Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Currently, all users who have a certain role are allowed to flag/unflag.
But some users want refinements:
- One wants to be able to flag his nodes only.
- Another wants the opposite: to be able to flag only nodes that aren't his.
- Yet another wants to allow users to flag nodes but not to unflag them.
A relatively simple mechanism to allow all this is to introduce a 'flag_veto' hook:
/**
* Implement this hook in your module to disallow a 'flag' or 'unflag'
* operation. This hook is called before a flag link is shown, or before
* a flag/unflag operation is carried out. If your hook returns FALSE,
* the action won't be allowed, or the flag link won't be shown.
*
* @param $flag_action
* Either 'flag' or 'unflag'
* ...
*/
function mymodule_flag_veto($flag_action, $flag, $content_id) {
// EXAMPLE: How to disallow flagging a node which isn't ours
global $user;
if ($flag->content_type == 'node' && ($node = node_load($content_id))) {
if ($node->uid != $user->uid) {
return FALSE; // veto this operation.
}
}
}
Comment | File | Size | Author |
---|---|---|---|
#51 | flag_comment_access.patch | 4.38 KB | quicksketch |
#40 | NoRulesSections.PNG | 19.36 KB | xn2001 |
#39 | flag-access.png | 45.47 KB | quicksketch |
#36 | flag_access_restrictions.patch | 43.1 KB | quicksketch |
#35 | flag_access_restrictions.patch | 40.44 KB | quicksketch |
Comments
Comment #1
mooffie CreditAttribution: mooffie commentedTo be exact, that user asked to be able to flag nodes only if another flag was already set on them (e.g., to flag as 'completed!' nodes that were flagged as 'a goal of mine'). This too will be possible with the proposed hook.
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedWhere would you put this code?
Comment #3
mooffie CreditAttribution: mooffie commentedtxcrew, this is only an idea for a feature. It doesn't exist yet. You would put that code in a custom module. It's customary in the Drupal world to create a little module specific to your site that implements various hooks to refine the way Drupal behaves. This would be just another hook.
Comment #4
Anonymous (not verified) CreditAttribution: Anonymous commentedAh, sorry about that. Thanks for clearing it up.
txcrew
Comment #5
quicksketchI wouldn't mind seeing some of this functionality built into Flag module directly. Adding in a hook would probably be icing on the cake though. Maybe we can name the hook "hook_flag_access()", which will fit in a little better with the typical Drupal terminology.
All access settings could probably be grouped in a fieldset in the Flag configuration:
Comment #6
gausarts CreditAttribution: gausarts commentedSubscribe. Thanks
Comment #7
Flying Drupalist CreditAttribution: Flying Drupalist commentedsubscribe. :)
Comment #8
aaron CreditAttribution: aaron commentedExcellent idea. As quicksketch noted, #319224: Support for flagging flaggings would be a use case for this. If hook_flag_access were in place, a module might be fairly easily built, using that API.
However, we'd probably need more than just access. In this specific use case, we'd want to allow each user to be able to flag the other user, but only mark the flag as active if both have marked that flag. On the other hand, maybe that would be better as its own thing, as it might just be a third "flag". (Does the Flag module have an API allowing for the easy creation of internal flags? Would that be desirable for a case like this?)
We'd also want to be able to notify the other user about the actions, although that could happen under the proposed API hook.
Maybe a hypothetical Flag Reciprocity module could work like this:
Thinking about it more, I guess we should get this hook in there, start building another module, then see what more we might want from a Flag API.
Comment #9
mooffie CreditAttribution: mooffie commentedThis issue has several sub-issues. I've just opened an offshoot issue:
#322034: Have a $flag->access() method
Comment #10
mooffie CreditAttribution: mooffie commentedA reminder:
All access checks need to be duplicated in the applies_to_content_id_array() method, where, for efficiency reasons, we don't load the nodes. (This is used for 'table' Views, for example. See documentation of this method.)
Comment #11
Apollo610 CreditAttribution: Apollo610 commented+1 for these 2:
* to be able to flag only nodes that aren't his.
* to allow users to flag nodes but not to unflag them.
Comment #12
johnnytyranno CreditAttribution: johnnytyranno commentedFor a global flag, it would also be great to have the option to only allow a node's author or the administrator to unflag the node.
Comment #13
robertdjung CreditAttribution: robertdjung commentedsubscribe. interested
Comment #14
Dave ReidSubscribing. I'm looking into writing a 'spam report' flag module for drupal.org, and it would require to not allow users to unflag items. It's a one-time thing.
Comment #15
RoboPhred CreditAttribution: RoboPhred commented+1, I will try my hand at making a patch for the access hook.
Not marking as assigned until I manage to get something concrete though.
Speaking for a flexible API, should there be a case where a flag should be hidden from the user? What about with global flags, should we support a case where we would want to let others see the flag but not access it, or hide it from those without access?
