I set all my content type's default moderation state as "Published".
I added the transitions: Draft ->Published, Published->Draft, Published->Needs Review

I gave the role Author the permissions:

  • 'moderate content from draft to needs_review' => TRUE,
  • 'moderate content from needs_review to draft' => TRUE,

I gave the role Publisher the permissions:

  • 'moderate content from draft to needs_review' => TRUE,
  • 'moderate content from needs_review to draft' => TRUE,
  • 'moderate content from needs_review to published' => TRUE,
  • 'moderate content from published to draft' => TRUE,
  • 'moderate content from published to needs_review' => TRUE,

The Publisher role has no problem with setting the moderation state.

But.....
When creating and updating content as the Author, I am unable to set the moderation state. It saves as Published (which is the default).
This is a big flaw since those without publishing rights should not be able to Publish content.
What I saw missing in the code was the additional validation to make sure if the moderation state is Published, it should not allow users with non-publishing rights to still publish, but revert the moderation state to Draft.

I am not sure if this is a known issue since I could not find anything in the issues list on this subject.

I inserted this within the workbench_moderation_form_node_form_alter() function.

// If $moderation_state is "Published" make sure user has permission to transition
  if ($moderation_state == workbench_moderation_state_published() && !(user_access("moderate content from needs_review to published", $user))) {
    $moderation_state = workbench_moderation_state_none();
  }

This will check that if the moderation state is set to "Published" and the user does not have the permission to transition from needs_review to published (I used this since needs_review to published is a default transition), then the moderation state will be set to "Draft"

Let me know if there is another approach to this issue. Thanks!

Comments

AdamPS’s picture

Category: Bug report » Support request
Priority: Major » Normal
Status: Active » Fixed

I'm new to this module, just trying to evaluate it for a site, hence scanning the major/critical open issues.

Well my 2c worth would be that the module has obeyed the default permission, so it's not a bug. However the OP would like to know how to make the default vary depending upon permissions of the author.

It looks like the code from the OP is specific to the moderation states on his website, so not possible to check in. However it has solved the problem for the OP.

Another possible approach might be to use rules or a hook. If a node is newly created, and the owner has permission to publish, then do so.

Seeing as the OP seems to have a working solution, I'll mark this as a fixed support request. Please re-open if needed.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.