I've set up Workflow and revisioning much as described in Revisioning with state-based content access control. And I'm sure that it did work. However, I'm now finding that users can always nodes that they created, and never edit nodes created by anyone else...

Here's my set up in detail...

Platform
Drupal 6.17
PHP 5.2.11
Linux
MySQL 5.0.90 (I think!)

Roles, Users and Permissions
I have three roles of interest: Author, Editor and Administrator - with corresponding user accounts (Author, Editor and Admin). I've discovered the issue while working with Editor and Admin.

All three roles have the following permissions:

  • edit all CCK fields
  • create each content type
  • edit revisions
  • view revisions for each content type

Editor and Administrator have the following permissions:

  • unpublish revisions

None of them have the following permissions:

  • administer nodes
  • delete for each content type
  • edit for each content type
  • publish revisions

Workflow
My workflow applies to posts (but not comments) for all content types. It has three states: In draft, Under review, and Current.

The author (not the Author role or Author user) may move a post from (creation) to In draft.
The Administrator and Editor may move a post from Current to Under review.
The Administrator and Author may move a post from Current to In draft.
The Administrator and Editor may move a post from Under review to Current.
The Administrator and Editor may move a post from Under review to In Draft.
The Administrator and Editor may move a post from In Draft to Current.
The Administrator, Author (not the author) and Editor may move a post from In Draft to Current.

Anonymous user and authenticated user may view posts in all states.
No-one may delete posts in any state.
No-one may edit Current posts.
Administrator and Editor may edit Under Review posts.
Administrator and Editor may edit In draft posts.

This should prevent authors form editing their own post in the Current state. Yet they still can...

And it should allow Editors and Administrators to edit posts created by other users, when in the Under review state. Yet they still can't...

Hopefully that's enough information. But happy to provide any more...

Comments

robbm’s picture

Just realised that the word "edit" is missing from after "always" in the above...

Anyway, having uninstalled and reinstalled Workflow, then rebuilt my workflow I can no longer edit my own nodes when they're "Current". So that's seems to be one problem resolved.

But I still can't edit any other users' nodes, even when they're "Under review"...

(I've tried rebuilding permissions, but that didn't help either.)

As an aside, I get a "View" tab for nodes that the current user has created but as "View current" tab for nodes that other users have created. Not an issue, just a slight anomaly...

robbm’s picture

Title: Can always edit own nodes. Can never edit other users' nodes. » Can never edit other users' CCK nodes.

After further investigation, it appears that the inability to edit nodes created by another user only applies to nodes of content types created with CCK - even though the users have the required permissions to edit all the additional fields for those content types.

However, this issue doesn't apply to standard content types - even if they've had new fields added via CCK.

Hope that helps track the issue down...

avr’s picture

Just stumbled on this issue because I was having a similar issue.

For me, the issue doesn't involve CCK. Instead, make sure that the users & their respective role have the proper permissions for the input filter.

For example, if the creator of the node has permissions to use "Full HTML" but the editor can only use "Filtered HTML", the editor will not be able to edit the node (and therefore will not see the 'Edit' tab).

Hope this helps.

Aaron

johnv’s picture

Category: Bug report » Support request
Issue summary: View changes
Status: Active » Closed (works as designed)

Closing this old issue. D6 is not maintained anymore, I hope you have solved your problem. D6.x-1.4 is not the latest version. Perhaps is is resovled in 1.5 version.