Probably the best way to deal with this would be to add a 'view' op in addition to flag/unflag
Comment #16
tobiberlinsubscribe
Comment #17
manop CreditAttribution: manop commentedsubscribe. interested
Comment #18
gunzip CreditAttribution: gunzip commentedsubscribe.
i need to be able to flag other users but prevent theme to flag themselves,
ie. "become a fan of..." but not "become a fan of yourself..."
Comment #19
netentropy CreditAttribution: netentropy commentedyes this is very much needed. if you are using it to flag bad content, then someone could just unflag their own content and no node would get reviewed.
Comment #20
mooffie CreditAttribution: mooffie commentedMarking #429426: only author of a node to flag comments a duplicate of this.
Comment #21
minus CreditAttribution: minus commentedyes this is very much needed! :)
If you use it to mark a node as sold, and the only user who can use/see that function is the node creator. When the node is mark sold only a message should appear on the node, not the unflag option :) And what bjraines said about reporting/abuse :)
Flagmodule <3
Comment #22
mooffie CreditAttribution: mooffie commentedMarking #455268: New permissions: view all flags, clear all flags a duplicate of this one.
Comment #23
aharown07 CreditAttribution: aharown07 commentedSubscribing. I think all of the above sounds very useful and would provide a much cleaner solution than what I have at present (and much lighter than some of the alternatives)
Comment #24
RicardoJBarrios CreditAttribution: RicardoJBarrios commented+1 subscribe to it
Comment #25
Anonymous (not verified) CreditAttribution: Anonymous commented#19: If flags are not set to global then they can't do that, can they?
Comment #26
Mtt-2 CreditAttribution: Mtt-2 commentedSubscribing as well :
* to be able to flag only nodes that aren't his.
* to allow users to flag nodes but not to unflag them.
Comment #27
Mtt-2 CreditAttribution: Mtt-2 commentedI shared here a code snippet that was stupid. I deleted it
Comment #28
ordually CreditAttribution: ordually commentedSubscribing. Particularly interested in:
* to be able to flag only nodes that aren't his.
* to allow users to flag nodes but not to unflag them.
Comment #29
jontyler CreditAttribution: jontyler commentedSubscribe. Interested in:
* author only can flag his own nodes (sold flag)
Comment #30
dhalgren CreditAttribution: dhalgren commentedParticularly interested in:
* to allow users to flag nodes but not to unflag them.
Comment #31
highvoltage CreditAttribution: highvoltage commentedVery important for using flags as a reporting/moderation tool for abuse/bad comments/broken pages etc etc.
Comment #32
quicksketchThis patch implements all the functionality described in #5. It turned out to be a much bigger patch than I expected, because this additional functionality requires quite a bit of additional validation, as well as a database update.
Changes:
- The "roles" are no longer stored in a dedicated database column. They're now merged into "options" with everything else.
- $flag->roles is now an array with 2 keys: $flag->roles['flag'] and $flag->roles['unflag'].
- Restructuring of the admin form to group together "access" options together.
- Added the option for "unflag_denied_message", which will be shown if the user has access to Flag but not to Unflag (such as "Thanks for flagging!" or something similar).
- The admin form was getting unwieldly with the new text fields, so I broke out link-specific textfields into a new section. This ultimately resulted in link-specific options becoming a universally supported functionality, so other contrib modules can create new link types and have a place for their custom options.
- Users must have "flag" permission to have the "unflag" permission. This made it so that we didn't have to drastically change our flag access checking, since we can assume "flag" is the minimum permission a user must have.
Comment #33
quicksketchThis update adds support for the one not-solved situation described in #18:
And it fixes some problems with the unflag_denied_message being required when it shouldn't be.
Comment #34
quicksketchRevised patch to accommodate for #589562: $flag->validate() should return a list of validation errors.
Comment #35
quicksketchEr, right here's the revised patch.
Comment #36
quicksketchUpdated tests to pass with the new changes. We need to add the access check tests eventually also.
Comment #37
quicksketchI committed the patch in #36 so that it won't block other issues due to the size of the changes here. Between this, the export patch and anonymous flagging, this nearly wraps up the changes before a 2.0 beta.
We really need tests for this functionality though, switching users and trying out as different roles is a very tedious process, so I'm marking needs work until that is completed.
Comment #38
xn2001 CreditAttribution: xn2001 commented@quicksketch
I don't see this section:
Comment #39
quicksketchIt's actually a set of radio buttons, since I didn't want users to have to check both boxes to get "all content" as flaggable. It also would cause a problem if neither box was checked, which would be "no content" was flaggable. Anyway, screenshot attached of actual functionality.
Comment #40
xn2001 CreditAttribution: xn2001 commented@quicksketch
I got the nightly build flag-6.x-2.x-dev.tar.gz.(Last updated: September 28, 2009 - 12:16)[http://ftp.drupal.org/files/projects/flag-6.x-2.x-dev.tar.gz]
And there is no "Rules" section.
Probably, it is not the latest build. I will try again tomorrow.
Comment #41
quicksketchxn2001, it looks like you've got the right version, since the table for flag/unflag was added at the same time. It's probably because the flag you're editing is a comment flag, not a node flag. The functionality for comment flag's based on authorship has not been implemented.
