Jump to:
| Project: | Revisioning |
| Version: | 6.x-3.4 |
| Component: | User interface |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (won't fix) |
Issue Summary
I want to allow my authenticated users to make changes to nodes which will then be review by either an admin or the node author. I gave these users the permission "edit any page" and then I edited the page publishing options to automatically create revisions, etc.
The problem is, when they submit the edit form they get a notice that their revisions were accepted (and they were) but the page itself is a "Access Denied" page. If I also give authenticated users the "view revisions" permission then instead of the access denied page they correctly see their pending revision.
My ideal expected behavior is that users should be able to see their own pending revision after submitting the form but I shouldn't have to grant them access to see all pending revisions. On my site revisions are basically behind the scenes stuff and not something I want my users to have access to. Perhaps we need more fine grain permissions, like "view own revisions" in addition to "view all revisions" - unless im just overlooking a setting or something and its already possible.
Comments
#1
#2
Just to clarify -- the permission "view revisions of own page content" seems to work fine for the AUTHOR of the node. But if you want to have someone other than the original author make changes to the node then you have to grant them access to view all revisions.
#3
This is what I am trying to accomplish.
My site has a role called "Authors" - these people have 1-5 nodes each. I want them to be able to update their node as often as they want and automatically have their changes published. Also, I want Authenticated Users to be able to make changes to my specific node type, and their changes will create new revisions that must be approved by an admin or the author of that node. Authors should not be able to see revisions of other authors nodes, Im not sure how to accomplish this using this module. Authenticated users also should be prevented to seeing anybody's revisions, except their own as needed to prevent the "Access Denied" error I experienced above.
Do my needs require more fine grained access permissions or is this somehow possible using some kind of access control modules?
#4
Or at least "view revisions of all type content", yes.
You could create a taxonomy, e.g a "group" vocabulary with terms "group1", "group2" ... Then when an author creates a new page they specify the group it belongs to.
Using TAC or TAC-Lite you can then assign view, edit and delete access rights for a role with respect to "group1" that are different from the access rights that role has for "group2".
See http://drupal.org/node/408018
TAC-Lite also has the option of assigning these rights not just by role but also by individual user.
On further reflection, I don't think this is good enough, as these access grants have "node" scope, rather than "revision" scope.
So it looks like what you need is indeed a refinement of the existing "view revisions of own content" permission, whereby "own" doesn't mean "author of the node" as it currently does, but "author of the revision".
#5
Marking as "feature request".
#6
This would be a great feature if you can find time to add it.
In the meantime I am using a rule to redirect the user back to the node after they submit their update. This prevent them from getting the "Access denied" error. This would actually be an ideal solution if I could also print a message on the screen to let them know that their changes are pending moderation, because as of right now they really have no confirmation message that anything went through after the page redirect.
#7
Great that you found a workaround of sorts...
Would you like to share with us how you set up the rule? Others might be interested.
".... find time to add it" is indeed a greater challenge than the technical issue at hand.
As it is so often... Will do my best...
#8
I would also like to have this option, as my users have been complaining about 'access denied' errors for a while now. I've only just figured out the problem :)
Alternatively, an option to have users see the latest revision of a node if it is their own, or the current revision otherwise, would be great. I thought this was the 'Links to view content default to:' option, but that turns out to do something else.
Thanks for the rules module idea, I think I'll try to set up a redirect to a page explaining why they can't see their content, as a temporary workaround.
EDIT: just thought of another way (not sure if this is possible). If there is a 'grant permission' action, I could use a rule to grant the user the permission to view the revision he just submitted. Hopefully revisioning will then acknowledge this new permission and display the latest revision of the node to the user (i.e. his revision) when he views it, rather than the current.
EDIT2: I suppose this is not possible as Drupal permissions are assigned to roles, not users. The 'user permissions' module doesn't seem to have rules integration, either.
#9