
8. Login with an 'event author' user and create an event
9. Logout and login with an 'event publisher' user
10. Try and view the node you just created
11. Apply patch and it should now let you view the node in draft state
If you have trouble recreating the issue or if you have any trouble with the patch please let me know and I'll take a look at it.
| Attachment | Size |
|---|---|
| publishcontent.patch | 682 bytes |
Comments
#1
Thanks beday00,
could you test the slightly modified patch on your setup.
you will need to run update.php or rebuild the menu.
#2
... and the missing patch
#3
This issue affects a lot of modules... for example OG. Does the patch work?
#4
I just tested the patch that malaussene posted in comment #2 and it resolved the issue for me.
#5
I agree that the hook_menu_alter should be removed. This module should not grant view access to a node that a user with publish/unpublish permissions should not otherwise view.
If an administrator wishes to expose unpublished nodes to users without "administer nodes" permission, they should do so through other means, e.g. a view which shows unpublished nodes.
But why do we need
function publishcontent_accessat all?hook_access governs permissions on node types declared by the module, but this module doesn't define any node types, hence publishcontent_access will never get called.
Please review my attached proposed patch.
#6
This is in DEV - will roll a new release soon.
#7
Automatically closed -- issue fixed for 2 weeks with no activity.