to repeat what I seen:
1. create two users: user A and user B with same role.
2. give 'create' and 'edit' permission of a term to the role.
3. login as user A, create a node which status=0.
4. login as user B, user B can not edit the node created by user A.

Comments

keve’s picture

Category: bug » support
Status: Active » Fixed

only users with 'administer nodes' permission has right to access nodes with status=0.
(all rights granted by access type modules (eg. OG, TAC) are IGNORED if status=0)

timoratd’s picture

Thanks, It is great to know.

I created 'user C' without 'administer nodes' permission, but with 'edit any story content', the user is able to edit the node with status=0, but with 'edit any story content', the user is able to edit nodes from any terms.

Let me explain why this is important to us:

we have a process to publish an article: add->edit->approve->publish
the node should not be 'status=1' before the last step.

xjm’s picture

Re #2, this is the way core permissions behave (outside TAC's control). You might want to take a look at the workflow module:
http://drupal.org/project/workflow

It allows you to add workflow states so that (e.g.) users can create and edit content in a "review" state before it is fully published.

whikloj’s picture

I have just come across this issue and I am wondering how Workflows can solve it.

I currently have a workflow setup so my authors can "Save as draft" (unpublished) or "Publish" (published).

Now I see that "Save as draft" needs to be "Save (hidden)" because no one else can edit that author's nodes if they are unpublished.

But that means I will have to publish all my nodes, so I am relying on my views (etc) to restrict by workflow?

I think I am missing something...

edit
I was missing the Workflow filter, so I think I understand now. Except won't these nodes be viewable by anyone? Are we just assuming they won't get to them if they are not in a specific list? Or can I restrict a certain role (say anonymous) from accessing any content in a "Hidden" state?

xjm’s picture

I am fairly certain you can use workflow to restrict access to nodes in certain states. There used to be a separate module called workflow access, but I think this has been merged into the main module.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.