Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By necroflux on
I was having problems with my Drupal install not limiting revision capabilities to regular registered users even though said capabilities had been disabled via the Access Control section of the admin menu. So after checking the code in node.module I found that on line 882
$revisions_access = ((user_access('view revisions') || user_access('administer nodes')) ...
needed to be changed to:
$revisions_access = ((user_access('view revisions') && user_access('administer nodes')) ...
As far as I can tell this doesn't affect any other functionality, but I haven't tested it very extensively yet.
Comments
Added info
By the way my motivation for doing this was to completely hide the revision functionality from non-moderator, non-admin users so that users with malicious intentions will not know about the existence of the past revisions (I also deleted all delete functionality from the user menu, only the admin can delete posts), let alone be able to actually go back to previous revisions. In my mind this functionality should be limited to admin only by default.