Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I had the problem where editor users with the "administer nodes" permission could bypass revision moderation.
The attached patch uses the "revert revisions" instead of "administer nodes" permission to determine revision moderation access.
The reason being, if a user can revert revisions, they should be able to administer them ( select creation and deletion )
This more granular permission also allows users with the "administer nodes" permission to still require revision moderation.
Furthermore hides the "new revision in moderation" and the default "create new revision" checkboxes from the node form, if the user doesn't have access. This means users with "administer nodes" permission but not "revert revisions" can't easily bypass revision moderation.
Keen to discuss,
DT
| Comment | File | Size | Author |
|---|---|---|---|
| revision_moderation.module.patch | 3.6 KB | davidwhthomas |
