I found that users with editorial access to the node can actually delete it.
Any way to prevent this?

CommentFileSizeAuthor
#5 1155692-adv.patch10.17 KBagentrickard

Comments

agentrickard’s picture

Priority: Normal » Major

There is, we would have to separate the 'edit' and 'delete' permissions for section editors.

agentrickard’s picture

You can do this now with an alter hook, by the way.

function custom_workbench_access_user_alter(&$access, $account) {
  // Remove the delete permission.
  if (empty($account->workbench_access)) {
    return;
  }
  $types = node_type_get_types();
  foreach ($access as $id => $data) {
    // YOUR LOGIC HERE (if needed)
    if (isset($access[$id]['delete'])) {
      unset($access[$id]['delete']);
    }
  }
}

Or by implementing hook_node_access() yourself.

Eric Yang’s picture

Status: Active » Fixed
agentrickard’s picture

Status: Fixed » Active

Let's keep this as an open request.

agentrickard’s picture

Status: Active » Needs work
StatusFileSize
new10.17 KB

Here's a start at advanced permissions. We may just want to change the data storage model in the user and role tables.

Note that the complexity of permissions means that we store a LOT of data. Up to 7 permissions per node type per user. That means the new {workbench_access_permission} table could get very large.

This suggests to me that it should be an optional feature. Perhaps in a submodule?

Note that this patch provides no UI for changing permissions.

Eric Yang’s picture

Thank you for posting the patch. It seems really helpful.

But I don't know which version of the module this patch was built against. It is not the Beta Version.
So I then just reinstalled the latest dev release from today (2011-06-09) and applied the patch manually.
but then I started getting error messages due to missing functions.

Could I either get a new 'git diff' patch against today's release OR could you please tell me which version of module this patch was built against?

Thanks a lot!

agentrickard’s picture

This is against 7.x-1.x. See the git instructions tab on the project page.

It needs work. The data storage model (database schema) is not right.

agentrickard’s picture

Version: 7.x-1.0-beta5 » 7.x-1.x-dev

Changing version.

Taxoman’s picture

+1, an important distinction.

agentrickard’s picture

This is partially fixed by #1216356: Reviewer roll with no edit permissions can edit and save draft of an article, which uncovered a dumb oversight in the permission handling.

Eric Yang’s picture

Sounds great, I am going to install the Beta8.

agentrickard’s picture

Title: How to prevent users with access to the node from deleting the node. » Allow per-section CRUD permissions

Right, so that solves part of the problem.

Re-titling this issue more in line with the patch,

robeano’s picture

Priority: Major » Minor

Lowering priority since there is a work around for now (see comment #2).