Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.admin/workbench currently displays a "Create content" tab even to users who do not have permission to create any content. When they click on that tab, therefore, all they see is a "not allowed" page. This is needless and may be confusing.
| Comment | File | Size | Author |
|---|---|---|---|
| #6 | content-creation-permissions-1354320-6.patch | 6.34 KB | Sheldon Rampton |
| #4 | create_access_1354320_4.patch | 791 bytes | stevector |
| #2 | workbench_create_content.png | 51.67 KB | stevector |
| #1 | content-creation-permissions-1354320-1.patch | 1.02 KB | Sheldon Rampton |
Comments
Comment #1
Sheldon Rampton CreditAttribution: Sheldon Rampton commentedI'm attaching a patch with a workbench content creation access function that checks to see whether users have permission to create content before displaying the tab.
Comment #2
stevectorHi Sheldon,
Thanks for the patch. I'm not sure if we're seeing the same thing. I do not see an Access Denied at admin/workbench/create. I see this message when signed in as a user who doesn't have permission to create any types of content.
http://drupal.org/files/workbench_create_content.png
Access to this path is restricted to roles with the 'access workbench' permission. Do you have this permission assigned to roles that don't also have permission to create any type of node?
Comment #3
Sheldon Rampton CreditAttribution: Sheldon Rampton commentedHi stevector. Yes, that's the message I'm seing. Yes, I do have the "access workbench" permission assigned to roles that don't also have permission to create any type of node. I'm building a job postings website in which one user role ("administrator") is responsible for initial creation of unpublished job nodes, which are then sent to other users with the role of "content editor" to actually enter the details about the job, after which another user role ("approver") is responsible for final review and publishing the jobs. Each of those roles therefore needs to be able to use the dashboard, but only one of them needs to be able to create new job nodes.
For users who don't have permission to actually create any news nodes, the "create content" tab is unnecessary and possibly confusing, which is why I think my patch improves the UX.
Comment #4
stevectorThanks for the description Sheldon.
I'm weighing a couple of factors on this.
- This tab may be used for more than node add links. hook_workbench_create_alter() can be used to modified this page. Workbench Media is the only module I know of that implements that hook. There may be others. So checking node add permissions may be incomplete. There has also been discussion of placing create links on this page for blocks, users etc.
-admin/workbench has an alter hook and can also be overridden by Page Manager. I think this callback should have a Page Manager task plugin too. This approach would make it easier for any site to set arbitrary access conditions.
-The Page Manager approach is essentially a UI on top of hook_menu_alter(). If you need this changed immediately, I recommend using hook_menu_alter() in a custom module.
All that being said, I think your approach can be simplified a bit: http://drupal.org/files/create_access_1354320_4.patch
Comment #5
Sheldon Rampton CreditAttribution: Sheldon Rampton commentedHm, that all makes sense. I didn't realize that _node_add_access() existed. I'm not sure how to modify my patch so it plays well with hook_workbench_create_alter(). Maybe there could also be a hook_workbench_create_access_alter() function which enables modules that implement hook_workbench_create_alter() to define their own permission conditions?
Comment #6
Sheldon Rampton CreditAttribution: Sheldon Rampton commentedUpon further consideration, I realized that hook_menu_alter already provides a way that modules can define their own permission conditions, so a hook_workbench_create_access_alter() function wouldn't be an improvement. However, I've defined a hook_workbench_create_access() which lets modules add additional permissions to the list of user permissions that would enable the Create Content tab. I've added a usage example to workbench.api.php.
I also took a stab at a Page Manager task plugin for admin/workbench/create, modeled after the myworkbench.inc file that already exists. Warning: I've never written a Ctools plugin before, so I'm not 100% sure I did it right.
Comment #7
agentrickardComment #8
bbinkovitz CreditAttribution: bbinkovitz commentedI'm confused about the last patch. Is it supposed to do anything? When I tested it with a user who could view the workbench but not create content, I still saw a tab for "Create content" that then gave a message saying the user cannot create any content.
Comment #9
hass CreditAttribution: hass commentedWouldn't it not easier just to check, if the create tab has any content and only show the tab in this case?
Comment #10
bbinkovitz CreditAttribution: bbinkovitz commented@stevector's patch works fine and my previous errors were because I made a mistake.
Comment #11
bbinkovitz CreditAttribution: bbinkovitz commentedCommitted @stevector's patch. Hash: 6856e4a5b445ee802c898d27347bb45eb44ea43e. The perfect is the enemy of the good. Leaving issue open.
Comment #12
agentrickardPlease remember to update ticket status on commits ;-p.