By halcyonandon on

I defined a user role...
I gave them permission to create, edit and delete certain nodes...

However unless I give them permission to "administer nodes" they do not see "content" under content management.

If I give them permission to "administer nodes" then they see all nodes, instead of just the ones I gave them permission to see/edit.

-----------------------------------------------

How can I allow a user/role to administer only the nodes they have permission to?

Categories: Drupal 6.x

Comments

p6’s picture

p6 commented

Tried NodeAccess ?

- Pavan Keshavamurthy
http://grahana.net/

- Pavan Keshavamurthy
http://grahana.net/

halcyonandon’s picture

halcyonandon commented

I was hoping it would be possible without using a module

Seems strange that Drupal, though allowing permissions to be set on a node-by-node basis, doesnt allow for administration of nodes based on these permissions.

I thought perhaps there would be some sort of filtering (or equivalent of) that would limit the user's administrative privileges over the nodes -- based on what their role permissions grant them access to.

halcyonandon’s picture

halcyonandon commented

I'm confused by NodeAccess. It seems I could grant the user permission to edit a node, but this permission wouldnt show the nodes they can edit organized in an administer menu? it seems like it would only add the 'grant' and 'edit' buttons to the content pages?

I don't think that fits the bill for what im trying to achieve, is my understanding of this module incorrect?

halcyonandon’s picture

halcyonandon commented

I want to allow a user/role to login to admin then have access to 'administer > content management > content' but it needs to only allow them to see content items that the user has been given permission to edit; not all content items, which is the result when you give them permission to 'administer nodes'.

-------------------------------------------------------------------

I want to give a user permission to administer only the nodes which i choose.

Does this module allow such a thing? Is such a thing possible?

halcyonandon’s picture

halcyonandon commented

I'll try to give a practical example....

As administrator, I create a new role called 'moderator'. The moderator user needs to be able to go into the admin panel (http://www.yourdrupalsite.com/admin), go into 'Administer > content management' and view all the content items they can edit. However, there are many types of content, which the moderator user should not see in this list and should not have any access to what-so-ever.

So, I create the moderator role, I assign it to a user, and under 'permissions > node module', I select which objects the moderator role can create, delete and edit. I choose to not give this role permission to edit any 'page' type item. I log out of administrator and into a moderator user to test this. I go into the admin panel, however there is no 'administer > content management > content'....

I log back into admin and this time I give the user permission to 'administer nodes'. I log back into the moderator account and now 'administer > content management > content' appears, unfortunately ALL content items appear, instead of only the items the user is supposed to have permission to edit. The user can edit 'page' items, even though the user does not actually have permission to do so.

-------------------------------------------------------------------

Now with this setting, it seems to be a clear situation of conflicting permissions. Sure the moderator has permission to administer nodes, but the role does not give that user permission to administer ALL nodes.

rdeboer’s picture

rdeboer
Location Melbourne
commented

I have been struggling with the same thing.

The "administer nodes" permission (under node module) relates to the privilege of publishing/unpublishing. So you want this to be available to the Moderator role, not the Author role (I'm assuming the Author creates nodes of a type for which the default of the publish status flag is "unpublished").
The "access content" must be ticked (for the Author role) in order for the "Create content" menu option to appear.

In order to make the Content management page visible to Moderators (so that they can publish submitted content), you need to tick "access administration pages" (under system module). However this also gives Moderators the privileges to do things they shouldn't be allowed to do, such as user management (roles, permissions). One clunky alternative is to UNTICK "access administration pages" and have Moderators to access the Content page by its URL: .../admin/content/node (or somehow create a custom link for this).

So Authors can now create content and this content requires Moderators to go to the Content page (/admin/content/node) and publish it for the world to see. Great.
However, once the content is published, note the following:
• the Author doesn't get a menu option to submit (via the Moderator) changes to any of their Articles (eg create revisions)
• an Author can still CHANGE A PUBLISHED PAGE by figuring out the URL to it, which is of the form .../node/#/edit and/or ...node/#/revision

There doesn't seem to be any business logic that relates the "published" status flag to (the withdrawal of) the edit permission.

The workflow (incl. workflow access) module is meant to solve this, but has a bug, see #346021: workflow view/edit/delete permissions for roles & states not working
Would be interested to know if anyone has an idea of an ETA for the fix.

shark’s picture

shark commented

It may be possible to create a lightweight version of what you're looking for with Views. See the "Content Mangement View" at the bottom of this article.

halcyonandon’s picture

halcyonandon commented

Found this...

http://drupal.org/project/cmf

Looks like it might fix my problem. Still, a conflict of permissions seems like a bug that should be addressed in drupal core, not a module?

justerson’s picture

justerson commented

I had this same issue adding different administrator roles for specific content types and tried many other modules. The CMF turned out to be the right one. It is definitely not perfect as the different type of admins get "access denied" screens when they try to access content types that they don't have access to, but at least the correct content shows up in the "Administer" menu.

One thing to note, the "access administration pages" permission must be set for the role in question. This new admin role will not see "Administer>Content Management>Content" like an admin with all site permissions does, but they will see "Administer>Content Management>Content Management Filter" where a list of ALL content will appear. Here the new admins can click on other's content, but get the access denied message. An admin with all site permissions will see the option "Administer>Content Management>Content" AND "Administer>Content Management>Content Management Filter".

I would like to see a module that filters the content by permissions in the menu, but until that point this seems like the best option for what I am trying to do.

jmather’s picture

jmather commented

I have to admit this is one area drupal needs work...has anyone come up with a better solution..I'm sure many of the big drupal shops out there have their own version of this, and of course as usual in the drupal community..they don't seem to be sharing. What good is cck/views if you can't direct a user to their own content (at least without some convoluted set of modules). Anyways, sorry for the rant, I just have found this to be one of the most lacking pieces in drupal....Maybe somebody has a better solution...

Junro’s picture

Junro commented

I report the problem in Drupal Core -> node system.

It's a very critical bug that should be fixe as soon as possible, subscribe to the issue below:

#546976: Users without "administer nodes" permission are not able to "access" all nodes: