I'm having issues getting scheduled content to go from "unpublished" to "published" by setting up a lightweight cron job to run * * * * * curl -s -o /dev/null "http://example.com/scheduler/cron/92a628f76f3efefacd98"
or by hitting "http://example.com/scheduler/cron/92a628f76f3efefacd98"
directly in the browser as an Anonymous user.
If I hit that scheduler/cron/{access_key}
link as a logged in user with permissions to view unpublished nodes (ex: Blog Post: View any unpublished content), then it successfully publishes the content according to the schedule.
An important part of this is that I'm using View Unpublished 8.x-1.0-alpha1 to prevent Anonymous visitors from being able to view unpublished content prior to Scheduler publishing it. So that module's functionality seems to be incompatible with Scheduler being able to use \Drupal::entityQuery('node')
to return the list of node id's that will be published.
If I turn on this permission: "View any unpublished content" for Anonymous users, the lightweight cron job successfully publishes the content. However prior to that, I don't want Anonymous users to be able to view unpublished content... so turning on that permission is precisely the antithesis of what I'm trying to accomplish with the Views Unpublished module (i.e. prevent Anonymous from viewing unpublished content).
So in /sites/all/modules/contrib/scheduler/src/SchedulerManager.php's publish()
...
Anonymous entityQuery returns no node id's that are available to be published:
Logged in with permissions to View any unpublished content does return nid's that will be published:
Any advice or recommendations for how to deal with this scenario of needing to run the lightweight cron Anonymously while also not allowed Anonymous users to view unpublished content?
Comment | File | Size | Author |
---|---|---|---|
#7 | scheduler-rc-works-with-views-unpublished-and-workflow.png | 11.9 KB | wesleymusgrove |
entityQuery-populated-nids.png | 20.06 KB | wesleymusgrove | |
entityQuery-empty-nids.png | 17.01 KB | wesleymusgrove |
Comments
Comment #2
jonathan1055 CreditAttribution: jonathan1055 as a volunteer commentedHi Wesley,
This might sound like a silly question but is this the only reason you have installed View Unpublished? If so, then you do not need the module. Anonymous users by default cannot see any unpublished content. So unless you have a need for finer granularity over which authenticated users can see other users unpublished content you may not need it at all. Apologies if this is wrong and you already know all about that module.
I recall we had an issue similar to this before, but I can't see it in the open queue. I'll do some searching.
Jonathan
Comment #3
wesleymusgrove CreditAttribution: wesleymusgrove commentedHi Jonathan,
Not silly at all! I feel silly having to use that module for such a simple reason. I agree that without the View Unpublished module the default functionality should prevent Anonymous users from seeing it, but in my experience, that's not the case. I have a really basic, almost out of the box, Blog Post content type, whose content is still directly accessible by Anonymous users when those nodes are unpublished. I am using the Workflow module to manage content moderation because the core Content Moderation module wasn't able to unpublish a node once it had been published see #2825579: Unable to Publish/Unpublish from Content Admin Screen when content_moderation enabled. I guess it's possible that Workflow could be enabling Anonymous users to view unpublished nodes, but I haven't tested that.
Comment #4
wesleymusgrove CreditAttribution: wesleymusgrove commentedSide note: that reminds me of the real reason I'm using View Unpublished, so that users of various roles involved with the content moderation workflow should be able to view/edit unpublished nodes that are not their own, like sending a node from creation -> draft -> review -> published.
So I'm testing this now with View Unpublished uninstalled. I have 3 roles: Content Writer, Content Reviewer, Content Publisher. As a Content Reviewer, I'm able to edit a Content Writer's node on the admin page, but not view it on the front end. I can "preview" it and swap between teaser and full view modes, but not view it on the front end as though it were already published. I suppose this is the default functionality and that it should be sufficient for my use case. It seems I may have been trying to solve a problem that didn't need solving with the View Unpublished module.
Anyway, back to the original issue... uninstalling View Unpublished will allow my lightweight scheduled cron job to return the list of nodes ready to be published instead of an empty list.
Comment #5
jonathan1055 CreditAttribution: jonathan1055 as a volunteer commentedThat really should not be happening. There must be some config/permissions/other module which is allowing anon users to see unpublished posts. I have added two related issues and the problem of interaction with View Unpublished seemed to be resolved.
It would be worth checking that, definitely, but I'd be surprised if such a major bug as this was not already discovered and fixed.
Here are some ideas and questions to help prompt your investigations:
I am sure there will be a good solution to this.
Comment #6
wesleymusgrove CreditAttribution: wesleymusgrove commentedThanks for sticking with me on this Jonathan even though it's not really a Scheduler issue. I'll start with #5 for the TL;DR version:
5. I began systematically uninstalling the Workflow module and that brought the published/unpublished state back to the default functionality. Now Anonymous cannot view unpublished content (403 Forbidden), which is correct.
BTW, I'm using Scheduler 8.x-1.0-alpha1. It appears that the patch from #6 in #2700209: Disable node access checks during cron publish/unpublish would fix my issue. I should probably just update to 8.x-1.0-rc1...
If interested, here are my results running through your questions:
1 and 2. The views and menu blocks are handling this correctly by only including published content in their lists. The only way my Anonymous user can view unpublished content is by hitting it directly (ex: http://example.com/blog/post/testing-blog-post-as-content-writer), which limits the scope of this issue (because there shouldn't be any links to the post until it gets published and included in a view's list of content to display).
3. The content appears themed normally with my custom theme just like any other published page.
4. With the View Unpublished module uninstalled, as the content progresses through the Workflow moderation (creation -> draft -> review -> published) it's incorrectly view-able by Anonymous at any step before it's published the first time.
Comment #7
wesleymusgrove CreditAttribution: wesleymusgrove commentedHi again, just following up to say that updating scheduler to 8.x-1.0-rc1 allowed me to hit the
scheduler/cron/{access_key}
path Anonymously and the$query->accessCheck(FALSE);
allowed it to return nodes ready for publishing. I should have checked for updates first!Comment #8
jonathan1055 CreditAttribution: jonathan1055 as a volunteer commentedThanks for the update. I did not realise you were not on the latest Scheduler release, otherwise I would have mentioned that. Good to hear it is working OK now.