As suggested, I propose adding some options to the UI & master module that allow for configuration of when certain roles can 'see' content.

In my use-case, a very traditional workflow, I do not want anyone without permissions to be able to view content that is not 'live'. This isn't always the case though.

So, for each content type assigned moderation, I would like the option to select when each role can see it. This may best be served by permissions.

CommentFileSizeAuthor
#1 770070-861380.patch1.87 KBdevkinetic

Comments

devkinetic’s picture

Status: Active » Needs review
StatusFileSize
new1.87 KB

Here is a patch which adds a new permission for each state of each moderated content type, except the live state.

hook_nodeapi 's case 'view' was modified to check for this permission. Also it checks if the node being viewed is the live version and bypasses the permission. I did not get to really test this, but the code is fairly straightforward.

This patch also (by effect) fixes #770070 because there are now permissions for viewing states, and only roles that are allowed to view them should see these errors.

Please be aware that after applying this patch, content may disappear from your site (from display nothing is deleted). You will have to either make it live or assign the permission created by this patch.

Jsan2020’s picture

This is a great module, and we are trying to use it as the foundation for our CMS implementation.

Has this patch been added to the newest release 6.x-1.4? I am looking through the code in the .module file, and I think I find these new lines, but I am not sure (I'm a drupal noob.)

The issue that I am experiencing is that when you create a new node of a type for which I have enabled moderation, the page is viewable by the anonymous user. There is a message: "The content of this document has not been approved and is therefor not valid yet!" but as there is no "live" version of this content, I would not want the path alias for this node to show the anonymous user anything.

I don't see permissions to prevent the anonymous user from seeing content that is in moderation (not live.)

There are the permissions that I do have, anonymous is not checked for any of them.
content_moderation module
content moderation pagetype state approve to live
content moderation pagetype state approve to none
content moderation pagetype state approve to review
content moderation pagetype state none to review
content moderation pagetype state review to approve
content moderation pagetype state review to none
content moderation view pagetype moderation history
view content moderation message created by
view content moderation message pending

eugenmayer’s picture

This patch did not yet get applied. Iam currently pretty busy with all the other modules so that content moderation is a bit behind, iam sorry.

Thank you for the contribution and feedback!

eugenmayer’s picture

Version: 6.x-1.4 » 6.x-1.5
Status: Needs review » Postponed (maintainer needs more info)

this should already have been fixed with 1.5?

Greg Varga’s picture

Version: 6.x-1.5 » 6.x-1.9
Status: Postponed (maintainer needs more info) » Active

This is still an issue in 1.9 - and in my opinion is a critical issue.

Anon users still can see "not live" nodes. The above patch adds the new permissions but does not stop anon users to access the "not live" nodes.

Ideal scenario would be to allow unpublishing content in "not live" state so they would be automatically hidden from anyone (and from views) and then allow some roles to see unpublished content based on the above permissions.

I will look into this tomorrow and post back if I got anywhere.

Suggestions are welcome.

Cheers, Gergely

eugenmayer’s picture

Status: Active » Closed (fixed)

Def. not an critical issue, but rather a new feature request. This FR did not deal with the "node permissions", but rather the meta-infromations of a node. What you want is something different ( not being able to view non-live nodes ) Please open a new FR for this