Posted by zeezhao on May 12, 2010 at 1:28pm
3 followers
| Project: | Content Access |
| Version: | 6.x-1.2 |
| Component: | User interface |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
Please does anyone know the best way to do this i.e. Lock or Freeze a node from any further edits in D6. This is necessary, when you do not want to enable further changes but still allow users to still view the node.
I can't seem to get it done with content_access, since at a node level the "edit content" tickbox can not be changed, since the initial edit access was for a role...
Is this possible at all? Or is it clashing with something else.
A "Lock/Unlock" link along the lines descibed here (http://drupal.org/node/203377 -- although D5) would be great.
Thanks
Comments
#1
Forgot to add that I already have "Enable per content node access control settings" set on content type form, and "Give content node grants priority:" is set to highest level.
#2
Content Access and Rules can help you here.
#3
Thanks. I solved it last year using this:
http://drupal.org/node/894570#comment-3377830
#4
Thanks a lot for your quick reply and sorry for my late reply.
#5
Could I get a little help with this? I have a similar situation to the OP: initial edit access for content type was for a role but now I want to revoke edit abilities for the node author while maintaining the role of the user and overall permissions.
Per #2:
I've created a rule that revokes update access for the content author upon updating the node. However, after the rule fires the author can still edit. I've use a Display Message to confirm the rule is firing.
Per #3:
Where did you place the referenced code? Is that something I can put into a Custom PHP Rules Action?
#6
Here's an export of the rule per #2.
#7
In relation to #3 it was placed in a custom module, specific to my case.
#8
Looking into this more...if I grant a user, node-level update permissions I can successfully revoke those permissions
positionswith the above rule. Howeva, because that user has a role specific permission, they still have edit capabilities.Given the above, can someone tell me if the following statement is true?
If your user's role has edit permissions on a content type, Content Access does not enable you to revoke edit rights for that user (without changing your role-based permissions).
Edit: I should add that it is the node author I am trying to lock out of edits.
Edited: for a bit more clarity but I see the confusion.
#9
I didn't clearly understand #8, but if you look at Content Access core permissions, you can give those permissions to the trusted users (in most cases admin) so he can grant/revoke whoever he wants. Without this permission (even with edit content type permission) any user can't change access stuff.
#10
I give up. My conclusion thus far is that it is nearly impossible to revoke edit permission for the author of a node (without changing the author). This blog post identifies most of the relevant Drupal.org issues out there:
http://mblog.lib.umich.edu/DataDiscussions/archives/2011/12/lock_a_node_...
#11
I have done this before using content_access + acl + cck's field permissions in D6. But as mentioned above I used a custom module to add the necessary permissions based on my conditions and to specific users i.e. something along the lines of:
//have some logic to get $uid_to_grant_premisions....
$settings = array('ops' => array('view')); // for view only access
$account = user_load($uid_to_grant_premisions);
content_access_action_acl_grant_access($node, $account, $settings);
....
the acl module enables revoking for specific users.
Also, note that if you are using the field_permissions module, I think there is an option to make fields editable on creation only.
All this was in D6 though.
#12
Thanks for the follow-up, Zeezhao. To be clear, you got this working in situations where the user was also the author of the node?
I used similar code - content_access_action_acl_revoke_access() - in a custom PHP rule and could revoke per node update/edit access (as listed on the Content Access tab of the particular node) but that didn't affect update/edit permission for the user. I assume the failure to revoke permissions is because the user was also the author. Or, I'm doing something wrong.
#13
Yes, I did.
Assuming your content type is called "my_content_type", and you have content_access + acl modules installed:
1. in the content type settings via admin/content/types/my_content_type/access:
have only “view own content” set for the
2. at permissions setting via admin/user/permissions/my_content_type_id
(where my_content_type_id is the numberId for the role)
set only “create my_content_type content” for the role
If you do this, users in the role will be able to create the content type, but after creation will only have view-only access.
Then whenever you need to grant additional permissions, use code above.
#14
SOLVED!!
Wow, I had Edit Own Content checked for Authenticated Users at the content type level (admin/content/types/my_content_type/access) which was causing the problem. After removing that, I can add/remove edit permission for the author.
Thanks for following up zeezhao!