Hi
Here's what's going on:
I have three Workflow states set up (Draft, Review and Approved) so that I can have an editor functionality. In the "access control" matrix for workflow I have set it up so that only editors and admins can edit or delete content once it has entered the "Approved state".
I am using Rules to trigger certain actions (sending of mail and such) when the workflow states change.
All this works like a charm, bar the fact that the authors still can edit their content through their workspace.
Now, in the Core permission matrix the authors can edit their own content... but I thought the workflow settings would override that.
Does the workspace module ignore the workflow settings in terms of permissions or is it the fact that I use Rules to control the actions that disturb things?
Any tips would be greatly appreciated
Yours
Omkara
Comments
Comment #1
hutch commentedWorkspace permissions are handled by the function workspace_access(), presumably that would have to be modded to handle additional permissions.
Comment #2
Omkara commentedHi Hutch
Thank you for the reply.
I looked at the function:
I'll be the first to admit that I don't know much about how things work "under the bonnet" here, but it seems that this function just determines if you get to the see the workspace or not and if it is to list content and/or comments and/or files.
Following a tip from another thread I tried to remove edit rights from the Core permissions to see if the workflow permissions would then "surface", but no luck.
BTW, is this really a workflow / node access issue... and so might be slightly misplaced here?
Yours
Omkara
Comment #3
hutch commentedI would have assumed that the workflow permissions was another layer that goes on top of existing permissions, eg if a user 'owns' a given node then they have write permissions unless overriden by the state imposed by Workflow rules. The current state that a node is in must be recorded somewhere and there is probably a function that will provide information on that state, or it may even be in the $node object, I don't know offhand and haven't got an example I can delve into. The devel module has a useful function dd(). If you added dd($node) to your code somewhere and had a look in /tmp/ you might find out more.
If you can find out how the Workflow rules are defined you could add code to the workspace_build_rows() function to prevent that node from being accessed for editing.
I just downloaded the Workflow module and see that there is a function workflow_node_current_state(), might be worth looking at.
Comment #4
Omkara commentedHi
I've made a hack in the workspace_build_rows function (workspace.module) that checks the workflow permissions and alters the variables that decides if the edit and/or delete links will appear in the list. However, if the user doesn't have edit/delete rights for the node type, then the links won't do anything ... and vice versa; if a user have edit/delete rights and know the node id and the path to edit and/or delete (for example ..../node//edit) then he or she can indeed edit/delete his or her own node.
Also, this does not seem to be very elegant at all.
Unless someone has any really good ideas, I think I'll try posing these questions in a workflow module thread.
Yours
Omkara
Comment #5
verta commentedsubscribing, ... (and updated title)
Comment #6
frank ralf commentedThanks for the suggestions and the code.
Workspace is intended as a lightweight module for providing easy access to a users content. Handling a full fledged Workflow is possibly beyond its scope so should indeed better be handled by the Workflow module(s).