Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By Andrei Toutoukine on
We are a university and we do not trust each other. People must create content, which will not be immediately available to other users or guests. There will be a group of moderators who will check the content and make a decision whether to publish it or ask the author to make changes first. Everybody outside that group should have no chance to publish.
A solution which is more or less obvious to me is a module, which defines 'publish stuff' access right. It overloads hook_form_alter() to convert 'Publishing Options' fields to '#value'-s filled with default values if the user has no 'publish stuff' right.
The module overloads hook_node_api() also to prevent most of the access to unpublished stuff except for everything like '/a/b/c/*' path defined on per user basis. It means that somewhere I should define pairs uid-paths. I guess that hook_settings() is the best place. It implies 'edit users responsibilities' right which allows to associate paths to uids.
Well, Can you see any misconceptions in this solution? Can you see the better solution? I do appreciate your comments!
PS. I do agree that it would be better to trust people, but all the rectors and managers mind!