Comment #42
xn2001 CreditAttribution: xn2001 commented@quicksketch,
You are right. I was editing a comment flag.
What I was trying to do is to implement a "question and answer" flagging system.
The node is the question and 1 of the comments is the answer. The system would only allow the node(question) creator to flag 1 of the comments as the answer.
Can Flag module be extended to do what I need or should I forget about Flag module and create my own module?
thx!
Comment #43
quicksketchHm, that's an interesting use-case that I hadn't thought of. Sounds like the options for comments should be implemented as such:
So for your situation you could use "Users may only flag comments of nodes they own". However, this would not limit the number of "correct answers" to 1. However you're only a single step away from having exactly what you want, for which I'd recommend implementing hook_flag() and unflagging other comments within the same node though some custom PHP.
Note this code is completely non-functional, but a good idea of how it would be done:
Comment #44
xn2001 CreditAttribution: xn2001 commentedThx quicksketch.
Let me know when it is committed. I will try it out.
Can I know why you put 'may' in 'Users may only flag...' . Wouldn't 'can' be more affirmative?
Comment #45
quicksketchThe difference between may and can gets pretty fuzzy. Here's a reference that seems to have some pretty good rules: http://www.businesswritingblog.com/business_writing/2006/08/can_vs_mayno...
The summary:
I would say that a user is always "able" to flag a piece of content (if they were allowed), there's nothing physically preventing them from doing the flagging. So my use of the word "may" is to indicate permission.
I didn't reference that website when I chose the terminology, I just based it on the frequent elementary school correction:
It's loosely the same thing, where the user is always capable, but you as the administrator are granting permission.
Comment #46
xn2001 CreditAttribution: xn2001 commented@quicksketch
Do you intend to implement the use case mentionned in your post#43?
Comment #47
quicksketch@xn2001 yes eventually, but things have gotten crazy in my day-job and code freeze is this week. It will probably be a while before I can return to the Flag queue.
Comment #48
Flying Drupalist CreditAttribution: Flying Drupalist commentedIs this:
http://drupal.org/node/224685
Being implemented?
Comment #49
quicksketch@Flying Drupalist: That's already done as per #36. Download the 2.x version to try it out (click "View all versions" on the project page).
Comment #50
Flying Drupalist CreditAttribution: Flying Drupalist commentedThanks, def will. Made me uncomfortable that it wasn't on the frontpage, but since you recommended I will try.
Thanks again.
Comment #51
quicksketchI added this patch for comment functionality as requested #39-43.
I'm splitting the tests out into a separate issue #616524: Add tests for Flag access for own/others' content. So we can mark this as fixed. Please open a new issue for any problems discovered with the access system.
Comment #52
xn2001 CreditAttribution: xn2001 commented@quicksketch
Thank you very much.
Comment #53
milham CreditAttribution: milham commentedHow about to add a user role that can override all flag? (global and no global flag?)...
Comment #55
greg.harveySlightly confused, this is marked as a 6.x-1.x-dev issue, but I do not see this UI in the latest 6.x-1.2 version, and it is packaged after this issue was closed. Does this mean the work above went in to 6.x-2.x-dev and I should use 6.x-2.0-beta2 if I need it? Tentatively altering the version number, assuming I'm correct, to save others being confused too.
Edit: 6.x-2.0-beta2 seems to have this feature, so seems I was correct to change the branch, if only for reference. =)
Comment #56
inuninu CreditAttribution: inuninu commentedIs it possible to allow flagging a node with flag 2.x only if the actual logged in user has a certain uid?
At the moment I've got a big problem because all the possibilities with giving access to flag a node based on roles, or giving access only if it's the author of a node, or not the author of a node doesn't fit my needs.
I have to work with rules to unflag nodes, that a wrong user has flagged and that's really annoying.
I've looked up the API for PHP and also found of course a lot of stuff like this http://drupal.org/node/322034 ,
but could it be possible to work out a method that I can implement in for e.g. the node.tpl like:
Or do I have to find another module? But which one? I've tried to find another solution, but the only way would be to change the ownership of a node, which is not the way I wanna go now.
Thanks
Comment #57
lameei CreditAttribution: lameei commented+1
Comment #58
pribeh CreditAttribution: pribeh commented+1 for disallowing end-users from unflagging content, aka "like" on Facebook.
Comment #59
mansspams CreditAttribution: mansspams commentedSystem set wrong status, this is in dev...
Comment #60
pribeh CreditAttribution: pribeh commentedHi mansspams,
Which dev is this in? This is set to 2.x but there is currently only a 2-beta (2.3 latest) release and no devs that I can find. I can't find this option in the 2.3-beat release.
Thanks,
Comment #61
quicksketchWhen you configure a flag, there are separate permissions for "Flag" and "Unflag" for each role. Just remove the ability to Unflag while keeping the Flag permission.
Comment #62
pribeh CreditAttribution: pribeh commentedWicked, Thanks quicksketch!
Comment #64
Gabriel R. CreditAttribution: Gabriel R. commentedHaving separate Flag and Unflag permissions is an incredibly useful.